A critical vulnerability affecting some Relion protection devices from ABB can be exploited to take control of a device or cause it to become inoperable, the DHS’s Cybersecurity and Infrastructure Security Agency (CISA) warned last week.The flaw affects Relion 670 series devices made by Swiss-based industrial technology solutions provider ABB. These products

Adobe-owned e-commerce platform Magento recently informed some Magento Marketplace users that an unauthorized third-party had gained access to their account information.According to Magento, the attackers exploited a vulnerability in the Magento Marketplace, which allowed them to access information such as name, email address, MageID, shipping and billing ad

By Joey Chen, Hiroyuki Kakara and Masaoki Shoji While we have been following cyberespionage group TICK (a.k.a. “BRONZE BUTLER” or “REDBALDKNIGHT”) since 2008, we noticed an unusual increase in malware development and deployments towards November 2018. We already know that the group uses previously deployed malware and modified tools for obfuscation, but we a

Kaspersky has patched several vulnerabilities affecting the web protection features present in its Anti-Virus, Internet Security, Total Security, Free Anti-Virus, Security Cloud, and Small Office Security products.Researcher Wladimir Palant informed Kaspersky in December 2018 that he had found some vulnerabilities related to product features designed to bloc

Trend Micro security researchers have discovered thousands of Android applications impacted by the GIF processing vulnerability that was patched recently in WhatsApp.Tracked as CVE-2019-11932, the security flaw exists in the open source library named libpl_droidsonroids_gif.so, which is part of the android-gif-drawable package and is used by numerous Android

By Lance Jiang and Jesse Chang CVE-2019-11932, which is a vulnerability in WhatsApp for Android, was first disclosed to the public on October 2, 2019 after a researcher named Awakened discovered that attackers could use maliciously crafted GIF files to allow remote code execution. The vulnerability was patched with version 2.19.244 of WhatsApp, but the under

Security and web performance services provider Cloudflare this week announced the open source availability of Flan Scan, its lightweight network vulnerability scanner.Based on the Nmap open source tool, Flan Scan was born out of the need for an easy-to-deploy scanner that could accurately detect the services on a network and then look them up in a database o

Kaspersky researchers have identified dozens of vulnerabilities in four popular open source virtual network computing (VNC) systems, but fortunately the majority of them have been patched.VNC systems use the remote frame buffer (RFB) protocol to allow users to remotely control a device. According to Kaspersky, VNC is often used in industrial environments and

The 5G telecommunications revolution is imminent. It is the next generation of cellular network, making use of the existing 4G LTE in addition to opening up the millimeter wave band. 5G will be able to welcome more network-connected devices and increase speeds considerably for users. It will serve as the foundation for advanced services, including: 8k strea

An update for the popular WordPress plugin Jetpack addresses a critical security flaw that has existed for more than two years. With over 5 million installations to date, Jetpack provides WordPress site admins with security, performance, and site management capabilities. The plugin was designed to keep websites protected from brute-force attacks an

Google on Thursday announced that it’s expanding its Android bug bounty program, and certain types of exploits can now earn researchers up to $1.5 millionAccording to Google, it has paid out over $4 million for more than 1,800 vulnerability reports received since the launch of its Android Security Rewards program in 2015. In the past year, payouts totaled ov

Critical vulnerabilities that have been fixed years ago are still present in many popular Android applications due to their developer’s failure to apply patches available for third-party components.Researchers at Check Point have selected three critical arbitrary code execution vulnerabilities patched in 2014, 2015 and 2016 in widely used third-party librari

The DopplePaymer ransomware spreads via existing Domain Admin credentials, not exploits targeting the BlueKeep vulnerability, Microsoft says.The malware, which security researchers believe to have been involved in the recent attack on Mexican state-owned oil company Petróleos Mexicanos (Pemex), has been making the rounds since June 2019, with some earlier sa

A researcher has earned $5,000 from Google for an interesting cross-site scripting (XSS) vulnerability found in the dynamic email feature added a few months ago to Gmail.The dynamic email feature, also known as Accelerated Mobile Pages (AMP) for email or AMP4Email, enables the use of dynamic HTML content in emails, allowing users to conduct various tasks dir

Mozilla is celebrating the 15th anniversary of its Firefox web browser with significant updates to the organization’s bug bounty program, including new targets and bigger rewards.Mozilla announced on Tuesday that it’s doubling all payouts for vulnerabilities found in critical and core websites and services, and the maximum reward for remote code execution fl