Flash Alert: Zero-Day Update

Adobe Issues Patch for Flash Player Zero-Day Exploit Adobe has released a critical update for Flash. This zero-day vulnerability is, on a limited basis, being exploited in the wild. According to the Adobe Security Bulletin, “These attacks leverage Office documents with embedded malicious Flash Player content distributed via email.” It seems the end of Flash is going…

100 Million IoT Devices Exposed

Z-Wave IoT Devices Exposed Z-Wave, a protocol primarily used for home automation, is vulnerable to security downgrade attacks. According to the Z-Wave Alliance, an organization dedicated to advancing Z-Wave, the protocol is currently used by 700 companies in over 2,400 IoT and smart products. It is estimated that over 100 Million IoT devices are affected. It…

Microsoft Zero-Day for JScript

Remote Code Execution Vulnerability Disclosed Researchers at Telspace Systems have advised they have found a Zero Day exploit, but no fix is yet available. The release date has been estimated to be in the July 2018 Patch Tuesday, however we will let you know when a fix is announced. The issue lies in Microsoft’s ECMAScript…

FBI Warns Again of New Hidden Cobra Strike

Hidden Cobra Strikes Again US-CERT and the FBI have issued a new alert on cyber-attacks it blames on North Korea.  The warning is about the hacking operations dubbed “HIDDEN COBRA” that the United States charges were launched by Pyongyang. The alert did not identify specific victims, though it cited a February 2016 report from several…

The Rapid Rise of the IoT

The IoT is Here to Stay: Risks Included Research from Metova has revealed the current scale of smart product adoption in the United States.  According to Metova, 90 percent of U.S users now own some form of smart device. This shows the IoT has truly reached mass adoption across the country. This also presents inherent…

Red Hat Vulnerabilities Exposed

Red Hat Linux DHCP Client Vulnerability Red Hat has been made aware of a couple of flaws in the way the Linux kernel handles exceptions triggered after the POP SS and MOV to SS instructions, these are identified as CVE-2018-8897 & CVE-2018-1087. These issues could lead to a denial of service (DoS) for unpatched systems.…

Microsoft Fixes Two Zero-Day Exploits

Two Zero-Day Exploits Resolved Microsoft has released two zero-days that have actively been exploited in the wild by cybercriminals. Microsoft has credited Qihoo 360 and Kaspersky Lab for reporting this vulnerability. Both companies say the flaw has been exploited in targeted attacks, but no information is currently available. Double Kill IE 0-day Vulnerability (CVE-2018-8174) under…

May Patch Tuesday: Major Windows 10 Updates

Logitech IoT Harmony Hub Fixes Several Security Flaws Harmony Hub-based products, which include Harmony Elite, Home Hub, Ultimate Hub, Home Control, Pro, Smart Control, Smart Keyboard, Ultimate Home, and Harmony Hub are potentially vulnerable to four types of vulnerabilities that can be combined to gain root access to a device via SSH. Harmony Hub is…

Windows Containers Opened: Microsoft Issues Emergency Patch

Microsoft Releases Critical Update In something of an unusual move, Microsoft has released a critical update before Patch Tuesday. This patch addresses a vulnerability within the Windows Host Compute Service Shim (hcsshim) library. Thanks to work by Swiss security researcher Michael Hanselmann, the flaw was identified and an update has been released. According to the…

Oracle Doesn’t Predict WebLogic Flaw

Oracle WebLogic Flaw Opens Door to Hackers In early April, Oracle released updates for a vulnerability within WebLogic Server. At the time, it seemed like that was that, but now a tech researcher claiming to be part of Alibaba’s security team has found a work around. There are also indications that hackers are seeking to…