Telegram, WhatsApp Vulnerability Exposes Media Files to Tampering
Symantec discovered a Telegram and WhatsApp vulnerability that could enable digital attackers to tamper with media files.
Zoom Vulnerability Could Let Third Parties Take Over Webcams
A zero-day Zoom vulnerability could allow third parties to snoop on videoconferencing calls, reactivate uninstalled apps and conduct other malicious activities.
Critical RCE Vulnerability in TP-Link Wi-Fi Extenders Can Grant Attackers Remote Control
IBM X-Force discovered a zero-day remote code execution vulnerability in TP-Link Wi-Fi extenders that could enable an attacker to command a device.
Windows 10 Zero-Day Lets Threat Actors Bypass Patch and Escalate Role to Admin Level
Threat actors could use a recently discovered Windows 10 zero-day flaw to take over a computer and bypass local privilege escalation.
Buffer Overflow Vulnerability in TP-Link Routers Can Allow Remote Attackers to Take Control
IBM X-Force found a zero-day buffer overflow vulnerability in one of the most common routers on the market that could let malicious third parties take control of the device from a remote location.
Magento Flaw Lets Cybercriminals Access E-Commerce Sites Without Authentication
Security researchers discovered a Magento flaw that could enable cybercriminals to penetrate and control features within the popular e-commerce site without authentication.
Highly Critical Drupal Vulnerability Could Expose Sites to RCE Attacks, Developers Warn
By exploiting a critical Drupal vulnerability recently disclosed by developers, attackers could potentially take control of websites and servers built on the CMS.
Calling Into Question the CVSS
X-Force Red believes vulnerabilities should be ranked based on the importance of the exposed asset and whether the vulnerability is being weaponized by criminals, not necessarily its CVSS score.
New Variant of Mirai Malware Exploits Weak IoT Device Passwords to Conduct Brute-Force Attacks
Security researchers discovered a new variant of Mirai malware known as Miori that is targeting internet of things (IoT) devices to integrate into a larger botnet.
Threat Actors Exploit Equation Editor to Distribute Hawkeye Keylogger
A recent Hawkeye keylogger campaign leveraged an old Microsoft Office Equation Editor vulnerability to steal user credentials, passwords and clipboard content.