11 Apr 2019

Mailgun hacked part of massive attack on WordPress sites

Threat actors on Wednesday launched a massive hacking campaign targeting WordPress websites that use the Yuzo Related Posts plugin, a recently discontinued plugin that is vulnerable to a cross-site scripting (XSS) attack. The flaw allows attackers to inject malicious code into legitimate websites that will cause users to get redirected

Read More
05 Apr 2019

Pre-Installed Security App Puts 150 Million Xiaomi Smartphone Users At Risk

Cybercriminals are increasingly going after mobile users by hiding malware in applications and trying to upload the nefarious apps to the Google Play Store. As if this isn’t bad enough, a new incident involving Chinese smartphone manufacturer Xiaomi exposes an even more potent threat, namely that of malicious or poorly

Read More
03 Apr 2019

How financial institutions are risking customer data through insecure mobile apps

New research from Aite Group and Arxan Technologies has found major security shortcomings in mobile applications offered by various financial institutions. Of the 30 apps that were inspected, 29 could easily be reverse-engineered because the code was not sufficiently protected, while 27 applications shared services with other software and 25

Read More
20 Mar 2019

Microsoft Office Dominates Most Exploited List

Recorded Future has released the 2018 version of it’s annual top 10 list of most exploited vulnerabilities. The list contains 8 Microsoft Office vulnerabilities that are being exploited as part of phishing campaigns involving malicious Word and Excel documents. The other two flaws in the list are an Adobe Flash

Read More
08 Mar 2019

Google: Chrome zero-day was used together with a Windows 7 zero-day

Threat actors have been exploiting a recently patched security flaw in Google Chrome by combining the flaw with a vulnerability affecting Windows 7 machines. The combination of vulnerabilities is critical, as it can enable hackers to take over targeted computers. While Windows is working to find a fix for the

Read More
06 Mar 2019

All Intel chips open to new Spoiler non-Spectre attack: Don’t expect a quick fix

An international team of security researchers has found a major flaw that affects Intel CPU chips. Spoiler, as researchers have dubbed the attack, is similar to the critical Spectre and Meltdown flaws that were uncovered in January of last year. Intel received the findings of the report in December of

Read More
07 Feb 2019

New macOS zero-day allows theft of user passwords

A recently published video demo shows that macOS, the Apple operating system for desktop computers, suffers from a security flaw that could enable malicious applications to access passwords for various users of a computer through the macOS password management system called Keychain. For the exploit to work, the malicious app

Read More
22 Jan 2019

Bug in widespread Wi-Fi chipset firmware can lead to zero-click code execution

A security researcher with Embedi has discovered several vulnerabilities affecting the ThreadX firmware for Wi-Fi chipsets in laptops and Internet of Things (IoT) devices. Among the flaws is a block pool overflow that can enable attackers to remotely execute code on certain devices without any user interaction (zero-click). The vulnerability affects

Read More
17 Jan 2019

Over 140 International Airlines Affected by Major Security Breach

A security researcher with Safety Detective has found a major security flaw in Amadeus, a ticket booking system covering 44% of worldwide online flight ticket reservations. The flaw, which has been fixed, could have allowed threat actors to gain access to flight booking information and even change details of bookings

Read More
10 Jan 2019

Critical Flaw in Cisco’s Email Security Appliance Enables ‘Permanent DoS’

Cisco has plugged 18 vulnerabilities, including two flaws that could allow threat actors to carry out denial of service (DoS) attacks on affected machines by means of sending an email. One of the DoS bugs was rated as critical, and the other as “high” in terms of severity. The 16 remaining

Read More