04 Feb 2021

Concerns Over API Security Grow as Attacks Increase

Salt Security has released a report on API security that found 66% of organizations reported that they have slowed deploying an app into production because of API security concerns. This marks the second time in recent months that researchers are warning of application program interface threats to enterprise security. The

Read More
28 Jan 2021

CISA Issues Advisory for High-Severity Vulnerabilities in Fuji Electric HMI Products

Earlier this week, the US Cybersecurity and Infrastructure Security Agency (CISA) released an advisory informing industrial organizations that there is a critical flaw in SCADA/HMI products made by Fuji Electric, a Japanese electrical equipment company. This means that some organizations are facing a security threat due to potentially serious vulnerabilities.

Read More
28 Jan 2021

Pirated themes and plugins are the most widespread threat to WordPress sites

With more than 70 million malicious files on more than 1.2 million WordPress sites over the past year, pirated themes and plugins were the most common source of malware infections to sites. Wordfence, a provider of website application firewall solutions for sites operating over WordPress, detected the massive amount of

Read More
27 Jan 2021

Apple Ships Emergency Fixes for Under-Attack iOS Zero-Day

On Tuesday, Apple released two emergency patches for iOS and iPad OS platforms due to indications that the three security vulnerabilities were under attack by threat actors. The patches are currently being implemented through automatic updating mechanisms as it is critical that Apple users install the fixes. Apple did not

Read More
26 Jan 2021

Google reveals North Korean-backed campaign targeting security researchers

A new ongoing campaign targeting security researchers has been uncovered by Google’s Threat Analysis Group. The attackers are going to great lengths to gain the victims’ trust, posing as researchers or students themselves. The campaign consists of sophisticated social engineering techniques to persuade the security researcher to open a Microsoft

Read More
22 Jan 2021

Cisco warns on critical security vulnerabilities in SD-WAN software, so update now

Cisco has warned its users to update networking software immediately due to four severe flaws affecting the Smart Software Manager Satellite, and SD-WAN DNA. SD-WAN has three critical command injection vulnerabilities with a collective score of 9.9 out of 10. Vulnerabilities of this nature require immediate action. According to Cisco,

Read More
20 Jan 2021

DNSpooq Flaws Allow DNS Hijacking of Millions of Devices

Cyber researchers have found a set of seven flaws in the open-source software Dnsmasq. The vulnerabilities could allow for Domain Name System (DNS) cache poisoning attacks and remote code execution. Dnsmasq is a popular service used to catch DNS responses for both home and commercial routers and servers. The flaws

Read More
15 Jan 2021

NSA Recommends Smart Use of DNS Resolvers

From Dark Reading: The National Security Agency recommended that enterprises use only their designated DNS resolver in DNS traffic and avoid third-party resolvers. Domain Name System technology, or DNS over HTTPS, DoH, can be abused by attackers. Companies using only their designated DNS server is the safest route and all

Read More
14 Jan 2021

Google exposes malicious exploits targeting Windows and Android users

Due to Google’s Project Zero, zero-day vulnerabilities and bugs that could infect systems with malware can be uncovered. The project has unveiled a group of vulnerabilities that could have affected a large amount of customers had they not been discovered and patched. Two malicious servers were discovered hoping to pursue

Read More
06 Jan 2021

Google Warns of Critical Android Remote Code Execution Bug

Google’s latest Andriod security update fixed 43 bugs affecting Android handsets and Samsung phones. Two of the bigs affecting Google’s Andriod handsets were flagged as critical, while the most serious flaw lies in the Andriod System component and allows remote attackers to compromise a device through executing arbitrary code. Two

Read More