19 Jan 2021

Microsoft Implements Windows Zerologon Flaw ‘Enforcement Mode’

Microsoft is allegedly pushing a domain controller “enforcement mode” by default to help mitigate the threat posed by the critical Zerologon flaw. Microsoft is aiming to force all companies to update their systems and address the flaw, as it represents a severe security risk to businesses, agencies, and organizations. Microsoft

Read More
11 Jan 2021

Over 100,000 UN Employee Records Accessed by Researchers

Over 100,000 United Nations employee records and credentials were able to be accessed by security researchers in only hours. Sakura Samurai created a team to look for bugs to report to the UN under its vulnq disclosure program. Using the git-dumper tool, an exposed subdomain for UN program the International

Read More
04 Jan 2021

Backdoor account discovered in more than 100,000 Zyxel firewalls, VPN gateways

Security researchers have discovered a hardcoded admin-level backdoor account on more than 100,000 Zyxel firewalls, VPN gateways, and access point controllers. These backdoor accounts can grant attackers root access via the web administration panel or the SSH interface, making the situation a critical threat to consumers. The backdoor account was

Read More
28 Dec 2020

Windows Zero-Day Still Circulating After Faulty Fix

A high-severity Windows zero-day allows an attacker to install programs and access admin privileges such as viewing, changing, and deleting data. It can lead to a complete desktop takeover and is located in the Print Spooler API. However, the critical flaw remains dangerous after Microsoft failed to effectively patch the

Read More
10 Dec 2020

Remote code execution vulnerability uncovered in Starbucks mobile platform

Cybersecurity researcher Kahmil “ko2sec” has discovered a remote code execution (RCE) bug in US coffee giant Starbuck’s mobile domains. Starbucks is one of many companies that run a bug bounty platform on HackerOne and allow ethical hackers to cash out on vulnerability detection. According to Khamil, he discovered an .ashx

Read More
08 Dec 2020

The NSA Warns That Russia Is Attacking Remote Work Platforms

The COVID-19 pandemic has created a massive movement towards working from home, inadvertently also creating more opportunities for hackers. The National Security Agency (NSA) released an advisory warning that Russian-state sponsored hackers have been actively attacking a vulnerability in remote-work platforms developed by VMware. The agency also released a security

Read More
07 Dec 2020

High-Severity Chrome Bugs Allow Browser Hacks

Google has issued an update for its Chrome web browser, fixing several vulnerabilities that could allow a threat actor to conduct computer compromise through a browser hack. The bug affects desktop versions of the browser, and the update fixed a total of eight bugs present within the current version with

Read More
02 Dec 2020

Android Messenger App Still Leaking Photos, Videos

A bug in the GO SMS Pro app for Andriod users has affected millions of users as underground forums begin to actively share images and data stolen from the app’s servers. The app has been downloaded 100 million times and contains a high-level flaw that allows an attacker to access

Read More
20 Nov 2020

A Facebook Messenger Flaw Could Have Let Hackers Listen In

Facebook has been hosting a bug bounty program for roughly 10 years, which has provided the company with hundreds of bug reports before Facebook employees noticed any vulnerabilities. Recently, Facebook paid out $60,000 to an ethical hacker for reported a bug in Facebook Messenger that could have allowed an attacker

Read More
22 Oct 2020

Voter Websites In California And Florida Could Be Vulnerable To Hacks, Report Finds

In July, the Department of Homeland Security allegedly received a report from two cybersecurity firms detailing a vulnerability in the online voter registration systems used by counties in California and Florida. The researchers warned that hackers could leverage an old flaw that allowed them to change voter registration files four

Read More