vulnerability
Vulnerabilities allow attackers to take over infusion pumps
Two vulnerabilities in Windows CE-powered Alaris Gateway Workstations (AWGs), which provide support for widely used infusion pumps, could allow remote attackers to disable the …
Evernote Chrome extension flaw could have allowed access to personal info
Guardio discovered a major flaw in Evernote’s Web Clipper Chrome extension’s code that left it vulnerable, potentially allowing threat actors to access personal …
Smart home security devices most at risk in IoT-targeted cyber attacks
Smart home security cameras equate to 47% of the most vulnerable devices followed by smart hubs such as Googlehome, Amazon Alexa, with the top countries executing attacks …
Critical Microsoft NTLM vulnerabilities allow remote code execution on any Windows machine
The Preempt research team found two critical Microsoft vulnerabilities that consist of three logical flaws in NTLM, the company’s proprietary authentication protocol. These …
Malware peddlers hit Office users with old but reliable exploit
Emails delivering RTF files equipped with an exploit that requires no user interaction (except for opening the booby-trapped file) are hitting European users’ inboxes, …
June Patch Tuesday forecast: Apply updates before BlueKeep hits the streets
Can you believe it is June already? Summer is rapidly approaching, but it’s been slow to warm up our temperatures here in the US. I can’t say the same thing about the …
Critical Exim flaw exploitable locally and remotely, patch ASAP!
A critical vulnerability in Exim, the mail transfer agent (MTA) deployed on over half of all Internet-facing mail servers, may allow attackers to run commands as the …
Scientists uncover vulnerability in FPGAs, affecting cloud services and IoT
Field-programmable gate arrays (FPGAs) are, so to say, a computer manufacturer’s “Lego bricks”: electronic components that can be employed in a more flexible …
Siemens LOGO!, a PLC for small automation projects, open to attack
LOGO!, a programmable logic controller (PLC) manufactured by Siemens, sports three vulnerabilities that could allow remote attackers to reconfigure the device, access project …
Attackers are exploiting WordPress plugin flaw to inject malicious scripts
Attackers are leveraging an easily exploitable bug in the popular WP Live Chat Support plugin to inject a malicious JavaScript in vulnerable sites, Zscaler warns. The company …
BlueKeep RDP flaw: Nearly a million Internet-facing systems are vulnerable
Two weeks have passed since Microsoft released security fixes and mitigation advice to defang exploits taking advantage of CVE-2019-0708 (aka BlueKeep), a wormable …
High-risk behaviors expose most travelers to cyber risks
The travel industry and its customers are increasingly the targets of cyberattacks as criminals seek to monetize highly valuable travel data, according to the new IBM Security …