Millions of modems at risk of remote hijacking

Multiple cable modem models from various manufacturers found vulnerable to takeover attacks. Hundreds of millions of cable modems from various manufacturers may be susceptible to a critical vulnerability that can enable attackers to intercept people’s private messages or redirect their internet traffic, new research has found. Tracked as CVE-2019-19494 and nicknamed Cable Haunt, the vulnerability is estimated to … More Millions of modems at risk of remote hijacking

Google disables Xiaomi smart home integration after camera bug

A Xiaomi security camera owner reports receiving random images from strangers’ homes. Smart-home security appliances are not always what they are made out to be and recently some have been running into more problems than is healthy. Some smart doorbells have been caught recording more data than thought, while Wyze Labs, which makes connected home gadgets, has been … More Google disables Xiaomi smart home integration after camera bug

Microsoft issues patch for Internet Explorer zero‑day

The critical vulnerability could also be exploited via a malicious Microsoft Office document. Microsoft has shipped out a fix for a critical flaw in Internet Explorer (IE) that is being exploited in the wild. Tracked as CVE-2019-1429, the vulnerability is part of this month’s batch of regular security updates known as Patch Tuesday. The zero-day … More Microsoft issues patch for Internet Explorer zero‑day

First BlueKeep attacks prompt fresh warnings

The infamous vulnerability has been exploited for a cryptocurrency mining campaign, but more damaging attacks may still be in store. Ever since it was discovered six months ago, the BlueKeep vulnerability has had (not only) the cybersecurity community concerned about impending WannaCryptor-style attacks. Earlier in November, Microsoft together with security researchers Kevin Beaumont and Marcus Hutchins shed light on … More First BlueKeep attacks prompt fresh warnings

Microsoft rushes out patch for Internet Explorer zero‑day

There is no word on which threat actor is abusing the severe vulnerability for attacks. Microsoft is urging Windows users to install an emergency security patch to address a critical vulnerability that affects multiple versions of Internet Explorer (IE) and is under active exploitation by unspecified bad actors. The company’s advisory notes that the zero-day, listed as CVE-2019-1367, is … More Microsoft rushes out patch for Internet Explorer zero‑day

Remote access flaws found in popular routers, NAS devices

In almost all tested units, the researchers achieved their goal of obtaining remote root-level access. Security researchers have uncovered a total of 125 security flaws across 13 small office/home office (SOHO) routers and network-attached storage (NAS) devices that may leave them vulnerable to remote attacks. The devices ranged from units intended for the general public … More Remote access flaws found in popular routers, NAS devices

A vulnerability in Instagram exposes personal information of users

The bug, which has already been fixed by Facebook, allowed access to private user information that could be abused by malicious actors. A security flaw that allowed an attacker to access account information, such as a user’s full phone number and real name of Instagram users was found. Facebook, who previously confirmed the existence of … More A vulnerability in Instagram exposes personal information of users