Technology

Watch Out! That Android System Update May Contain A Powerful Spyware

Researchers have discovered a new information-stealing trojan, which targets Android devices with an onslaught of data-exfiltration capabilities — from collecting browser searches to recording audio and phone calls. While malware on Android has previously taken the guise of copycat apps, which go under names similar to legitimate pieces of software, this sophisticated new malicious app

Watch Out! That Android System Update May Contain A Powerful Spyware Read More »

Apple Issues Urgent Patch Update for Another Zero‑Day Under Attack

Merely weeks after releasing out-of-band patches for iOS, iPadOS, macOS and watchOS, Apple has issued yet another security update for iPhone, iPad, and Apple Watch to fix a critical zero-day weakness that it says is being actively exploited in the wild. Tracked as CVE-2021-1879, the vulnerability relates to a WebKit flaw that could enable adversaries

Apple Issues Urgent Patch Update for Another Zero‑Day Under Attack Read More »

New 5G Flaw Exposes Priority Networks to Location Tracking and Other Attacks

New research into 5G architecture has uncovered a security flaw in its network slicing and virtualized network functions that could be exploited to allow data access and denial of service attacks between different network slices on a mobile operator’s 5G network. AdaptiveMobile shared its findings with the GSM Association (GSMA) on February 4, 2021, following which the

New 5G Flaw Exposes Priority Networks to Location Tracking and Other Attacks Read More »

OpenSSL Releases Patches for 2 High-Severity Security Vulnerabilities

The maintainers of OpenSSL have released a fix for two high-severity security flaws in its software that could be exploited to carry out denial-of-service (DoS) attacks and bypass certificate verification. Tracked as CVE-2021-3449 and CVE-2021-3450, both the vulnerabilities have been resolved in an update (version OpenSSL 1.1.1k) released on Thursday. While CVE-2021-3449 affects all OpenSSL

OpenSSL Releases Patches for 2 High-Severity Security Vulnerabilities Read More »

Another Critical RCE Flaw Discovered in SolarWinds Orion Platform

IT infrastructure management provider SolarWinds on Thursday released a new update to its Orion networking monitoring tool with fixes for four security vulnerabilities, counting two weaknesses that could be exploited by an authenticated attacker to achieve remote code execution (RCE). Chief among them is a JSON deserialization flaw that allows an authenticated user to execute

Another Critical RCE Flaw Discovered in SolarWinds Orion Platform Read More »

Black Kingdom Ransomware Hunting Unpatched Microsoft Exchange Servers

More than a week after Microsoft released a one-click mitigation tool to mitigate cyberattacks targeting on-premises Exchange servers, the company disclosed that patches have been applied to 92% of all internet-facing servers affected by the ProxyLogon vulnerabilities. The development, a 43% improvement from the previous week, caps off a whirlwind of espionage and malware campaigns that hit

Black Kingdom Ransomware Hunting Unpatched Microsoft Exchange Servers Read More »

Forcing Self-Service Password Reset (SSPR) Registration to Increase ROI

When your organization invests in a new product or service, it is essential that you take advantage of all the features it has to offer. This will help you to maximize your return on investment (ROI). If you have purchased or are thinking about purchasing a self-service password reset (SSPR) tool, one of the most

Forcing Self-Service Password Reset (SSPR) Registration to Increase ROI Read More »

Chinese Hackers Used Facebook to Hack Uighur Muslims Living Abroad

Facebook may be banned in China, but the company on Wednesday said it has disrupted a network of bad actors using its platform to target the Uyghur community and lure them into downloading malicious software that would allow surveillance of their devices. “They targeted activists, journalists and dissidents predominantly among Uyghurs from Xinjiang in China

Chinese Hackers Used Facebook to Hack Uighur Muslims Living Abroad Read More »

Critical Cisco Jabber Bug Could Let Attackers Hack Remote Systems

Cisco on Wednesday released software updates to address multiple vulnerabilities affecting its Jabber messaging clients across Windows, macOS, Android, and iOS. Successful exploitation of the flaws could permit an “attacker to execute arbitrary programs on the underlying operating system with elevated privileges, access sensitive information, intercept protected network traffic, or cause a

Critical Cisco Jabber Bug Could Let Attackers Hack Remote Systems Read More »