19 Sep 2019

Windows Defender malware scans are failing after a few seconds

The latest version of Windows Defender, the built-in anti-malware solution of Windows 10, is affected by a bug that causes Quick or Full scans to stop running after inspecting only a few files. The flaw is the result of a recent patch issued by Microsoft to solve another issue. It

Read More
09 Aug 2019

Steam Zero-Day Vulnerability Affects Over 100 Million Users

Security researchers have discovered a zero-day privilege escalation flaw in Steam, a highly popular video game distribution platform by Valve. While the vulnerability could pose a serious risk to the more than 100 million Steam users, Valve dismissed the issue when it was disclosed to the firm. The researcher who

Read More
09 Aug 2019

Decade-old remote code execution bug found in phones used by Fortune 500

Researchers with McAfee have discovered a critical security flaw in the firmware of the Avaya 9600 series IP desk phone that is used by enterprises, including Fortune 500 companies. The vulnerability can allow threat actors to remotely execute code on phones with the highest privileges. The remote code execution (RCE)

Read More
22 Jul 2019

Over 60 US Colleges Compromised by ERP Exploit

A major vulnerability in popular enterprise resource planning (ERP) software has enabled threat actors to compromise at least 62 colleges in the United States, the US Department of Education recently warned. A NIST advisory states that the flaw, tracked as CVE-2019-8978, impacts Ellucian Banner ERP and “allows remote attackers to

Read More
29 May 2019

One Million Devices Open to Wormable Microsoft BlueKeep Flaw

A recent analysis by Errata Security found that nearly one million devices remain vulnerable to the highly critical BlueKeep security flaw that could be used by threat actors to carry out a massive attack involving a worm, i.e. self-replicating malicious code. The vulnerability, tracked as CVE-2019-0708, impacts Remote Desktop Protocol

Read More
11 Apr 2019

Mailgun hacked part of massive attack on WordPress sites

Threat actors on Wednesday launched a massive hacking campaign targeting WordPress websites that use the Yuzo Related Posts plugin, a recently discontinued plugin that is vulnerable to a cross-site scripting (XSS) attack. The flaw allows attackers to inject malicious code into legitimate websites that will cause users to get redirected

Read More
05 Apr 2019

Pre-Installed Security App Puts 150 Million Xiaomi Smartphone Users At Risk

Cybercriminals are increasingly going after mobile users by hiding malware in applications and trying to upload the nefarious apps to the Google Play Store. As if this isn’t bad enough, a new incident involving Chinese smartphone manufacturer Xiaomi exposes an even more potent threat, namely that of malicious or poorly

Read More
03 Apr 2019

How financial institutions are risking customer data through insecure mobile apps

New research from Aite Group and Arxan Technologies has found major security shortcomings in mobile applications offered by various financial institutions. Of the 30 apps that were inspected, 29 could easily be reverse-engineered because the code was not sufficiently protected, while 27 applications shared services with other software and 25

Read More
20 Mar 2019

Microsoft Office Dominates Most Exploited List

Recorded Future has released the 2018 version of it’s annual top 10 list of most exploited vulnerabilities. The list contains 8 Microsoft Office vulnerabilities that are being exploited as part of phishing campaigns involving malicious Word and Excel documents. The other two flaws in the list are an Adobe Flash

Read More
08 Mar 2019

Google: Chrome zero-day was used together with a Windows 7 zero-day

Threat actors have been exploiting a recently patched security flaw in Google Chrome by combining the flaw with a vulnerability affecting Windows 7 machines. The combination of vulnerabilities is critical, as it can enable hackers to take over targeted computers. While Windows is working to find a fix for the

Read More