06 May 2020

Samsung patches 0-click vulnerability impacting all smartphones sold since 2014

Samsung released an update this week that patches a 0-click vulnerability that impacts all phones sold by the vendor since 2014. Google’s Project Zero bug-hunting team discovered the flaw, which lies in how the Android OS running on Samsung phones handles Qmage image format that is custom-made and supported on

Read More
05 May 2020

Oracle: Unpatched Versions of WebLogic App Server Under Active Attack

Oracle has stated that although it patched the CVE-2020-2883 vulnerability in its April 2020 Critical Patch Update, a proof of concept exploit was published soon after. The company is now advising customers to fast track a patch for the flaw that lies in its WebLogic Server that is still under

Read More
28 Apr 2020

Single Malicious GIF Opened Microsoft Teams to Nasty Attack

Microsoft has disclosed that a since-patched flaw allowed an attacker to take over an organization’s entire system of Microsoft Teams accounts. The subdomain takeover vulnerability in the company’s collaboration platform, Microsoft Teams, potentially allowed an inside attacker to create a malicious GIF image that was then used to steal data

Read More
28 Apr 2020

Attackers exploit 0-day code-execution flaw in the Sophos firewall

Sophos systems have been hit by a zero-day attack that was designed to steal usernames, as well as cryptographically protected passwords, and other sensitive data. The security firm stated that it was attacked through an exploited SQL injection flaw in patched versions of the Sophos XG Firewall on Sunday. The

Read More
22 Apr 2020

New iOS exploit discovered being used to spy on China’s Uyghur minority

Yesterday, a security firm stated that it discovered a new iOS exploit, named Insomnia, that works against iOS 12.3, 12.3.1, and 12.3.2. The security firm, Volexity, also stated that it believes the exploit was used to spy on the pressed Uyghur minority population in China. Apple patched this vulnerability behind

Read More
09 Apr 2020

Over 350,000 Exchange Servers Exposed to Serious RCE Bug

According to Rapid7, over 350,000 Exchange servers across the globe remain exposed to a critical vulnerability patched by Microsoft in February. The vulnerability is actively exploited in the wild, according to researchers, and over 82% of the 433,464 Exchange servers detected are still vulnerable as of March 24. The vulnerability,

Read More
06 Apr 2020

Researcher Hijacks iOS, macOS Camera with Three Safari Zero-Days

Ryan Pickren, a security researcher, has been awarded $75,000 by Apple for uncovering seven zero-days in Safari, three of which Pickren used to access the camera. The discoveries were shared with Apple in December of 2019 and were subsequently patched. Using the three flaws, Pickren was able to build an

Read More
02 Apr 2020

Two Zoom Zero-Day Flaws Uncovered

Patrick Wardle, a security researcher with Jamf, has uncovered two zero-day flaws in the Zoom macOS client version. The telecom and online class platform vulnerabilities have the potential to give local attackers root privileges, which subsequently allow the attackers to access the victims’ microphone and camera. The two flaws have

Read More
01 Apr 2020

Sensitive Voter Data Exposed by App Used in US Elections

According to cybersecurity company UpGaurd, sensitive information about US voters was left exposed as a result of a data breach by the application Campaign Sidekick, which functions as a voter contact and canvassing app. Campaign Sidekick is used by the Republican party in election campaigns. UpGaurd found that an unprotected

Read More
01 Apr 2020

Critical WordPress Plugin Bug Lets Hackers Turn Users Into Admins

A vulnerability has been found in the WordPress SEO Plugin that allows attackers to give admin privileges to any registered users on sites run by WordPress. This leaves 200,000 sites with active installations vulnerable to attack if left unpatched. The plugin, called Rank math, allows website owners to perform search

Read More