06 Oct 2021

IP Surveillance Bugs in Axis Gear Allow RCE, Data Theft

Security researchers have uncovered three vulnerabilities located in Axis video products that could allow for multiple different cyberattacks, including arbitrary code execution. Nozomi Networks Labs have been investigating the flaws, which are located in the Axis Companion Recorder. This tool serves as a compact network video recorder that stores IP

Read More
06 Oct 2021

Apache HTTP Server Project patches exploited zero-day vulnerability

Apache HTTP Server Project developers are urging users to immediately implement a patch that resolves a zero-day vulnerability. According to a security advisory that was published yesterday, the bug is known to be actively exploited in the wild. Apache HTTP Server is an open-source project that focuses on the development

Read More
30 Sep 2021

Apple AirTag Zero-Day Weaponizes Trackers

An unpatched stored cross-site scripting (XSS) bug in Apple’s AirTag “Lost Mode” could expose users to several different web-based attacks such as credential harvesting, malware delivery, token theft, and click-jacking. The personal tracker devices are suffering from a zero-day that could allow attackers to fully weaponize the device, according to

Read More
23 Sep 2021

Unpatched Apple Zero-Day in macOS Finder Allows Code Execution

Researchers have found an unpatched zero-day in macOS Finder that could allow for remote execution. All a user needs to do is click on an email attachment and the code is executed secretly without the victim knowing. The vulnerability affects Big Sur and prior versions of macOS. MacOS Finder is

Read More
17 Sep 2021

USG Warns Of ‘Critical’ Vulnerability That Poses ‘Serious Risk’ To Defense Contractors, Others

Earlier this week, the US FBI and Cybersecurity and Infrastructure Security Agency released a joint advisory warning the public of alleged active exploitation of a critical vulnerability found in a popular password management solution called Zoho. Zoho’s ManageEngine AdSelfService Plus, a tool that aids users in creating strong passwords and

Read More
14 Sep 2021

WooCommerce Multi Currency Bug Allows Shoppers to Change eCommerce Pricing

A new security vulnerability in the WooCommerce Multi-Currency plugin could allow any customer to change the pricing for products in online stores. WooCommerce is a popular plugin for WordPress websites whereas the Multi-Currency plugin from Envato allows e-tailers to use WooCommerce to set pricing for international shoppers. The plugin is

Read More
14 Sep 2021

Apple Releases Urgent Patch Following Discovery of Pegasus Spyware

This week, Apple released an urgent update that mitigates a critical vulnerability exploited by the Pegasus mobile software. The flaw, which is tracked as CVE-2021-30860, was first discovered by security researchers at the University of Toronto’s Citizen Lab when analyzing the iPhone of a Saudi activist who had been targeted

Read More
09 Sep 2021

Zoho Password Manager Zero-Day Bug Under Active Attack Gets a Fix

A critical security vulnerability that lies in the Zoho ManageEngine ADSelfService Plus platform is being actively exploited in the wild as a zero-day, according to the Cybersecurity and Infrastructure Security Agency (CISA). The bug could allow remote attackers to bypass authentication and have access to users’ Active Directory and cloud

Read More
02 Sep 2021

Comcast RF Attack Leveraged Remotes for Surveillance

Researchers have found that a now-patched vulnerability in Comcast’s XR11 voice remotes may have been leveraged by attackers to conduct surveillance. XR11 remotes are highly common and are present in roughly 18 million homes across the US. According to researchers at Gaurdicore, the remote’s flaw allowed attackers to listen in

Read More
02 Sep 2021

WhatsApp patches vulnerability related to image filter functionality

Popular messaging platform WhatsApp has announced that it released a patch pertaining to image filter functionality that was first discovered by Check Point Research. The flaw allowed attackers to read sensitive information from WhatsApp’s memory, according to the company. The platform boasts two billion monthly active users, making it one

Read More