Cisco is warning users of a critical flaw in its Voice-OS which could allow an unauthenticated, remote hacker to gain elevated access to 12 types of its products.
With APT28 now using Microsoft's Dynamic Data Exchange (DDE) as an attack point, the company has issued an official advisory concerning the practice, along with possible mitigation methods.
The Tor Project released a patch fixing an issue that could reveal the correct IP address of MacOS and Linux users accessing the Tor browser.
WordPress has issued a new update, version 4.8.3, that researchers and the organization itself said could lead to a SQL injection and strongly recommend users update to the latest version.
The UK Financial Conduct Authority (FCA) has opened an investigation into the massive Equifax data breach that exposed almost 700,000 British citizens and 145.5 million worldwide.
The threat actor known as Group 74 has initiated a new campaign that uses a malicious Visual Basic for Applications (VBA) macro embedded in a document advertising the Cyber Conflict U.S. Conference (CYCON) to target people interested in cybersecurity issues.
APT28 is now also being named as one of the cyber gangs attempting to take advantage of Adobe Flash vulnerability CVE-2017-11292.
In what Adobe believes may be a first, the company did not issue any security updates for its product line this month.
Malware called ZNIU that is based on CVE-2016-5195, aka Dirty COW, has been found in more than 1,200 malicious Android apps affecting 5,000 users in 40 countries more than a year after the vulnerability first became known.
Oracle issued seven security updates to handle vulnerabilities found in Apache Struts 2.
Security researchers have found another publicly accessible Amazon S3 server that in this case hosted about 100MB of Verizon Wireless data that was allegedly operated by a Verizon employee.
Zero-day-acquisition firm Zerodium reported it will a total of $1 million for zero day exploits found for the Tor browser on Tails Linux and Windows.
The study also found a common protocol used in IoT devices was using significantly more vulnerable than more mature protocols used by online shopping and banking industry.
A Russian programmer attempted to extort an Australian gambling company after cracking the spin sequence on several of the firm's poker machines.
Microsoft's July Patch Tuesday news covered 55 flaws with 19 being rated critical with all the latter issues leading to remote code execution if left unpatched.
Cisco patched a critical vulnerability, one that was disclosed in the Vault 7 hacking tools leak, that left dozens of the company's switches open to being compromised.
An update to car parking payment app "RingGo" has led to the exposure of the personal details of thousands of UK drivers.
A vulnerability note was issued by CERT/CC for the Pandora music streaming service Apple iOS app for failing to properly validate SSL certificates provided by HTTPS connection.
Running PHP 2.0.1 turns out to be a bad way to secure network devices against a range of threats including cross-site request forgery attacks.
Canada's Revenue and Statistics agencies were knocked offline Friday when officials, concerned about several vulnerabilities, took down the sites as a precautionary measure.
Trend Micro is reporting a new threat to Linux-based Internet of Things devices that is specifically able to exploit a specific vulnerability in surveillance cameras made by AVTech.
Following news last week of a vulnerability in the Android app AirDroid, the company announced on Friday it completed the staged rollout of AirDroid (Mobile 184.108.40.206; Mac/Win 220.127.116.11 ) to patch the bug.