Critical Vulnerability Discovered in WhatsApp: An Emerging Threat A recently patched security vulnerability within WhatsApp poses notable risks for Android users. This issue, identified as CVE-2019-11932, is a double-free memory corruption bug that exists not in WhatsApp’s code but within an open-source GIF parsing library used by the app. If…
In response to prior security incidents and data misuse involving its platform, Facebook has taken significant steps to enhance the security of third-party applications and websites through an expanded bug bounty program. This initiative aims to address vulnerabilities in external apps that interface with Facebook, reinforcing the company’s commitment to…
The most significant challenge in cybersecurity isn’t the technology itself; rather, it’s the human factor involved. Most high-profile breaches you may have heard about share a common origin: one employee, an enticing email, and an initial infection—often referred to as “Patient Zero.” In 2026, cybercriminals have taken to employing AI…
The American educational technology company Instructure, known for its Canvas platform, has reported a breach involving a decentralized cybercriminal group. This group threatened to leak sensitive data stolen from thousands of educational institutions following a successful infiltration of Instructure’s network. In an update released on Monday, the Utah-based firm announced…
Recent cybersecurity concerns have arisen around WhatsApp, a widely-used messaging application, as it faces yet another critical vulnerability. Reports indicate that WhatsApp quietly addressed a significant flaw that could allow attackers to remotely compromise devices and access sensitive messages and files. This vulnerability, known as CVE-2019-11931, is categorized as a…
New Vulnerabilities Discovered in GoAhead Web Server Software Cybersecurity experts from Cisco Talos have identified two significant vulnerabilities within the GoAhead web server software, a lightweight application commonly integrated into hundreds of millions of Internet-connected smart devices. This discovery raises serious concerns for organizations relying on these technologies. The first…
The Rowhammer vulnerability has resurfaced as a significant concern for modern dynamic random access memory (DRAM) chips, enabling attackers to escalate privileges within targeted systems by exploiting memory access patterns that result in unintended bit flips. This critical issue arises from continuous access to specific memory rows, raising the potential…
The Office of the Comptroller of the Currency (OCC) recently imposed an $80 million fine on Capital One Financial Corp due to a data breach that jeopardized the personal information of over 100 million credit card applicants across the United States. This regulatory action stems from an extensive investigation into…
Serious Vulnerabilities Discovered in Treck TCP/IP Stack Impacting Millions of IoT Devices
The US Cybersecurity Infrastructure and Security Agency (CISA) has issued a warning regarding significant vulnerabilities in a low-level TCP/IP software library created by Treck. If exploited, these vulnerabilities could enable remote attackers to execute arbitrary commands and conduct denial-of-service (DoS) attacks. The identified flaws affect Treck TCP/IP stack version 6.0.1.67 and earlier, and were reported to Treck by Intel. Among these, two are classified as critical. Treck’s embedded TCP/IP stack is widely utilized across various sectors, including manufacturing, information technology, healthcare, and transportation.
The most critical vulnerability is a heap-based buffer overflow (CVE-2020-25066) found in the Treck HTTP Server component, which may allow an attacker to crash or reset the target device and potentially execute remote code, receiving a CVSS score of 9.8 out of 10. The second flaw, an out-of-bounds write within the IPv6 component (CVE-2020-27337), also poses a significant threat with a CVSS score of 9.1.
New Vulnerabilities in Treck TCP/IP Stack Threaten Millions of IoT Devices On December 23, 2020, the Cybersecurity Infrastructure and Security Agency (CISA) issued a warning regarding multiple critical vulnerabilities found in Treck’s TCP/IP software library. These vulnerabilities pose significant risks to various Internet of Things (IoT) devices globally, potentially allowing…
Serious Vulnerabilities Discovered in Treck TCP/IP Stack Impacting Millions of IoT Devices
The US Cybersecurity Infrastructure and Security Agency (CISA) has issued a warning regarding significant vulnerabilities in a low-level TCP/IP software library created by Treck. If exploited, these vulnerabilities could enable remote attackers to execute arbitrary commands and conduct denial-of-service (DoS) attacks. The identified flaws affect Treck TCP/IP stack version 6.0.1.67 and earlier, and were reported to Treck by Intel. Among these, two are classified as critical. Treck’s embedded TCP/IP stack is widely utilized across various sectors, including manufacturing, information technology, healthcare, and transportation.
The most critical vulnerability is a heap-based buffer overflow (CVE-2020-25066) found in the Treck HTTP Server component, which may allow an attacker to crash or reset the target device and potentially execute remote code, receiving a CVSS score of 9.8 out of 10. The second flaw, an out-of-bounds write within the IPv6 component (CVE-2020-27337), also poses a significant threat with a CVSS score of 9.1.
