04 Jun 2020

Critical flaw in IOS routers allows ‘complete system compromise’

Four critical flaws have been disclosed by Cisco, affecting router equipment operating on IOS XE and IOS software created by the company. the critical flaws are part of Cisco’s June 3 semi-annual advisory and were disclosed alongside 23 advisories describing 25 vulnerabilities in total. The most severe bug, CVE-2020-3227, is

Read More
20 May 2020

Bluetooth Bugs Allow Impersonation Attacks on Legions of Devices

According to security researchers, unpatched security bugs remain in Bluetooth chips from companies like Apple, Intel, Qualcomm, Samsung, and others, allowing for Bluetooth Impersonation Attacks (BIAS). Researchers found the vulnerabilities in Bluetooth Classic, allowing attackers to spoof paired devices, posing as a trusted endpoint. This then allows the attackers to

Read More
19 May 2020

Hundreds of thousands of QNAP devices vulnerable to remote takeover attacks

On Tuesday, a Taiwanese security researcher published details about vulnerabilities within the firmware of Photo Station, a photo album app that is installed with all QNAP network-attached storage (NAS) devices. The researcher, Henry Huang, stated that the Photo Station app is currently installed on 80% of QNAP NAS systems or

Read More
18 May 2020

Microsoft Confirms Serious New Security Problem For Windows 10 Users

Microsoft has confirmed a newly reported security vulnerability called “Thunderspy” that lies within a vulnerability in its THunderbolt ports. The vulnerability enables an attacker with physical PC access to adjust or change the port’s controller firmware, effectively disabling its security and presenting huge risks for the victim. Last week, consumers

Read More
12 May 2020

U.S. Marshals Service Breach Exposed Personal Data of 387,000 Prisoners

According to a breach report that first surfaced late last week, the US Marshals Service was the victim of a cyberattack that exposed the personal information of roughly 387,000 current and former prisoners. The attack reportedly occurred in late December of 2019. A spokesperson for the Marshals Service stated that

Read More
11 May 2020

Thunderbolt flaws affect millions of computers – even locking unattended devices won’t help

On Sunday, Dutch security researcher Björn Ruytenberg released a report detailing nine attack scenarios that can occur against all computers with Thunderbolt distributed since 2011. Some of the attacks give an attacker the ability to quickly steal data from encrypted drives and memory with physical access. Ruytenberg warned that, even

Read More
06 May 2020

Samsung patches 0-click vulnerability impacting all smartphones sold since 2014

Samsung released an update this week that patches a 0-click vulnerability that impacts all phones sold by the vendor since 2014. Google’s Project Zero bug-hunting team discovered the flaw, which lies in how the Android OS running on Samsung phones handles Qmage image format that is custom-made and supported on

Read More
05 May 2020

Oracle: Unpatched Versions of WebLogic App Server Under Active Attack

Oracle has stated that although it patched the CVE-2020-2883 vulnerability in its April 2020 Critical Patch Update, a proof of concept exploit was published soon after. The company is now advising customers to fast track a patch for the flaw that lies in its WebLogic Server that is still under

Read More
28 Apr 2020

Single Malicious GIF Opened Microsoft Teams to Nasty Attack

Microsoft has disclosed that a since-patched flaw allowed an attacker to take over an organization’s entire system of Microsoft Teams accounts. The subdomain takeover vulnerability in the company’s collaboration platform, Microsoft Teams, potentially allowed an inside attacker to create a malicious GIF image that was then used to steal data

Read More
28 Apr 2020

Attackers exploit 0-day code-execution flaw in the Sophos firewall

Sophos systems have been hit by a zero-day attack that was designed to steal usernames, as well as cryptographically protected passwords, and other sensitive data. The security firm stated that it was attacked through an exploited SQL injection flaw in patched versions of the Sophos XG Firewall on Sunday. The

Read More