Threats and Risks
Cisco fixes critical flaws impacting DCNM and SD-WAN
The bug could allow unauthenticated attackers to steal sensitive information from vulnerable devices
VHD ransomware is owned and operated by Lazarus group, researchers find
The first reports of VHD ransomware had appeared in March this year
Biden campaign tells staff to delete TikTok
Chinese app seen as a potential security risk
Exposed MongoDB database draws attacks within hours
Experimental honeypot set up by researchers reveals locations where most of the attacks come from
Emotet is back and installing TrickBot trojan, researcher warns
The latest Emotet spam campaign is targeting people in the UK and the US
'Patch critical SAP RECON vulnerability immediately', urges CISA
The bug could enable a remote, unauthenticated attacker to gain control of SAP applications and steal data
Cisco issues security patches for critical vulnerabilities affecting its router and firewall products
The flaws could enable hackers to take full control of the target device
Microsoft issues patch for wormable SIGRed RCE flaw impacting Windows DNS Server
Researchers are putting it in the same risk category as BlueKeep and EternalBlue
Microsoft patches 123 vulnerabilities in July 2020 Patch Tuesday update
Eighteen of them are listed as 'Critical'
Zero-day flaw in Zoom could allow hackers to execute arbitrary code, researchers warn
0patch has released a free patch for older Windows machines
Critical security vulnerabilities impacted Bullguard's Antivirus and Secure Browser software, researcher claims
A major issue was found in the protection against malicious websites
Huawei targeted influential Britons to back its role in UK's 5G infrastructure, controversial dossier claims
The 86-page report is commissioned by a US film producer Andrew Duncan
Android devices are being increasingly targeted by undeletable adware, researchers warn
The adware plants itself in the system partition, making it hard to delete
Alina POS malware now using DNS tunnelling to steal payment cards data
Alina POS malware is back in circulation, now using DNS tunnelling to steal card details from unsuspecting victims
US Cyber Command warns organisations of critical vulnerability in Palo Alto Networks products
Foreign APTs will likely attempt to exploit the bug soon, it says
Campaigners urge Johnson to reform Computer Misuse Act to make it fit for modern digital era
The law currently hinders cyber security research in Britain, campaigners argue in an open letter to the PM
'Ripple20' security vulnerabilities in TCP/IP software library impact millions of connected devices
Nineteen bugs have been discovered so far in Treck software affecting connected printers, insulin pumps, smart home devices, power-grid equipment, industrial-control gears, routers, communications equipment commercial aircraft and data centre devices...
One in three Britons targeted by scammers since the start of coronavirus crisis, Citizens Advice reveals
Legal charity has seen a 19 per cent spike in the number of visitors coming to its website in recent months looking for advice from experts
Earth Empusa threat group distributing Android 'ActionSpy' spyware to target minority group in Tibet and Turkey
ActionSpy supports numerous modules which enable hackers to collect confidential information from compromised devices, including device IMEI, user phone number and contacts
Gamaredon group using new tools to target Microsoft Outlook and Office, researchers warn
And they are making no efforts to stay under the radar
SGAxe and CrossTalk flaws in Intel CPUs could enable attackers to steal data, researchers say
SGX hardware encryption technology was launched in 2015 with the Skylake microarchitecture
Microsoft June 2020 Patch Tuesday fixes 129 security vulnerabilities
Eleven of them are rated as 'Critical'
Exploit code for wormable Windows 10 SMBGhost bug released on Github
People using the code may see crashes presenting a blue screen of death
US federal agencies report 28,581 security incidents across nine attack vector categories in 2019
Improper usage was identified as the most common attack vector last year
