23 Jun 2021

SonicWall ‘Botches’ October Patch for Critical VPN Bug

SonicWall’s patch for a critical VPN bug has turned out to be insufficient in fixing the vulnerability, leaving more than 80,000 devices vulnerable to remote code execution for months. The patch was released in October, however, was ineffective. SonicWall finally released a complete fix this week for the RCE flaw

Read More
16 Jun 2021

Facebook awards $30,000 bounty for exploit exposing private Instagram content

Bounty hunter Mayur Fartade has been awarded $30,000 for discovering and reporting a vulnerability in Instagram’s privacy features. According to Fartade, he uncovered a set of vulnerable endpoints within the Instagram app that allowed hackers to view private media on the platform without following a targeted account. Fartade wrote in

Read More
02 Jun 2021

Critical Zero-Day in WordPress Plugin Under Active Attack

Security researchers have warned that a new critical zero-day vulnerability in a WordPress plugin has been found to be actively exploited in the wild. The plugin, called the Fancy Product Designer, is installed on roughly 17,000 sites, according to Wordfence security experts. The tool allows users to upload images and

Read More
02 Jun 2021

XSS vulnerability found in popular WYSIWYG website editor

Security consultant at Bishop Fox Chris Davis recently discovered and publicly disclosed a new vulnerability in a popular tool used by at least 30,000 websites, a WYSIWYG editor. The bug is tracked as CVE-2021-28114 and impacts Froala version 3.2.6 and earlier. Froala operates as a WYSIWYG HTML rich text editor

Read More
26 May 2021

Bluetooth bugs open the door for attackers to impersonate devices

New vulnerabilities in devices with Bluetooth Core and Mesh have been uncovered by researchers at the Agence nationale de la sécurité des systèmes d’information (ANSSI). The bugs were disclosed on Monday and could allow a threat actor to impersonate devices during pairing, leading to man-in-the-middle attacks. Carnegie Mellon University also

Read More
19 May 2021

Cybercriminals scanned for vulnerable Microsoft Exchange servers within five minutes of news going public

According to a review of threat data from enterprise companies that was compiled between January and March this year and included in Palo Alto Networks’ 2021 Cortex Xpanse Attack Surface Threat Report, which was published today, threat actors began searching the web for vulnerable Microsoft Exchange Servers within five minutes

Read More
17 May 2021

Cisco Patches Code Execution Flaw in VPN Product 6 Months After Disclosure

Earlier this week, Cisco announced that it had released patches for a high-severity vulnerability that lies in its AnyConnect Secure Mobility Client that can be exploited for remote code execution. The flaw was initially disclosed in November of 2020, and it has taken roughly six months for the company to

Read More
17 May 2021

‘Scheme Flooding’ Allows Websites to Track Users Across Browsers

Security researchers have discovered a new vulnerability that allows browsers to enumerate applications on a machine, threatening cross-browser anonymity in popular search engines such as Chrome, Firefox, Microsoft Edge, Safari, and Tor. The vulnerability is referred to as “scheme flooding,” and allows websites to identify users across different desktop browsers,

Read More
04 May 2021

Hewlett Packard Enterprise Plugs Critical Bug in Edge Platform Tool

Hewlett Packard Enterprise (HPE) has released a patch for a critical bug in its Edge Platform Tool. According to researchers, the bug can be exploited to conduct remote authentication bypass attacks, leading to the ability to inflict further damage to the targeted network. The company has urged its customers to

Read More
28 Apr 2021

Apple Patches Zero-Day MacOS Bug That Can Bypass Anti-Malware Defenses

Apple has released a patch for a zero-day vulnerability in its macOS systems that could allow attackers to bypass anti-malware protections set in place. According to Apple, the notorious Mac threat Shlayer adware dropper has already been exploiting the vulnerability for several months. Therefore, Apple urges its customers to implement

Read More