27 Mar 2020

All 4G Networks Susceptible to DoS Attacks

A new vulnerability has been uncovered by Positive Technologies, a security firm, in all 4G and some 5G telecommunications networks that exposes a weakness in the diameter signaling protocol. This means that 100% of 4G networks are vulnerable to denial of service (DoS) attacks. The protocol that is open to

Read More
26 Mar 2020

Chinese Hackers Exploit Cisco, Citrix Flaws in Massive Espionage Campaign

APT41, a Chinese threat group that is responsible for dozens of destructive cyberattacks, has been exploiting vulnerabilities in Citrix NetScaler/ADC, Cisco routers and Zoho ManageEngine Desktop Central as part of a new espionage campaign. However, researchers have not yet determined if the campaign is targeting specific organizations or what these

Read More
13 Mar 2020

WordPress Plugin Bug Allows Malicious Code Injection on 100K Sites

WordPress is facing more vulnerabilities, this time in its Popup Builder plugin. The flaw allows unauthenticated attackers to inject malicious JavaScript into popups, which can then affect tens of thousands of websites and allow the attacker to steal information and take over targeted sites in the worst-case scenario. The plugin

Read More
09 Mar 2020

Critical Zoho Zero-Day Flaw Disclosed

The IT help desk ManageEngine software made by Zoho Corp has been compromised by a zero-day vulnerability that enables unauthenticated access to systems, allowing a remote attacker to launch attacks. Zoho has since released an update that addresses the vulnerability after it was discovered by Steven Seeley of Source Incite

Read More
06 Mar 2020

Zoho zero-day published on Twitter

Yesterday, security researchers reported a zero-day vulnerability in a Zoho enterprise product. The zero-day impacts the Zoho ManageEngine Desktop Central, an endpoint management solution. Android smartphones, Linux servers, and Mac/Windows workstations are often all controlled by Zoho ManageEngine Desktop Central. This means that the zero-day could have a large impact

Read More
04 Mar 2020

MediaTek Bug Actively Exploited, Affects Millions of Android Devices

This week, Google addressed a high severity flaw that exists in MediaTek’s Command Queue driver. The bug has already been used to build malicious apps that compromise Andriod devices by gaining root access. Developers have claimed this bug affects millions of devices. Google also released its March 2020 Android Security

Read More
02 Mar 2020

Walgreens says mobile app leaked users’ personal data

Walgreen, a US pharmacy chain stated on Friday that it had been the victim of a data breach that exposed the personal detail of some of its mobile app users. The mobile app contained a bug that allowed users to view other users’ personal data and drug prescription details. This

Read More
27 Feb 2020

Hackers Scanning for Vulnerable Microsoft Exchange Servers, Patch Now!

Zero Day Initiative security researcher Simon Zuckerbraun published a demo on how attackers can exploit a recent vulnerability in Microsoft Exchange, classified as CVE-2020-0688. The flaw was patched two weeks ago, however, attackers are actively scanning the Internet for Microsoft Exchange Servers that have not been updated and are still

Read More
20 Feb 2020

Hackers exploit zero-day in WordPress plugin to create rogue admin accounts

A zero-day vulnerability in a WordPress plugin is being exploited by hackers. The plugin was made by ThemeREX, a company that sells commercial WordPress themes. Security firm Wordfence discovered the attacks yesterday, stating that the plugin is installed on over 40,000 sites. According to the firm, the plugin sets up

Read More
29 Jan 2020

Zoom Fixes Flaw Opening Meetings to Hackers

This week, enterprise video conferencing firm Zoom has patched a flaw that previously allowed attackers to guess a meeting ID and enter a private meeting held between two entities using Zoom services. The company has experienced a series of security issues and subsequent patches after researchers stated that the company’s

Read More