vulnerability
Actively exploited zero-day in IIS 6.0 affects 60,000+ servers
Microsoft Internet Information Services (IIS) 6.0 sports a zero-day vulnerability (CVE-2017-7269) that was exploited in the wild last summer and is likely also being exploited …
Number of compromised records up 566% in 2016
The number of records compromised grew a historic 566 percent in 2016 from 600 million to more than 4 billion. These leaked records include data cybercriminals have …
Siemens RUGGEDCOM industrial communication devices vulnerable to remote attacks
All version of Siemens RUGGEDCOM ROX I VPN endpoints and firewall devices sport five vulnerabilities that can be exploited by attackers to perform actions with administrative …
LastPass is working on fixing latest code execution bug
It’s been an eventful couple of weeks for LastPass developers, as they’ve scrambled to fix a couple of serious flaws in the popular password manager’s …
Scareware scammers target iOS users
A bug in the way that Mobile Safari handles pop-up dialogs has been abused to scare iOS users into paying a “fine” in the form of an iTunes pre-paid card. The iOS …
Medical washer-disinfector appliance’s web server open to attack
Here’s a string of words that you probably never thought you’ll hear: An Internet-connected washer-disinfector appliance by German manufacturer Miele sports a …
Lack of security patching leaves mobile users exposed
An analysis of the patch updates among the five leading wireless carriers in the United States found that 71 percent of mobile devices still run on security patches more than …
Java and Flash top list of most outdated programs on users’ PCs
52% of the most popular PC applications, including Flash and Java, are out-of-date. People are exposing their PC and their personal data to risks, as malware targets older …
DoubleAgent attack uses built-in Windows tool to hijack applications
Security researchers from computer and network security outfit Cybellum have revealed a new zero-day code injection and persistence technique that can be used by attackers to …
LastPass extensions can be made to cough up passwords, deliver malware
LastPass Chrome and Firefox extensions contain flaws that could allow malicious websites to steal victims’ passwords or execute commands on their computer. The flaws …
Burglars can easily make Google Nest security cameras stop recording
Google Nest’s Dropcam, Dropcam Pro, Nest Cam Outdoor and Nest Cam Indoor security cameras can be easily disabled by an attacker that’s in their Bluetooth range, a …
300+ Cisco switches affected by critical bug found in Vault 7 data dump
While combing through WikiLeaks’ Vault 7 data dump, Cisco has unearthed a critical vulnerability affecting 300+ of its switches and one gateway that could be exploited …
Featured news
Resources
Don't miss
- Hawk Eye: Open-source scanner uncovers secrets and PII across platforms
- The Zoom attack you didn’t see coming
- Sonicwall SMA100 vulnerability exploited by attackers (CVE-2021-20035)
- The UK’s phone theft crisis is a wake-up call for digital security
- Securing digital products under the Cyber Resilience Act