View Post

Microsoft October 2020 Tuesday Patch Removes 87 Vulnerabilities

Earlier this week Microsoft released a major patch that addressed 87 vulnerabilities in their programs and operating systems, particularly Windows 10 and Windows Server 2019. From the list of vulnerabilities 11 were categorized as of “critical”, 75 were ranked important, and 1 as moderate. Brief Summary of the Most Critical Vulnerabilities The most dangerous one is CVE-2020-16898, a remote code …

View Post

Flaws in Two Popular TV Set Top-Boxes Leave Customers Vulnerable

Security researchers from Avast IoT Labs have discovered critical vulnerabilities in two popular TV set top-boxes leaving customers exposed to cyber attacks. The two boxes are the Thomson THT741FTA and Philips DTR3502BFTA. They allow TVs which do not support Digital Video Broadcasting (DVB) T2 standard to have access to HD TV services. What is DVB-T2? DVB-T2 is an upgrade from …

View Post

Notable increase of Vishing Attacks towards Teleworkers

Cyber adversaries are taking a new approach to fill their hands with corporate credentials. They call teleworkers at their homes, and trick them into handing their credentials to access corporate networks. What is Vishing? Voice phishing, or vishing, is a social engineering attack with the goal of stealing sensitive information from the targeted victim over the phone.It is a variant …

View Post

Next-Gen Open Source Supply Chain Attacks Up 400%

Cyber adversaries are getting more creative. They are resorting to next-gen supply chain attacks to turn open source projects into malware distribution channels. Thus, gain immediate access into other systems. Invading the Ecosystem Earlier this month Sonatype’s 6th annual State of the Software report, a DevOps automation specialist, stated that there has been an increased of 430% “next generation” attacks …

View Post

IBM uncovers critical vulnerability in Thales modules affecting millions of IoT devices

The Thales EHS8 module family for IoT devices has a critical vulnerability that allows cyber attackers gain full control of industrial machines in the medical, energy, and commercial sectors. The threat can be remotely exploited. More about the vulnerability IBM X-Force Red team, ethical hackers, discovered a critical flaw, CVE-2020-15858, in the Thales Cinterion EHS8 M2M modules. The same one …

View Post

Critical Jenkins Server Vulnerability | (CVE-2019-17638)

Jenkins, the open-source automation server software, had a critical vulnerability (CVE-2019-17638) in the Jetty web server that allowed the leakage of users confidential data. The automation server software assist developers build, test, and deploy their applications. To this day, more than 1 million users leverages Jenkins to facilitate continuous integration and delivery. What is the impact? From Jenkins security advisory, …

View Post

Qualcomm DSP Chips Affected by 400 Vulnerabilities: Hackers turning handsets into spying tools

Security experts found 400 vulnerabilities, called ‘Achilles’ on Androids  Researchers say the flaws are found in Qualcomm’s Snapdragon chips Users need to only download a certain app and hackers can access the phone  This vulnerability affects Qualcomm’s Snapdragon chip , one of the most popular processors found in Android phones. What Are Really These Vulnerabilities? Researchers from our partner at Check Point …

View Post

Hackers Are Spying On You: Popular Home Cameras Vulnerable to Cyber Attacks

Major vulnerabilities found on TP-Link Kasa cams, leaving hackers the backdoor to spy. According to researcher Jason Kent from our partner Cequence Security, the “Kasa” cam, which is made by TP-Link as part of its smart home range of products, is vulnerable to account take over attacks. The same app controls Kasa smart plugs, smart light bulbs and smart wall …

View Post

AWS Security Risks: Misconfigured S3 Bucket

AWS misconfigured S3 bucket attacks have been on the rise. Twilio confirmed an attack in one of their misconfigured S3 Buckets got malicious code injected into their TaskRouter JS SDK. Before diving into the details, let’s take a step back and understand AWS S3 Buckets. What Is AWS S3 Bucket? S3 stands for Simple Storage Service. It is an Object …

View Post

Major Security Bug in D-Link Routers, Allowing Hackers to Compromise Networks

Researchers have publicly disclosed the existence of a severe remote code execution vulnerability in a range of D-Link routers.  The vulnerability impacts D-Link firmware in the DIR-655, DIR-866L, DIR-652, and DHP-1565 product lines. Recently, the security experts have detected multiple security flaws in the D-Link routers that could allow a severe network compromise. The security researchers of Loginsoft have detected three …