Category: Vulnerabilities

September 16, 2020

First introduced in 2017 and reintroduced in 2019, the IoT Cybersecurity Improvement Act will now have to pass the Senate before it can be signed into law by the president. The bipartisan legislation is backed by Reps. Will Hurd (R-Texas) […]

September 14, 2020

As employees outfit their home offices with the necessary technology to continue to work remotely, printer sales have surged in the first eight months of 2020, leaving security experts to worry that the devices may open up companies’ home-bound employees […]

September 11, 2020

With over 700,000 active installs, File Manager is a highly popular WordPress plugin that provides admins with file and folder management capabilities (copy/paste, delete, download/upload, edit, and archive). In early September 2020, the plugin’s developer addressed a critical-severity zero-day flaw […]

September 8, 2020

The vulnerabilities were reported to the vendor in May by Rich Mirch, a security researcher at CRITICALSTART. However, some of them remain unpatched. The researcher discovered a total of 10 vulnerabilities affecting MOFI4500 routers, a majority related to the web […]

September 8, 2020

A “critical” flaw in how contactless cards from Visa – and potentially other issuers – have implemented the EMV protocol can be abused to launch a “PIN bypass attack,” researchers warn. But Visa says the exploits would be “impractical for […]

September 4, 2020

The social media giant took the wraps off a Vulnerability Disclosure Policy this week, aimed at bugs its researchers may discover in third-party code and systems, open source applications included. The purpose of the policy, Facebook says, is to make […]

September 2, 2020

Hackers are actively exploiting a critical remote code execution vulnerability in the File Manager WordPress plugin that could be exploited by unauthenticated attackers to upload scripts and execute arbitrary code on WordPress sites running vulnerable versions of the plugin. The […]

September 1, 2020

A technical support intervention has revealed two zero-day vulnerabilities in the OS running on Cisco enterprise-grade routers that attackers are trying to actively exploit. Cisco plans to release software updates to plug these security holes, but in the meantime administrators […]

August 28, 2020

In a newly published paper, David Basin, Ralf Sasse, and Jorge Toro-Pozo from the department of computer science at ETH Zurich, explain that vulnerabilities identified in the standard EMV implementation could be exploited to render the PIN verification useless on […]

August 27, 2020

Microsoft has recently addressed some vulnerabilities impacting Microsoft Azure Sphere that could be exploited by attackers to execute arbitrary code or to elevate privileges. Azure Sphere OS adds layers of protection and ongoing security updates to create a trustworthy platform […]