Our centralized distribution management system is a Cloud ERP with high-tech features to help companies manage and monitor end-to-end distribution networks and optimize logistics operations. The system integrates dedicated modules with company’s sales and financials to reduce process times, improve customer support, and eliminate unnecessary costs.
Deal with an industry-specific application designed for high-volume wholesale distributors to improve efficiency, gain tighter control, and reduce manual work.
Integrate warehouse backend system into various mobile devices to optimize accuracy & security, and gain smoother distribution control from any place, anytime.
Generate reports on important metrics in real-time, including perpetual & physical inventory, order processing, purchase, inventory location, stored items, cost, logistics, and more.
Our software manages all aspects of Pet Cremation and Pet Burial Processes all over the world. Our powerful technology app is available for configuration to match retail, hospital, and clinic business operations. It can be integrated into any mobile device to manage, invoice, and track pet crematory.
Manage and automate all tasks revolving around pet burials, including phone consultation, intaking, processing, route management, vet finder, and body disposal.
Systematize the manual cremation operation for companies engaged in the pet cremation marketplace to optimize performance and improve customer satisfaction.
Track various hazardous waste boxes through Medical Waste process, from drop-off through to the treatment process; modules include barcodes, report, pricing, mass entry, & box tracking.
The rental suite is a real-time solution that helps rental clients improve visibility across multiple locations with order bookings, inventory, fleet, accounts, customers, and web presence. Our solution improves traditional retail processes & boost managerial efficiency by streamlining and integrating all elements of single & multi-store management. We combine core retail activities in one operational hub and allow data access anywhere, anytime to help you provide customers an multiple-channel experience. The application overcomes the traditional stock sales since merchandize comes back to the warehouse – the easy process of bringing back stock via barcodes boosts clients’ efficiencies.
View All
Our Transportation Management System, Load-Logix, powered by Oracle, is a logistics industry-specific software application that optimizes the operations of carrier and logistics brokers by automating their internal processes, such as load data entry and re-entry, payroll and invoicing, communication, and load tracking & management, in real-time. It also allows integration with enterprise level accounting apps, business analytics, reporting, and offers an exceptional truck board map that helps finding return loads after current load is dropped off.
Manages drivers & load in real-time for carrier borkers to boost customer service and route deliveries, reduce fuel consumption, and minimize travel time and distance.
Get accomplished feature list, including multiple domains, email recall, & aliases with A+ support.
Learn More
Develop & manage agile IT infrastructures through hi-tech cloud-based IT-managed services.
Learn More
Get end-to-end hosting solutions to enjoy a non-chaotic working environment day after day.
Learn More
Hire IT support team for your short-time projects without any obligations or heavy investments.
Learn More
No more call drops, costly international calls, & inaudible voices with robust custom telephonies.
Learn More
We ensure your critical data, cloud infra, and hardware continue to work despite failures.
Learn More
We implement full-stack cloud infra and monitoring delivered by USA’s leading cloud partners.
Learn More
Work with Cisco & Microsoft-certified engineers to build, design, and reconfigure robust networks.
Learn More
NGAV effective prevention technology, powered by built in threat intelligence & quick response.
Learn More
Workplace messaging platform Slack was experiencing outages Wednesday, with a peak of more than 3,000 people reporting problems with the service on DownDetector. Key Facts Slack’s tech dashboard first reported issues with people connecting or loading the communication platform at 10:27 a.m. EST. About 2,000 people had reported issues with Slack as of 12:13 p.m. EST […]
Learn More
Microsoft is investigating an ongoing outage preventing users and admins from accessing some Microsoft 365 services and the admin center. According to thousands of reports from affected customers logged by DownDetector, these ongoing issues block login attempts and impact Microsoft 365 suite websites and Outlook services. “Further information can be found at https://status.cloud.microsoft, or under MO991872 if the […]
Learn More
How does a legacy test account grant access to read every Office 365 account? The new detail was provided in vaguely worded language included in a post Microsoft published on Thursday. It expanded on a disclosure Microsoft published late last Friday. Russia-state hackers, Microsoft said, used a technique known as password spraying to exploit a weak […]
Learn More
Wary of the growing adoption of AI in the business world? Worried about losing your job to technology? You’d better get used to it because 77% of hiring managers say AI is a beneficial resume skill for 2024, according to a new report from ResumeTemplates.com. In fact, six out of 10 employers say they’d choose a less-experienced […]
Learn More
Microsoft’s November 2023 Patch Tuesday, which includes security updates for a total of 58 flaws and five zero-day vulnerabilities. While fourteen remote code execution (RCE) bugs were fixed, Microsoft only rated one as critical. The three critical flaws fixed today are an Azure information disclosure bug, an RCE in Windows Internet Connection Sharing (ICS), and a […]
Learn More
Google is testing a new feature in the Chrome browser that will warn users when an installed extension has been removed from the Chrome Web Store, usually indicative of it being malware. An unending supply of unwanted browser extensions is published on the Chrome Web Store and promoted through popup and redirect ads. These extensions […]
Learn MoreGoogle has changed the Google Chrome security updates schedule from bi-weekly to weekly to address the growing patch gap problem that allows threat actors extra time to exploit published n-day and zero-day flaws. This new schedule will start with Google Chrome 116, scheduled for release today. Google explains that Chromium is an open-source project, allowing […]
Learn More
Microsoft has quietly announced an enhancement to the Edge browser’s dark mode, making it even darker. The current dark mode, characterized by its grey tones, is set to be replaced with a richer black version, providing users with an even darker browsing experience. This update is currently available for testing in Edge Canary, Microsoft’s experimental […]
Learn More
Microsoft has released the July 2023 optional cumulative update for Windows 11, version 22H2, with fixes for 27 issues, including ones affecting VPN performance and display or audio devices. KB5028254 is a monthly non-security preview release that allows Windows administrators and users to test improvements included in the upcoming August 2023 Patch Tuesday release. According […]
Learn More
Apple has commenced the rollout of iOS 16.6 and iPadOS 16.6, the latest software updates for iPhone and iPad. These updates bring essential fixes for vulnerabilities impacting Apple’s Neural Engine, and kernel-level patches addressing flaws that could potentially compromise the security of some devices. Additionally, Apple has also pushed macOS 13.5, watchOS 9.6, and tvOS […]
Learn More
Microsoft will retire the Windows Mail and Calendar applications on Windows 10 and Windows 11 at the end of the year, first auto-migrating users to the new Outlook for Windows app in August. Initially developed for Windows 10, Windows Mail and Calendar are built-in Windows applications that provide an easy-to-use application for retrieving your email […]
Learn More
Hackers are conducting widespread exploitation of a critical WooCommerce Payments plugin to gain the privileges of any users, including administrators, on vulnerable WordPress installation. WooCommerce Payments is a very popular WordPress plugin allowing websites to accept credit and debit cards as payment in WooCommerce stores. According to WordPress, the plugin is used on over 600,000 active […]
Learn More
Apple fixed and re-released emergency security updates addressing a WebKit zero-day vulnerability exploited in attacks. The initial patches had to be withdrawn on Monday due to browsing issues on certain websites. “Apple is aware of an issue where recent Rapid Security Responses might prevent some websites from displaying properly,” Apple said on Tuesday. The company added it would soon […]
Learn More
The State Department discovered the Microsoft vulnerability, which affected unclassified government systems, last month Chinese cyberspies, exploiting a fundamental gap in Microsoft’s cloud, hacked email accounts at the Commerce and State departments, including that of Commerce Secretary Gina Raimondo — whose agency has imposed stiff export controls on Chinese technologies that Beijing has denounced as a malicious […]
Learn More
Microsoft warned customers today that multiple editions of Windows 11, version 21H2, will reach the end-of-service (EOS) in three months, on October 10, 2023. This applies to Windows 11 21H2 editions released in October 2021: Home, Pro, Pro Education, and Pro for Workstations. “These editions will no longer receive security updates after October 10, 2023,” […]
Learn More
Security researchers discovered two malicious file management applications on Google Play with a collective installation count of over 1.5 million that collected excessive user data that goes well beyond what’s needed to offer the promised functionality. The apps, both from the same publisher, can launch without any interaction from the user to steal sensitive data and […]
Learn More
Google has released the monthly security updates for Android operating system, which comes with fixes for 46 vulnerabilities. Three of the issues are likely actively exploited in the wild. “There are indications that the following [vulnerabilities] may be under limited, targeted exploitation,” reads Google’s bulletin, highlighting CVE-2023-26083, CVE-2021-29256, and CVE-2023-2136. CVE-2023-26083 is a medium-severity memory leak […]
Learn MoreHackers exploit a zero-day privilege escalation vulnerability in the ‘Ultimate Member’ WordPress plugin to compromise websites by bypassing security measures and registering rogue administrator accounts. Ultimate Member is a user profile and membership plugin that facilitates sign-ups and building communities on WordPress sites, and it currently has over 200,000 active installations. The exploited flaw, tracked as […]
Learn More
YouTube is currently running what it describes as a “small experiment globally,” warning users to toggle off their ad blockers and avoid being limited to only three video views. As first spotted by a Reddit user on Wednesday, YouTube now displays a pop-up that notifies ad blocker users targeted by this test that “video player will be […]
Learn More
On June 27th, certain Twitter users began receiving a strange automated message. It stated that, due to a violation of spam policy, their accounts will be restricted for 3 days. It’s commonly known that suspicious increases in follows, unfollows, likes, or retweet actions can lead to a temporary or permanent suspension from the platform. However, […]
Learn More
Microsoft is investigating an ongoing outage blocking customers from accessing and using the Microsoft Teams communication platform via web and desktop clients. While Redmond only acknowledged that the outage affects the web app, customers also report being unable to access Teams via desktop clients on Linux and macOS. ”We’re investigating an issue where some users […]
Learn MoreMicrosoft is expanding support for passkeys in Windows 11 to make it more secure to log into websites and apps using biometric authentication. Passkeys are unique codes linked to specific devices such as computers, tablets, or smartphones. Using passkeys significantly reduces the risk of data breaches as they provide protection against phishing attacks that cannot […]
Learn More
Microsoft has addressed an Azure Active Directory (Azure AD) authentication flaw that could allow threat actors to escalate privileges and potentially fully take over the target’s account. This misconfiguration (named nOAuth by the Descope security team who discovered it) could be abused in account and privilege escalation attacks against Azure AD OAuth applications configured to use the […]
Learn MoreMicrosoft announced the public preview launch of Win32 app isolation, a new Windows 11 security feature designed to sandbox Windows desktop applications using the Win32 API. Recently announced during Microsoft’s Build 2023 conference, Win32 app isolation uses AppContainer to boost security by mitigating the potential harm caused by compromised applications and protecting the user’s privacy. It also ensures […]
Learn MoreMultiple editions of Windows 10 21H2 have reached their end of service (EOS) in this month’s Patch Tuesday, as Microsoft reminded customers today. Since Windows 10 21H2 (also known as the Windows 10 November 2021 Update) will no longer receive security updates, customers are advised to upgrade to the latest release as soon as possible […]
Learn MoreMicrosoft has addressed a known issue causing intermittent failures when saving and copying files on Windows 11 22H2 devices (especially when working with network shares). This recurring issue only impacts Windows apps that are using the CopyFile API and are also large address aware, according to Redmond. Microsoft says Windows devices are at a higher risk of being affected […]
Learn MoreMicrosoft announced today that users would also be able to communicate with Bing Chat, the AI-powered chat-based version of its Bing search engine, via voice commands. Starting today, you can click the microphone icon in Bing Chat and ask your questions instead of writing them down. “We know many of you love using voice input […]
Learn More
Cisco has fixed a high-severity vulnerability found in Cisco Secure Client (formerly AnyConnect Secure Mobility Client) software that can let attackers escalate privileges to the SYSTEM account used by the operating system. Cisco Secure Client enables employees to work from anywhere via a secure Virtual Private Network (VPN) and provides admins with endpoint management and telemetry […]
Learn More
Outlook.com is suffering a series of outages today after being down multiple times yesterday, with hacktivists known as Anonymous Sudan claiming to perform DDoS attacks on the service. This outage follows two major outages yesterday, creating widespread disruptions for global Outlook users, preventing users worldwide from reliably accessing or sending email and using the mobile […]
Learn More
Google has removed from the Chrome Web Store 32 malicious extensions that could alter search results and push spam or unwanted ads. Collectively, they come with a download count of 75 million. The extensions featured legitimate functionality to keep users unaware of the malicious behavior that came in obfuscated code to deliver the payloads. Cybersecurity researcher […]
Learn MoreApple iTunes had a vulnerability when used on Microsoft Windows that could have allowed threat actors to hijack an affected device’s operating system. The former tech giant recently patched it — but only after leaving users vulnerable for at least six months. Apple issued the patch on May 23rd, almost six months to the day […]
Learn MoreA new Android malware distributed as an advertisement SDK has been discovered in multiple apps, many previously on Google Play and collectively downloaded over 400 million times. Security researchers at Dr. Web discovered the spyware module and tracked it as ‘SpinOk,’ warning that it can steal private data stored on users’ devices and send it […]
Learn MoreMicrosoft is doubling its efforts to court the gaming community with a new feature, “Edge for Gamers” mode, which promises to elevate the user experience inside and outside gaming sessions. In the initial descriptions provided by Microsoft, the Edge for Gamers mode will enable a variety of enhancements. It’s said to introduce a gaming-focused homepage […]
Learn More
Meta is now rolling out ‘Chat Lock,’ a new WhatsApp privacy feature allowing users to block others from accessing their most personal conversations. Chat Lock will create a new folder that can be locked with a password or biometric methods like a fingerprint. You can ensure the privacy of your conversations by choosing the lock […]
Learn MoreHackers are actively exploiting a recently fixed vulnerability in the WordPress Advanced Custom Fields plugin roughly 24 hours after a proof-of-concept (PoC) exploit was made public. The vulnerability in question is CVE-2023-30777, a high-severity reflected cross-site scripting (XSS) flaw that allows unauthenticated attackers to steal sensitive information and escalate their privileges on impacted WordPress sites. […]
Learn MoreYouTube is running an experiment asking some users to disable their ad blockers or pay for a premium subscription, or they will not be allowed to watch videos. “It looks like you may be using an ad blocker. Ads allow YouTube to stay free for billions of users worldwide,” the message adds. Upon receiving this […]
Learn MoreGoogle announced today that the lock icon, long thought to be a sign of website security and trustworthiness, will soon be changed with a new icon that doesn’t imply that a site is secure or should be trusted. While first introduced to show that a website was using HTTPS encryption to encrypt connections, the lock […]
Learn More
Apple has launched the first Rapid Security Response (RSR) patches for iOS 16.4.1 and macOS 13.3.1 devices, with some users having issues installing them on their iPhones. As the company describes in a recently published support document, RSR patches are small-sized updates that target the iPhone, iPad, and Mac platforms and patch security issues between major software […]
Learn More
Google is bringing end-to-end encryption to Google Authenticator cloud backups after researchers warned users against synchronizing 2FA codes with their Google accounts. This new feature allows users to synchronize their Google Authenticator 2FA tokens with their Google account, providing a backup if their mobile device is lost or damaged. It also allows users to access […]
Learn MoreMicrosoft says Windows 10, version 22H2 will be the last feature update to be released for the Windows 10 operating system. Windows 10 22H2 reached general availability in October 2022 and entered broad deployment on November 18, 2022. It will reach its end of servicing in May 2024 (Home, Pro, Pro Education, and Pro for […]
Learn MoreMicrosoft has released the optional KB5025297 Preview cumulative update for Windows 10 22H2, with eighteen fixes or changes. While this release is primarily a maintenance release, it does include a new Windows Firewall feature and the ability to sync your Region and language settings with your Microsoft account. The KB5025297 cumulative update preview is part […]
Learn MoreAttackers are using Eval PHP, an outdated legitimate WordPress plugin, to compromise websites by injecting stealthy backdoors. Eval PHP is an old WordPress plugin that allows site admins to embed PHP code on pages and posts of WordPress sites and then execute the code when the page is opened in the browser. The plugin has not […]
Learn MoreMicrosoft is investigating an ongoing outage blocking customers worldwide from accessing and using web apps like Excel Online and online services. The list of affected services includes Microsoft 365 suite, Exchange Online, SharePoint Online, Yammer Enterprise, Planner, Microsoft Teams, and Microsoft 365 for the web. According to reports, customers are experiencing problems when trying to sign into their […]
Learn MoreGoogle has released an emergency Chrome security update to address the first zero-day vulnerability exploited in attacks since the start of the year. “Google is aware that an exploit for CVE-2023-2033 exists in the wild,” the search giant said in a security advisory published on Friday. The new version is rolling out to users in the Stable Desktop channel, and it […]
Learn MoreApple has released emergency updates to backport security patches released on Friday, addressing two actively exploited zero-day flaws also affecting older iPhones, iPads, and Macs. “Apple is aware of a report that this issue may have been actively exploited,” the company said in security advisories published on Monday. The first (tracked as CVE-2023-28206) is an out-of-bounds write weakness in IOSurfaceAccelerator […]
Learn More
Google has announced a new Google Play Store data deletion policy that will require Android developers to provide users with an online option to delete their accounts and in-app data. According to the new policy, starting in early 2024, Google Play users will have better control over their data since every store listing will display links in […]
Learn MoreMicrosoft announced today that the recently introduced Edge Workspaces feature, which allows users to share groups of tabs with friends and family, is now available as part of a limited public preview. First revealed in an enterprise public preview at the company’s October 2022 Ignite conference for developers and IT professionals, Microsoft Edge Workspaces is designed to provide […]
Learn More
Microsoft Defender is mistakenly flagging legitimate links as malicious, and some customers have already received dozens of alert emails since the issues began over five hours ago. As the company confirmed earlier today on Twitter, its engineers are investigating this service incident as a false positive. “We’re investigating an issue where legitimate URL links are […]
Learn More
A new info-stealing malware named MacStealer is targeting Mac users, stealing their credentials stored in the iCloud KeyChain and web browsers, cryptocurrency wallets, and potentially sensitive files. MacStealer is being distributed as a malware-as-a-service (MaaS), where the developer sells premade builds for $100, allowing purchasers to spread the malware in their campaigns. According to the Uptycs threat […]
Learn MoreMicrosoft is working on a non-custodial built-in Ethereum crypto wallet for Microsoft Edge to allow users to send and receive cryptocurrency and NFTs. Public keys can be shared with others to receive payments, while private keys should be kept secret and can be used to authorize transactions when you want to spend your cryptocurrency. Microsoft […]
Learn MoreMicrosoft will soon fast-track multi-factor authentication (MFA) adoption for its Microsoft 365 cloud productivity platform by adding MFA capabilities to the Outlook email client. The company says in a new Microsoft 365 roadmap entry that users will be able to complete MFA requests for Microsoft 365 apps directly in the Outlook app via a new […]
Learn More
The seemingly innocuous Microsoft OneNote file has become a popular file format used by hackers to spread malware and breach corporate networks. Here’s how to block malicious OneNote phishing attachments from infecting Windows. To give a little background on how we got to Microsoft OneNote files becoming the tool of choice for malware-distributing phishing attacks, […]
Learn MoreThe latest version of Google Chrome for macOS (110.0.5481.100) includes new optimizations that increase battery life on MacBooks. Google’s tests on an M2-powered 13-inch MacBook Pro running macOS “Ventura” 13.2.1 allowed generic internet browsing for 17 hours and YouTube video watching for 18 hours. If Chrome’s Energy Saving mode is also activated, the browsing time on macOS […]
Learn More
Web hosting giant GoDaddy says it suffered a breach where unknown attackers have stolen source code and installed malware on its servers after breaching its cPanel shared hosting environment in a multi-year attack. While GoDaddy discovered the security breach following customer reports in early December 2022 that their sites were being used to redirect to […]
Learn More
Microsoft announced on Tuesday a new version of its Bing search engine powered by a next-generation OpenAI language model more powerful than ChatGPT and specially trained for web search. “AI will fundamentally change every software category, starting with the largest category of all – search,” Microsoft Chairman and CEO Satya Nadella said today at a […]
Learn More
A relatively new ransomware operation known as Nevada seems to grow its capabilities quickly as security researchers noticed improved functionality for the locker targeting Windows and VMware ESXi systems. Nevada ransomware started to be promoted on the RAMP darknet forums on December 10, 2022, inviting Russian and Chinese-speaking cybercriminals to join it for an 85% cut […]
Learn More
QNAP is warning customers to install QTS and QuTS firmware updates that fix a critical security vulnerability allowing remote attackers to inject malicious code on QNAP NAS devices. “A vulnerability has been reported to affect QNAP devices running QTS 5.0.1 and QuTS hero h5.0.1. If exploited, this vulnerability allows remote attackers to inject malicious code,’ warns […]
Learn MoreMicrosoft has started the forced rollout of Windows 11 22H2 to systems running Windows 11 21H2 that are approaching their end-of-support (EOS) date on October 10, 2023. Redmond is regularly initiating automatic feature updates to ensure that it can continue to service these devices near their EOS date and to provide them with the latest […]
Learn MoreApple has backported security patches addressing a remotely exploitable zero-day vulnerability to older iPhones and iPads. Apple said that the flaw discovered by Clément Lecigne of Google’s Threat Analysis Group allows maliciously crafted webpages to perform arbitrary code execution (and likely gain access to sensitive information) on vulnerable devices. Attackers can successfully exploit this flaw […]
Learn MoreA new Android malware named ‘Hook’ is being sold by cybercriminals, boasting it can remotely take over mobile devices in real-time using VNC (virtual network computing). The new malware is promoted by the creator of Ermac, an Android banking trojan selling for $5,000/month that helps threat actors steal credentials from over 467 banking and crypto apps […]
Learn More
PayPal is sending out data breach notifications to thousands of users who had their accounts accessed through credential stuffing attacks that exposed some personal data. Credential stuffing are attacks where hackers attempt to access an account by trying out username and password pairs sourced from data leaks on various websites. Credential stuffing targets users that employ the […]
Learn More
Microsoft has acknowledged a new bug affecting some Windows 11 applications triggering launch issues and causing them to display errors after a system restore. The company said that “after running a System Restore to a previous restore point on a device that is running Windows 11, version 22H2, some Windows applications that use the MSIX […]
Learn MoreWhile many people love the new interface in Windows 11, others prefer the old look and feel of Windows 10, or at least some of the features that are now missing in the newer operating system. Thankfully, numerous apps are available to get your Windows 11 experience customized how you like while removing unwanted bloatware […]
Learn More
Microsoft warned customers today that Exchange Server 2013 will reach its extended end-of-support (EOS) date 90 days from now, on April 11, 2023. Exchange Server 2013 was released in January 2013 and has already reached the mainstream end date more than four years ago, in April 2018. After the extended EOS date is reached, Microsoft will no longer provide technical […]
Learn MoreToday is Microsoft’s January 2023 Patch Tuesday, and with it comes fixes for an actively exploited zero-day vulnerability and a total of 98 flaws. This is the first Patch Tuesday of 2023, and it fixes a whopping 98 vulnerabilities, with eleven of them classified as ‘Critical.’ Microsoft gave the vulnerabilities this severity rating as they […]
Learn MoreStarting today, WhatsApp allows users to connect via proxy servers due to Internet shutdowns or if their governments block the service in their country. The new proxy support option is available to all users running the latest WhatsApp iOS and Android applications. WhatsApp said that connecting through a proxy will maintain the messages’ privacy and security as they will […]
Learn More
Taiwan-based NAS maker Synology has addressed a maximum (10/10) severity vulnerability affecting routers configured to run as VPN servers. The vulnerability, tracked as CVE-2022-43931, was discovered internally by Synology’s Product Security Incident Response Team (PSIRT) in the VPN Plus Server software and was given a maximum CVSS3 Base Score of 10 by the company. VPN Plus […]
Learn MoreA previously unknown Linux malware has been exploiting 30 vulnerabilities in multiple outdated WordPress plugins and themes to inject malicious JavaScript. According to a report by antivirus vendor Dr. Web, the malware targets both 32-bit and 64-bit Linux systems, giving its operator remote command capabilities. The main functionality of the trojan is to hack WordPress sites using a set of […]
Learn More
Netgear has fixed a high-severity vulnerability affecting multiple WiFi router models and advised customers to update their devices to the latest available firmware as soon as possible. The flaw impacts multiple Wireless AC Nighthawk, Wireless AX Nighthawk (WiFi 6), and Wireless AC router models. Although Netgear did not disclose any information about the component affected by this bug or […]
Learn More
Malware operators have been increasingly abusing the Google Ads platform to spread malware to unsuspecting users searching for popular software products. Among the products impersonated in these campaigns include Grammarly, MSI Afterburner, Slack, Dashlane, Malwarebytes, Audacity, μTorrent, OBS, Ring, AnyDesk, Libre Office, Teamviewer, Thunderbird, and Brave. The threat actors the clone official websites of the above […]
Learn MoreHackers are actively targeting a critical flaw in YITH WooCommerce Gift Cards Premium, a WordPress plugin used on over 50,000 websites. YITH WooCommerce Gift Cards Premium is a plugin that website operators to sell gift cards in their online stores. Exploiting the vulnerability, tracked as CVE-2022-45359 (CVSS v3: 9.8), allows unauthenticated attackers to upload files to vulnerable sites, […]
Learn More
LastPass, a password manager with over 25 million users, gave more details about the latest breach into the company’s systems. The firm claims users’ personal data or master passwords were not affected – yet researchers are worried. In a blog post, Karim Touba, Chief Executive of LastPass, once again confirmed that a threat actor had […]
Learn MoreAn Android banking malware named ‘Godfather’ has been targeting users in 16 countries, attempting to steal account credentials for over 400 online banking sites and cryptocurrency exchanges. The malware generates login screens overlaid on top of the banking and crypto exchange apps’ login forms when victims attempt to log in to the site, tricking the […]
Learn MoreMicrosoft has fixed a security vulnerability used by threat actors to circumvent the Windows SmartScreen security feature and deliver Magniber ransomware and Qbot malware payloads. The attackers used malicious standalone JavaScript files to exploit the CVE-2022-44698 zero-day to bypass Mark-of-the-Web security warnings displayed by Windows to alert users that files originating from the Internet should be treated […]
Learn MoreToday is Microsoft’s December 2022 Patch Tuesday, and with it comes fixes for two zero-day vulnerabilities, including an actively exploited bug, and a total of 49 flaws. Six of the 49 vulnerabilities fixed in today’s update are classified as ‘Critical’ as they allow remote code execution, one of the most severe types of vulnerabilities. The number […]
Learn MoreMicrosoft is finally adding a built-in screen recorder to Windows 11 through the Snipping Tool, enabling users to capture videos of their desktop without the need for a third-party app. The update is being pushed as part of a phased roll-out to Windows Insiders in the Dev Channel and will be available once Snipping Tool […]
Learn MoreMicrosoft is working to address a new known issue affecting apps using ODBC database connections after installing the November 2022 Patch Tuesday Windows updates. According to Redmond, affected apps might fail to connect to databases via connections using the Microsoft ODBC SQL Server driver. “After installing this update, apps that use ODBC connections through Microsoft ODBC […]
Learn MoreA new set of Android malware, phishing, and adware apps have infiltrated the Google Play store, tricking over two million people into installing them. The apps were discovered by Dr. Web antivirus and pretend to be useful utilities and system optimizers but, in reality, are the sources of performance hiccups, ads, and user experience degradation. One app illustrated by […]
Learn MoreLastPass says unknown attackers breached its cloud storage using information stolen during a previous security incident from August 2022. The company added that, once in, the threat actors also managed to access customer data stored in the compromised storage service. “We recently detected unusual activity within a third-party cloud storage service, which is currently shared by […]
Learn MoreWindows 11 may soon show a system tray indicator notifying when your computer is connected to a VPN, allowing users wishing to browse anonymously to ensure they are connected. With your online data treated as a commodity, many users have started to use VPN services to hide their identity while browsing the web, streaming movies, […]
Learn MoreGoogle has released an emergency security update for the desktop version of the Chrome web browser, addressing the eighth zero-day vulnerability exploited in attacks this year. “Google is aware that an exploit for CVE-2022-4135 exists in the wild,” reads the update notice. As users need time to apply the security update on their Chrome installations, […]
Learn MoreMicrosoft has tagged Windows 10, version 22H2 (aka the Windows 10 2022 Update) for broad deployment, thus making it available to everyone via Windows Update. The announcement comes one month after this version was officially released on October 22 and almost four months after Microsoft released a preview version for enterprise testing on July 28. “If you have an […]
Learn MoreAn information-stealing Google Chrome browser extension named ‘VenomSoftX’ is being deployed by Windows malware to steal cryptocurrency and clipboard contents as users browse the web. This Chrome extension is being installed by the ViperSoftX Windows malware, which acts as a JavaScript-based RAT (remote access trojan) and cryptocurrency hijacker. However, in a new report today by Avast, researchers […]
Learn MoreNew phishing attacks use a Windows zero-day vulnerability to drop the Qbot malware without displaying Mark of the Web security warnings. When files are downloaded from an untrusted remote location, such as the Internet or an email attachment, Windows add a special attribute to the file called the Mark of the Web. When a user […]
Learn MoreMicrosoft has released this month’s optional KB5020030 Preview cumulative update for all editions of Windows 10 20H2, 21H1, 21H2, and 22H2. Today’s update comes with ten bug fixes and enhancements, including fixes for persistent Microsoft Store update failures and an issue causing Direct3D 9 (D3D9) to crash when using Microsoft Remote Desktop. The KB5020030 cumulative […]
Learn MoreA new Chrome browser botnet named ‘Cloud9’ has been discovered in the wild using malicious extensions to steal online accounts, log keystrokes, inject ads and malicious JS code, and enlist the victim’s browser in DDoS attacks. The Cloud9 browser botnet is effectively a remote access trojan (RAT) for the Chromium web browser, including Google Chrome […]
Learn MoreToday is Microsoft’s November 2022 Patch Tuesday, and with it comes fixes for six actively exploited Windows vulnerabilities and a total of 68 flaws. Eleven of the 68 vulnerabilities fixed in today’s update are classified as ‘Critical’ as they allow privilege elevation, spoofing, or remote code execution, one of the most severe types of vulnerabilities. […]
Learn More
Dropbox disclosed a security breach after threat actors stole 130 code repositories after gaining access to one of its GitHub accounts using employee credentials stolen in a phishing attack. The company discovered the attackers breached the account on October 14 when GitHub notified it of suspicious activity that started one day before the alert was […]
Learn More
The OpenSSL Project has patched two high-severity security flaws in its open-source cryptographic library used to encrypt communication channels and HTTPS connections. The vulnerabilities (CVE-2022-3602 and CVE-2022-3786) affect OpenSSL version 3.0.0 and later and have been addressed in OpenSSL 3.0.7. CVE-2022-3602 is an arbitrary 4-byte stack buffer overflow that could trigger crashes or lead to remote code execution (RCE), while CVE-2022-3786 can be […]
Learn More
Microsoft has released out-of-band updates to address a known issue causing OneDrive and OneDrive for Business to crash after installing recent Windows 10 updates. The issue occurs when signing out or unlinking OneDrive accounts or sites and folders from Microsoft Teams and SharePoint. “After installing KB5018410 or later updates, OneDrive might unexpectedly close,” Affected users […]
Learn MoreGoogle has released an emergency security update for the Chrome desktop web browser to address a single vulnerability known to be exploited in attacks. The company doesn’t provide many details about the vulnerability for security reasons, allowing Chrome’s user base enough time to update the web browser to version 107.0.5304.87/88, which addresses the problem. “Access to bug […]
Learn MoreIn security updates released on Monday, Apple has fixed the ninth zero-day vulnerability used in attacks against iPhones since the start of the year. Apple revealed in an advisory today that it’s aware of reports saying the security flaw “may have been actively exploited.” This can result in data corruption, application crashes, or code execution […]
Learn More
A bug in Microsoft Office 365 Message Encryption (OME) could expose email content to threat actors. WithSecure, formerly known as F-Secure Business, released advisory warning organizations of a security flaw in OME and emphasized that there’s no patch currently available to fix the bug. OME utilizes the Electronic Codebook (ECB) implementation – a mode of […]
Learn MoreMicrosoft has released the long-awaited Windows 11 tabbed File Explorer, Suggested Actions, Taskbar Overflow features, and Task Manager quick-access features in a new preview cumulative update. Microsoft has released the Windows 11 KB5019509 preview cumulative update to enable new features that were not ready when 22H2 was released. Microsoft says that they will start to roll […]
Learn MoreMicrosoft announced today that IT admins can now configure any Windows system still receiving security updates to automatically block brute force attacks targeting local administrator accounts via a group policy. Microsoft added this policy as they say Windows does not currently apply Account Lockout policies to “local administrators,” allowing threat actors to repeatedly brute force passwords […]
Learn MoreMicrosoft’s October 2022 Patch Tuesday, and with it comes fixes for an actively exploited Windows vulnerability and a total of 84 flaws. Thirteen of the 84 vulnerabilities fixed in today’s update are classified as ‘Critical’ as they allow privilege elevation, spoofing, or remote code execution, one of the most severe types of vulnerabilities. The number of bugs in each […]
Learn More
Fortinet has confirmed today that a critical authentication bypass security vulnerability patched last week is being exploited in the wild. The security flaw (CVE-2022-40684) is an auth bypass on the administrative interface that enables remote threat actors to log into FortiGate firewalls, FortiProxy web proxies, and FortiSwitch Manager (FSWM) on-premise management instances. “An authentication bypass […]
Learn MoreMicrosoft has confirmed a new known issue causing customers to experience a significant performance hit when copying large files over SMB after installing the Windows 11 22H2 update. While Redmond hasn’t shared how much longer such file operations will take on affected systems, user reports say that the amount of time needed could more than double in […]
Learn MoreWhatsApp issued patches for two remote code execution (RCE) flaws. CVE-2022-36934 scored 9.8 out of 10 on the Common Vulnerability Scoring System (CVSS), and CVE-2022-27492 scored 7.8 (high severity.) The exploitation of CVE-2022-36934 could lead to an integer overflow in WhatsApp for Android, resulting in RCE in an established video call. Versions affected by the […]
Learn MoreA new Android spyware named ‘RatMilad’ was discovered targeting mobile devices in the Middle East, used to spy on victims and steal data. The RatMilad spyware was discovered by mobile security firm Zimperium who warned that the malware could be used for cyber espionage, extortion, or to eavesdrop on victim’s conversations. “Similar to other mobile spyware […]
Learn MoreSecurity researchers have discovered a malicious campaign by the ‘Witchetty’ hacking group, which uses steganography to hide a backdoor malware in a Windows logo. Using the Windows logo against you In this campaign, the hackers refreshed their toolkit to target different vulnerabilities and used steganography to hide their malicious payload from antivirus software. Steganography is […]
Learn MoreRussian telecom watchdog Roskomnadzor demanded explanations today from Apple regarding the removal of all VK apps, including the app for the country’s largest social network VKontakte, from its App Store on Monday. Two of the apps removed from the Apple Store, the VKontakte social network application and the Mail.ru mail app, are included on the […]
Learn More
Security researchers have discovered 75 applications on Google Play and another ten on Apple’s App Store engaged in ad fraud. Collectively, they add to 13 million installations. Apart from flooding mobile users with advertisements, both visible and hidden, the fraudulent apps also generated revenue by impersonating legitimate apps and impressions. Researchers from HUMAN’s Satori Threat […]
Learn MoreMicrosoft is investigating a known issue affecting Outlook for Microsoft 365 users and preventing them from creating Teams meetings using the app’s ribbon menu. The Teams Meeting add-in, as its name says, can be found in the Calendar view and it enables Outlook users to schedule a Teams meeting from Outlook. This issue occurs because the Teams Meeting add-in for Outlook becomes […]
Learn MoreWindows 11 version 22H2 is arriving soon and it won’t be a massive release, but there will be several quality improvements and bug fixes. Microsoft has already confirmed the features coming to Windows 11 with version 22H2 and users can test them by joining the Windows Insider Program. One of the new features is the […]
Learn MoreMicrosoft’s September 2022 Patch Tuesday, and with it comes fixes for an actively exploited Windows vulnerability and a total of 63 flaws. Five of the 63 vulnerabilities fixed in today’s update are classified as ‘Critical’ as they allow remote code execution, one of the most severe types of vulnerabilities. The number of bugs in each vulnerability […]
Learn More
HP issued a security advisory alerting users about a newly discovered vulnerability in HP Support Assistant, a software tool that comes pre-installed on all HP laptops and desktop computers, including the Omen sub-brand. HP Support Assistant is used to troubleshoot issues, perform hardware diagnostic tests, dive deeper into technical specifications, and even check for BIOS […]
Learn More
The Mirai malware botnet variant known as ‘MooBot’ has re-emerged in a new attack wave that started early last month, targeting vulnerable D-Link routers with a mix of old and new exploits. MooBot was discovered by analysts at Fortinet in December 2021, targeting a flaw in Hikvision cameras to spread quickly and enlist a large number […]
Learn MoreGoogle has released Chrome 105.0.5195.102 for Windows, Mac, and Linux users to address a single high-severity security flaw, the sixth Chrome zero-day exploited in attacks patched this year. This new version is rolling out in the Stable Desktop channel, with Google saying that it will reach the entire user base within a matter of days […]
Learn MoreThreat analysts at McAfee found five Google Chrome extensions that steal track users’ browsing activity. Collectively, the extensions have been downloaded more then 1.4 million times. The purpose of the malicious extensions is to monitor when users visit e-commerce website and to modify the visitor’s cookie to appear as if they came through a referrer link. For this, the authors […]
Learn MoreApple has released new security updates to backport patches released earlier this month to older iPhones and iPads addressing a remotely exploitable WebKit zero-day that allows attackers to execute arbitrary code on unpatched devices. This zero-day vulnerability is the same one Apple patched for macOS Monterey and iPhone/iPad devices on August 17, and for Safari on August 18. The flaw is tracked as CVE-2022-3289 and is an out-of-bounds […]
Learn MoreMicrosoft has released the optional KB5016691 Preview cumulative update for Windows 11 with 22 fixes or improvements. This Windows 11 cumulative update is part of Microsoft’s August 2022 monthly “C” update, allowing users to test upcoming fixes coming in the September 2022 Patch Tuesday. As preview updates do not contain security fixes, they are optional […]
Learn MorePassword management firm LastPass was hacked two weeks ago, enabling threat actors to steal the company’s source code and proprietary technical information. After sending questions about the attack, LastPass released a security advisory today confirming that it was breached through a compromised developer account that hackers used to access the company’s developer environment. While LastPass […]
Learn MoreState-sponsored Iranian hacking group Charming Kitten has been using a new tool to download email messages from targeted Gmail, Yahoo, and Microsoft Outlook accounts. The name of the utility is Hyperscraper and like many of the threat actor’s tools and operations, it is far from sophisticated. But its lack of technical complexity is balanced by […]
Learn More
A new batch of thirty-five malware Android apps that display unwanted advertisements was found on the Google Play Store, with the apps installed over 2 million times on victims’ mobile devices. The apps were found by security researchers at Bitdefender, who employed a real-time behavior-based analysis method to discover the potentially malicious applications. Following standard […]
Learn MoreApple has released emergency security updates today to fix two zero-day vulnerabilities previously exploited by attackers to hack iPhones, iPads, or Macs. Zero-day vulnerabilities are security flaws known by attackers or researchers before the software vendor has become aware or been able to patch them. In many cases, zero-days have public proof-of-concept exploits or are actively […]
Learn MoreGoogle has released a security update for the Chrome browser that addresses close to a dozen vulnerabilities, including a zero-day flaw that is being exploited in the wild. The security update is currently rolling out for Windows, Mac and Linux. Users who have automatic updates turned on should receive it in the coming days/weeks. Few details on […]
Learn MoreResearchers have discovered at least 9,000 exposed VNC (virtual network computing) endpoints that can be accessed and used without authentication, allowing threat actors easy access to internal networks. VNC (virtual network computing) is a platform-independent system meant to help users connect to systems that require monitoring and adjustments, offering control of a remote computer via […]
Learn More
Some signed third-party bootloaders for the Unified Extensible Firmware Interface (UEFI) could allow attackers to execute unauthorized code in an early stage of the boot process, before the operating system loads. Vendor-specific bootloaders used by Windows were found to be vulnerable while the status of almost a dozen others is currently unknown. Threat actors could exploit […]
Learn MoreMicrosoft’s August 2022 Patch Tuesday, and with it comes fixes for the actively exploited ‘DogWalk’ zero-day vulnerability and a total of 121 flaws. Seventeen of the 121 vulnerabilities fixed in today’s update are classified as ‘Critical’ as they allow remote code execution or elevation of privileges. The number of bugs in each vulnerability category is listed […]
Learn MoreMicrosoft is rolling out a new update to the Microsoft Edge Stable Channel over the coming days to improve the web browser’s security defaults when visiting less popular websites. Starting with version 104.0.1293.47, Edge will toggle on the “Basic” level of security when the “Enhance your security on the web” optional browsing mode is enabled […]
Learn MoreMicrosoft has confirmed that the next version of Windows 10 is “version 22H2,” which is slated to start rolling out later this year as a feature update. Microsoft has already begun testing the new Windows 10 22H2 version in the Windows Insider Release preview channel, allowing both consumers and the enterprise to test its new feature before […]
Learn MoreSmart App Control, a Windows 11 security feature that blocks threats at the process level, now comes with support for blocking several file types threat actors have recently adopted to infect targets with malware in phishing attacks. “Windows 11 with smart app control blocks iso and lnk files that have mark of the web just […]
Learn MoreMicrosoft has announced a new security product allowing security teams to spot Internet-exposed resources in their organization’s environment that attackers could use to breach their networks. The focus is on unmanaged or unknown assets added to the environment after mergers or acquisitions, created by shadow IT, missing from inventory due to incomplete cataloging, or left […]
Learn MoreMicrosoft says the Outlook email client will crash when opening and reading emails with tables such as Uber receipt emails. “When opening, replying, or forwarding some emails that include complex tables, Outlook stops responding,” the company explains in a support document. To make matters worse, emails with the same table contents will also cause the […]
Learn MoreA new batch of malicious Android apps filled with adware and malware was found on the Google Play Store that have been installed close to 10 million times on mobile devices. The apps pose as image-editing tools, virtual keyboards, system optimizers, wallpaper changers, and more. However, their underlying functionality is to push intrusive ads, subscribe users […]
Learn More
Microsoft has reminded customers once again that Windows Server, version 20H2, will be reaching its End of Service (EOS) in less than a month, on August 9. This reminder follows two other warnings since May 2022 that this Windows Server version will reach its mainstream support end date for Standard Core and Datacenter Core users. “On August 9, […]
Learn MoreRecent Windows 11 builds come with the Account Lockout Policy enabled by default which will automatically lock user accounts (including Administrator accounts) after 10 failed sign-in attempts for 10 minutes. The account brute forcing process commonly requires guessing the passwords using automated tools. This tactic is now blocked by default on the latest Windows 11 builds (Insider […]
Learn MoreToday is the deadline for Android developers to populate Google’s new Data Safety section in the Play Store. The policy update requires all Android app developers to declare how they collect and handle user data for the apps they publish on Google Play by July 20. Nonetheless, Google apparently will use the new safety feature to replace the […]
Learn MoreGoogle has sped up the rollout of the ‘Data Safety’ feature for Android apps on the Play Store. While announced in April, the feature appears to have completely replaced the ‘App Permissions’ list. The permissions list provided users with information on what app developers can do with their devices. The information was particularly useful for […]
Learn MoreA newly discovered phishing kit targeting PayPal users is trying to steal a large set of personal information from victims that includes government identification documents and photos. Over 400 million individuals and companies are using PayPal as an online payment solution. The kit is hosted on legitimate WordPress websites that have been hacked, which allows […]
Learn MoreToday is Microsoft’s July 2022 Patch Tuesday, and with it comes fixes for one actively exploited zero-day vulnerability and a total of 84 flaws. Four of the 84 vulnerabilities fixed in today’s update are classified as ‘Critical’ as they allow remote code execution. The number of bugs in each vulnerability category is listed below: 52 […]
Learn MoreMicrosoft is investigating an issue causing Outlook search not to display recent emails in desktop apps running on Windows 11 systems. The problem affects POP, IMAP, and offline Exchange accounts because Outlook’s search feature uses the local Windows Search service to index emails. Microsoft 365 and connected Exchange accounts are not impacted because they use Service […]
Learn More
The FBI, CISA, and the U.S. Treasury Department issued today a joint advisory warning of North-Korean-backed threat actors using Maui ransomware in attacks against Healthcare and Public Health (HPH) organizations. Starting in May 2021, the FBI has responded to and detected multiple Maui ransomware attacks impacting HPH Sector orgs across the U.S. “North Korean state-sponsored […]
Learn MoreApple announced that a new security feature known as Lockdown Mode will roll out with iOS 16, iPadOS 16, and macOS Ventura to protect high-risk individuals like human rights defenders, journalists, and dissidents against targeted spyware attacks. Once enabled, the Lockdown Mode will provide Apple customers with messaging, web browsing, and connectivity protections designed to […]
Learn MoreMicrosoft has released the optional KB5014666 Preview cumulative update for Windows 10 20H2, Windows 10 21H1, and Windows 10 21H2. This update includes numerous bug fixes and new, unexpected printing features. The KB5014666 cumulative update preview is part of Microsoft’s June 2022 monthly “C” update, allowing admins to test fixes in the July 2022 Patch Tuesday. […]
Learn MoreA new phishing attack is using Facebook Messenger chatbots to impersonate the company’s support team and steal credentials used to manage Facebook pages. Chatbots are programs that impersonate live support people and are commonly used to provide answers to simple questions or triage customer support cases before they are handed off to a live employee. […]
Learn More
Multiple malicious Python packages available on the PyPI repository were caught stealing sensitive information like AWS credentials and transmitting it to publicly exposed endpoints accessible by anyone. PyPI is a repository of open-source packages that software developers use to pick the building blocks of their Python-based projects or share their work with the community. While […]
Learn MoreGoogle’s Threat Analysis Group (TAG) revealed today that RCS Labs, an Italian spyware vendor, has received help from some Internet service providers (ISPs) to infect Android and iOS users in Italy and Kazakhstan with commercial surveillance tools. RCS Labs is just one of more than 30 spyware vendors whose activity is currently tracked by Google, […]
Learn More
Security researchers found that Adobe Acrobat is trying to block security software from having visibility into the PDF files it opens, creating a security risk for the users. Adobe’s product is checking if components from 30 security products are loaded into its processes and likely blocks them, essentially denying them from monitoring for malicious activity. […]
Learn MoreThis month’s Windows Server updates are causing a wide range of issues, including VPN and RDP connectivity problems on servers with Routing and Remote Access Service (RRAS) enabled. RRAS is a Windows service that offers additional TCP connectivity and routing features, including remote access or site-to-site connectivity with the help of virtual private network (VPN) […]
Learn MoreWordPress sites using Ninja Forms, a forms builder plugin with more than 1 million installations, have been force-updated en masse this week to a new build that addresses a critical security vulnerability likely exploited in the wild. The vulnerability is a code injection vulnerability affecting multiple Ninja Forms releases, starting with version 3.0 and up. […]
Learn MoreMicrosoft has announced today the general availability of Microsoft Defender for Individuals, the company’s new security solution for personal phones and computers. This new cross-device security solution is available for all Microsoft 365 customers with Personal ($6.99/month) or Family ($9.99/month) subscriptions starting today. First unveiled for Windows 11 Insiders in March, Defender for Individuals provides malware and […]
Learn More
Anker’s central smart home device hub, Eufy Homebase 2, was vulnerable to three vulnerabilities, one of which is a critical remote code execution (RCE) flaw. Homebase 2 is the video storage and networking gateway for all Anker’s Eufy smart home devices, including video doorbells, indoor security cameras, smart locks, alarm systems, and more. Homebase operates […]
Learn MoreMicrosoft’s June 2022 Patch Tuesday, and with it comes fixes for 55 vulnerabilities, including fixes for the Windows MSDT ‘Follina’ zero-day vulnerability and new Intel MMIO flaws. Of the 55 vulnerabilities fixed in today’s update, three are classified as ‘Critical’ as they allow remote code execution, with the rest classified as Important. This does not include 5 Microsoft […]
Learn More
Mozilla says that all Firefox users will now be protected by default against cross-site tracking while browsing the Internet. This is because, starting today, Mozilla is rolling out and enabling its Total Cookie Protection set of privacy improvements for all Firefox users worldwide. Total Cookie Protection forces all websites to keep their cookies in separate […]
Learn More
Researchers at the University of Hamburg in Germany have conducted a field experiment capturing hundreds of thousands of passersby’s WiFi connection probe requests to determine the type of data transmitted without the device owners realizing it. WiFi probing is a standard process, part of the bilateral communication required between a smartphone and an access point […]
Learn MoreThe UK wants to investigate Apple and Google’s market power in mobile browsers and Apple’s restrictions on cloud gaming through its App Store. “When it comes to how people use mobile phones, Apple and Google hold all the cards. As good as many of their services and products are, their strong grip on mobile ecosystems […]
Learn MoreThe Emotet botnet is now attempting to infect potential victims with a credit card stealer module designed to harvest credit card information stored in Google Chrome user profiles. After stealing the credit card info (i.e., name, expiration month and year, card numbers), the malware will send it to command-and-control (C2) servers different than the ones […]
Learn MoreGoogle has released the June 2022 security updates for Android devices running OS versions 10, 11, and 12, fixing 41 vulnerabilities, five rated critical. The security update is separated into two levels, released on June 1 and June 5. The first one contains patches for Android system and framework components and the second one includes […]
Learn MoreApple said this week that it blocked more than 343,000 iOS apps were blocked by the App Store App Review team for privacy violations last year, while another 157,000 were rejected for attempting to mislead or spamming iOS users. The company added that it also blocked over 34,500 applications from getting indexed on the App […]
Learn MoreThe malware spreads through push notifications, alerts, and malvertising on free video streaming, adult sites, and game-hack pages. TrojanSMS, which the company calls SMSFactory, siphons money from victims worldwide, including the US, France, and Spain, by sending premium SMS and making calls to premium-rate phone numbers. “These numbers appear to be part of a conversion […]
Learn More
Europol has announced the takedown of the FluBot operation, one of the largest and fastest-growing Android malware operations in existence. The malware operation’s takedown resulted from a law enforcement operation involving eleven countries following a complex technical investigation to pinpoint FluBot’s most critical infrastructure. The participants in the operation were Australia, Belgium, Finland, Hungary, Ireland, […]
Learn MoreThere’s a trick that allows attackers to hijack a victim’s WhatsApp account and gain access to personal messages and contact list. The method relies on the mobile carriers’ automated service to forward calls to a different phone number, and WhatsApp’s option to send a one-time password (OTP) verification code via voice call. The MMI code […]
Learn MoreMicrosoft has shared mitigation measures to block attacks exploiting a newly discovered Microsoft Office zero-day flaw abused in the wild to execute malicious code remotely. The bug is a Microsoft Windows Support Diagnostic Tool (MSDT) remote code execution vulnerability. The flaw impacts all Windows versions still receiving security updates (Windows 7+ and Server 2008+). As […]
Learn MoreMicrosoft security researchers have found high severity vulnerabilities in a framework used by Android apps from multiple large international mobile service providers. The vulnerable apps have millions of downloads on Google’s Play Store and come pre-installed as system applications on devices bought from affected telecommunications operators, including AT&T, TELUS, Rogers Communications, Bell Canada, and Freedom Mobile. “The apps were […]
Learn MoreMozilla has released security updates for multiple products to address zero-day vulnerabilities exploited during the Pwn2Own Vancouver 2022 hacking contest. If exploited, the two critical flaws can let attackers gain JavaScript code execution on mobile and desktop devices running vulnerable versions of Firefox, Firefox ESR, Firefox for Android, and Thunderbird. The zero-days have been fixed […]
Learn MoreSecurity researchers have revealed that hackers can hijack your online accounts before you even register them by exploiting flaws that have been already been fixed on popular websites, including Instagram, LinkedIn, Zoom, WordPress, and Dropbox. Andrew Paverd, a researcher at Microsoft Security Response Center, and Avinash Sudhodanan, an independent security researcher, analyzed 75 popular online […]
Learn MoreThreat analysts have discovered a recent malware distribution campaign using PDF attachments to smuggle malicious Word documents that infect users with malware. The choice of PDFs is unusual, as most malicious emails today arrive with DOCX or XLS attachments laced with malware-loading macro code. However, as people become more educated about opening malicious Microsoft Office […]
Learn MoreMicrosoft has released emergency out-of-band (OOB) updates to address Active Directory (AD) authentication issues after installing Windows Updates issued during the May 2022 Patch Tuesday on domain controllers. The company has been working on a fix for this known issue causing authentication failures for some Windows services since May 12. “After installing updates released May 10, 2022 on your domain controllers, you […]
Learn MorePhishing attacks are now using automated chatbots to guide visitors through the process of handing over their login credentials to threat actors. This approach automates the process for attackers and gives a sense of legitimacy to visitors of the malicious sites, as chatbots are commonly found on websites for legitimate brands. It starts with an email The […]
Learn MoreMicrosoft has reminded customers today that Windows Server, version 20H2, will be reaching the end of service (EOS) on August 9, 2022. In a support document published today, Microsoft says that Windows Server 20H2 will reach the mainstream support end date for Datacenter Core and Standard Core users. Released on October 20, 2020, this Semi-Annual Channel release […]
Learn More
Apple has released security updates to address a zero-day vulnerability that threat actors can exploit in attacks targeting Macs and Apple Watch devices. Zero-days are security flaws that the software vendor is unaware of and hasn’t yet patched. In some cases, this type of vulnerability may also have publicly available proof-of-concept exploits before a patch […]
Learn MoreWindows admins have been expressing their dismay at Microsoft’s decision to move the Quick Assist remote assistance tool to the Microsoft Store. Quick Assist allows Windows 10 and Windows 11 users to receive or give assistance to other Windows users by taking control of their computer remotely. The app makes it much easier to assist […]
Learn MoreHP has released BIOS updates today to fix two high-severity vulnerabilities affecting a wide range of PC and notebook products, which allow code to run with Kernel privileges. Kernel-level privileges are the highest rights in Windows, allowing threat actors to execute any command at the Kernel level, including manipulating drivers and accessing the BIOS. The list […]
Learn MoreMicrosoft is testing a new ‘Suggested Actions’ feature in Windows 11 Dev builds where the operating system suggests actions you can take with data you copy into the clipboard. Today, Microsoft again began offering different builds in the ‘Dev’ and ‘Beta’ channels, with the beta channel receiving Windows 11 build 22621 and the Dev channel […]
Learn MoreThe Safety Detectives cybersecurity team discovered 150 GB of exposed data in the bucket with over 50,000 user avatars. Two separate databases contained different types of information, including user avatars (profile pictures on the website) and post images. “While this is publicly available information, user avatars could be used in conjunction with EXIF data to […]
Learn More
Red Canary intelligence analysts have discovered a new Windows malware with worm capabilities that spreads using external USB drives. This malware is linked to a cluster of malicious activity dubbed Raspberry Robin and was first observed in September 2021. Red Canary’s Detection Engineering team detected the worm in multiple customers’ networks, some in the technology and manufacturing […]
Learn MoreMicrosoft says that its enterprise-grade endpoint security for small to medium-sized businesses is now generally available as a standalone solution. Known as Microsoft Defender for Business, this product is designed for SMBs with up to 300 employees who need protection against malware, phishing, and ransomware attacks on Windows, macOS, iOS, and Android devices. “Microsoft believes in security for all. We are […]
Learn More
Phishing emails increasingly target verified Twitter accounts with emails designed to steal their account credentials, as shown by numerous ongoing campaigns conducted by threat actors. Verified accounts on Twitter are designated by a blue check next to their name, which indicates account holders are notable influencers, celebrities, politicians, journalists, activists, and government and private organizations. […]
Learn MoreSynology has warned customers that some of its network-attached storage (NAS) appliances are exposed to attacks exploiting multiple critical Netatalk vulnerabilities. “Multiple vulnerabilities allow remote attackers to obtain sensitive information and possibly execute arbitrary code via a susceptible version of Synology DiskStation Manager (DSM) and Synology Router Manager (SRM),” Synology said. Netatalk is an AFP […]
Learn MoreA new ransomware gang known as Black Basta has quickly catapulted into operation this month, breaching at least twelve companies in just a few weeks. The first known Black Basta attacks occurred in the second week of April, as the operation quickly began attacking companies worldwide. While ransom demands likely vary between victims, One victim who […]
Learn MoreMicrosoft has released the optional KB5011831 Preview cumulative update for Windows 10 20H2, Windows 10 21H1, and Windows 10 21H2 that fixes 26 bugs. This update includes many bug fixes, including those for Microsoft OneDrive, Remote Desktop, News and Interest, Azure Active Directory, and delays in booting Windows 10. The KB5011831 cumulative update preview is […]
Learn MoreSecurity analysts have found that Android devices running on Qualcomm and MediaTek chipsets were vulnerable to remote code execution due to a flaw in the implementation of the Apple Lossless Audio Codec (ALAC). ALAC is an audio coding format for lossless audio compression that Apple open-sourced in 2011. Since then, the company has been releasing updates […]
Learn More
An archive containing data purportedly scraped from 500 million LinkedIn profiles has been put for sale on a popular hacker forum, with another 2 million records leaked as a proof-of-concept sample by the post author. The four leaked files contain information about the LinkedIn users whose data has been allegedly scraped by the threat actor, […]
Learn MoreApple users are being warned by cryptocurrency wallet MetaMask over some security vulnerabilities involving iCloud backups. The warning is said to be against potential phishing attacks for all iPhone, iPad, and Mac users. It involves certain default device settings which store MetaMask users’ seed phrase onto iCloud, whenever anyone enables automatic backups for app data. […]
Learn More
Lenovo has published a security advisory on vulnerabilities that impact its Unified Extensible Firmware Interface (UEFI) loaded on at least 100 of its laptop models. A total of three security issues were discovered, two of them allowing an attacker to disable the protection for the SPI flash memory chip where the UEFI firmware is stored […]
Learn MoreMicrosoft has reminded customers earlier this week that Microsoft Office 2013 is approaching its end of support next year, advising them to switch to a newer version to reduce their exposure to security risks. “After five years of Mainstream Support, and five years of Extended Support, Office 2013 will reach the End of Extended Support […]
Learn MoreGoogle has released Chrome 100.0.4896.127 for Windows, Mac, and Linux, to fix a high-severity zero-day vulnerability actively used by threat actors in attacks. While Google states that this Chrome update will roll out in the next few weeks, users can receive it immediately by going into the Chrome menu > Help > About Google Chrome. […]
Learn MoreThreat actors have spoofed WhatsApp voicemail service to target close to 28 thousand mailboxes and steal user credentials. The Armorblox research team observed a phishing attack that spoofed voice message notifications from WhatsApp on multiple customer tenants across Office 365 and Google Workspace. Malicious emails were titled “New Incoming Voice Message,” suggesting that the victim […]
Learn MoreAn update to Raspberry Pi OS Bullseye has removed the default ‘pi’ user to make it harder for attackers to find and compromise Internet-exposed Raspberry Pi devices using default credentials. Starting with this latest release, when installing the OS, you will first be prompted to create an account by choosing a username and password (before […]
Learn MoreMicrosoft’s April 2022 Patch Tuesday, and with it comes fixes for two zero-day vulnerabilities and a total of 119 flaws. Microsoft has fixed 119 vulnerabilities (not including 26 Microsoft Edge vulnerabilities) with today’s update, with ten classified as Critical as they allow remote code execution. The number of bugs in each vulnerability category is listed below: […]
Learn MoreMicrosoft has reminded customers that multiple editions of Windows 10 20H2 and Windows 10 1909 are reaching the end of service (EOS) on May 10, 2022. Windows 10 20H2 (also known as the October 2020 Update) will reach EOS for Windows 10 Home, Pro, Pro Education, and Pro for Workstations users. It’s also worth mentioning […]
Learn MoreWhen Windows was first released, the most controversial changes were the new centered Start Menu and the reduced functionality of the Windows taskbar. In the past, the Start Menu was left-aligned on the taskbar, and it was possible to move the taskbar, so it was pinned to the top, sides, and bottom of the screen. […]
Learn More
Static Web Apps are the latest weapon in the scammer arsenal Cybercriminals have started using Static Web Apps, an Azure service, in their phishing attacks against Microsoft365 users. Researchers from MalwareHunterTeam noted Static Web Apps have two features that are being abused with ease – custom branding for web apps, and web hosting for static […]
Learn More
Forget Mos Eisley; Amazon is now a hive of scum and villainy Last weekend I attempted to buy a microSD card for my Steam Deck from Amazon. Okay, that’s not the most interesting start to a story you’ve probably read, but what should have been a quick and easy search and purchase instead turned into a rather demoralizing experience […]
Learn MoreApple has released security updates to address two zero-day vulnerabilities exploited by attackers to hack iPhones, iPads, and Macs....
Learn More
Remote IT Management is the ability for Technology to be monitored and managed, making your workplace more efficient...
Learn More
Digitization has left loopholes for cybercriminals to attack all of us. Cyber attackers are working...
Learn More
Set up near natural light. Provide music to stay focused. Use headphones to block out noise and find the noise level that is right for you.
Learn More