02 Jul 2020

Ripple20 Threatens Increasingly Connected Medical Devices

JSOF security researchers disclosed a series of vulnerabilities affecting connected devices in the enterprise, industrial, and healthcare industries earlier this month. Experts have expressed concern over the implications for connected medical devices, which could potentially offer attackers a gateway into hospital networks or allow them to affect patient care and

Read More
01 Jul 2020

Emergency Windows 10 Update: Critical ‘Large Image’ Security Flaw Confirmed

Microsoft has issued an emergency patch for a serious vulnerability affecting the Windows 10. Microsoft chose not to wait for Patch Tuesday, as the vulnerability could lead to the compromise of Windows 10 devices or Windows Server System. Another vulnerability was also patched in the emergency out-of-band update, ranked as

Read More
01 Jul 2020

US Government Warns of Palo Alto Vulnerability

The US government has warned of a serious flaw in Palo Alto Networks equipment that could allow unsophisticated and unskilled attackers to compromise devices easily. The warning was issued by the US Cyber Command, who expressed concern over foreign nation-states targeting its networks and its partners’ networks. The US Cyber

Read More
23 Jun 2020

Apple Suddenly Confirms Hidden iPhone Problem Impacting All Users

In February, Apple received notification of an issue in the clipboard function. Any data copied to the clipboard on an iOS device was vulnerable to visibility by any active app. The vulnerability is hidden, meaning that there is no way for a user to know when an app may be

Read More
04 Jun 2020

Critical flaw in IOS routers allows ‘complete system compromise’

Four critical flaws have been disclosed by Cisco, affecting router equipment operating on IOS XE and IOS software created by the company. the critical flaws are part of Cisco’s June 3 semi-annual advisory and were disclosed alongside 23 advisories describing 25 vulnerabilities in total. The most severe bug, CVE-2020-3227, is

Read More
20 May 2020

Bluetooth Bugs Allow Impersonation Attacks on Legions of Devices

According to security researchers, unpatched security bugs remain in Bluetooth chips from companies like Apple, Intel, Qualcomm, Samsung, and others, allowing for Bluetooth Impersonation Attacks (BIAS). Researchers found the vulnerabilities in Bluetooth Classic, allowing attackers to spoof paired devices, posing as a trusted endpoint. This then allows the attackers to

Read More
19 May 2020

Hundreds of thousands of QNAP devices vulnerable to remote takeover attacks

On Tuesday, a Taiwanese security researcher published details about vulnerabilities within the firmware of Photo Station, a photo album app that is installed with all QNAP network-attached storage (NAS) devices. The researcher, Henry Huang, stated that the Photo Station app is currently installed on 80% of QNAP NAS systems or

Read More
18 May 2020

Microsoft Confirms Serious New Security Problem For Windows 10 Users

Microsoft has confirmed a newly reported security vulnerability called “Thunderspy” that lies within a vulnerability in its THunderbolt ports. The vulnerability enables an attacker with physical PC access to adjust or change the port’s controller firmware, effectively disabling its security and presenting huge risks for the victim. Last week, consumers

Read More
12 May 2020

U.S. Marshals Service Breach Exposed Personal Data of 387,000 Prisoners

According to a breach report that first surfaced late last week, the US Marshals Service was the victim of a cyberattack that exposed the personal information of roughly 387,000 current and former prisoners. The attack reportedly occurred in late December of 2019. A spokesperson for the Marshals Service stated that

Read More
11 May 2020

Thunderbolt flaws affect millions of computers – even locking unattended devices won’t help

On Sunday, Dutch security researcher Björn Ruytenberg released a report detailing nine attack scenarios that can occur against all computers with Thunderbolt distributed since 2011. Some of the attacks give an attacker the ability to quickly steal data from encrypted drives and memory with physical access. Ruytenberg warned that, even

Read More