Billions of Devices Open to Wi-Fi Eavesdropping Attacks
Posted on Wednesday February 26, 2020

The Kr00k bug arises from an all-zero encryption key in Wi-Fi chips that reveals communications from devices from Amazon, Apple, Google, Samsung and others.

Google Patches Chrome Browser Zero-Day Bug, Under Attack
Posted on Tuesday February 25, 2020

Google patches zero-day bug tied to memory corruptions found inside the Chrome browser's open-source JavaScript and Web Assembly engine, called V8.

Apple Takes Heat Over ‘Vulnerable’ iOS Cut-and-Paste Data
Posted on Monday February 24, 2020

Software developer builds a malicious proof-of-concept iOS app that can read data temporarily saved to the device’s clipboard.

Active Attacks Target Popular Duplicator WordPress Plugin
Posted on Friday February 21, 2020

When patched last week, the bug affected at least 1 million websites. Zero-day exploits were going on then.

Critical Cisco Bug Opens Software Licencing Manager to Remote Attack
Posted on Thursday February 20, 2020

A default password would let anyone access the Cisco Smart Software Manager On-Prem Base platform, even if it's not directly connected to the internet.

Critical Adobe Flaws Fixed in Out-of-Band Update
Posted on Thursday February 20, 2020

Two critical Adobe vulnerabilities have been fixed in Adobe After Effects and Adobe Media Encoder.

BlueKeep Flaw Plagues Outdated Connected Medical Devices
Posted on Wednesday February 19, 2020

More than 55 percent of medical imaging devices - including MRIs, XRays and ultrasound machines - are powered by outdated Windows versions, researchers warn.

SMS Attack Spreads Emotet, Steals Bank Credentials
Posted on Wednesday February 19, 2020

A new Emotet campaign is spread via SMS messages pretending to be from banks and may have ties to the TrickBot trojan.

Iran-Backed APTs Collaborate on 3-Year ‘Fox Kitten’ Global Spy Campaign
Posted on Tuesday February 18, 2020

APT34/OilRig and APT33/Elfin have established a highly developed and persistent infrastructure that could be converted to distribute destructive wiper malware.

Active Exploits Hit Vulnerable WordPress ThemeGrill Plugin
Posted on Tuesday February 18, 2020

Websites using a vulnerable version of the WordPress plugin, ThemeGrill Demo Importer, are being targeted by attackers.