July 16, 2019 Telegram, WhatsApp Vulnerability Exposes Media Files to Tampering 2 min read - Symantec discovered a Telegram and WhatsApp vulnerability that could enable digital attackers to tamper with media files.
July 10, 2019 Zoom Vulnerability Could Let Third Parties Take Over Webcams 2 min read - A zero-day Zoom vulnerability could allow third parties to snoop on videoconferencing calls, reactivate uninstalled apps and conduct other malicious activities.
Software Vulnerabilities June 18, 2019 Critical RCE Vulnerability in TP-Link Wi-Fi Extenders Can Grant Attackers Remote Control 5 min read - IBM X-Force discovered a zero-day remote code execution vulnerability in TP-Link Wi-Fi extenders that could enable an attacker to command a device.
June 11, 2019 Windows 10 Zero-Day Lets Threat Actors Bypass Patch and Escalate Role to Admin Level 2 min read - Threat actors could use a recently discovered Windows 10 zero-day flaw to take over a computer and bypass local privilege escalation.
Software Vulnerabilities April 8, 2019 Buffer Overflow Vulnerability in TP-Link Routers Can Allow Remote Attackers to Take Control 9 min read - IBM X-Force found a zero-day buffer overflow vulnerability in one of the most common routers on the market that could let malicious third parties take control of the device from a remote location.
April 3, 2019 Magento Flaw Lets Cybercriminals Access E-Commerce Sites Without Authentication 2 min read - Security researchers discovered a Magento flaw that could enable cybercriminals to penetrate and control features within the popular e-commerce site without authentication.
February 26, 2019 Highly Critical Drupal Vulnerability Could Expose Sites to RCE Attacks, Developers Warn 2 min read - By exploiting a critical Drupal vulnerability recently disclosed by developers, attackers could potentially take control of websites and servers built on the CMS.
Software Vulnerabilities February 20, 2019 Calling Into Question the CVSS 6 min read - X-Force Red believes vulnerabilities should be ranked based on the importance of the exposed asset and whether the vulnerability is being weaponized by criminals, not necessarily its CVSS score.
January 2, 2019 New Variant of Mirai Malware Exploits Weak IoT Device Passwords to Conduct Brute-Force Attacks 2 min read - Security researchers discovered a new variant of Mirai malware known as Miori that is targeting internet of things (IoT) devices to integrate into a larger botnet.
November 15, 2018 Threat Actors Exploit Equation Editor to Distribute Hawkeye Keylogger 2 min read - A recent Hawkeye keylogger campaign leveraged an old Microsoft Office Equation Editor vulnerability to steal user credentials, passwords and clipboard content.