Zeljka Zorz
Active Directory compromise: Cybersecurity agencies provide guidance
Active Directory (AD), Microsoft’s on-premises directory service for Windows domain networks, is so widely used for enterprise identity and access management that …
The number of Android memory safety vulnerabilities has tumbled, and here’s why
Google’s decision to write new code into Android’s codebase in Rust, a memory-safe programming language, has resulted in a significant drop in memory safety …
PoC for critical SolarWinds Web Help Desk vulnerability released (CVE-2024-28987)
Details about and proof-of-concept (PoC) exploit code for CVE-2024-28987, a recently patched SolarWinds Web Help Desk (WHD) vulnerability that could be exploited by …
Ivanti vTM auth bypass flaw exploited in attacks, CISA warns (CVE-2024-7593)
CVE-2024-7593, a critical authentication bypass vulnerability affecting Ivanti Virtual Traffic Manager (vTM) appliances, is actively exploited by attackers. The confirmation …
Transportation, logistics companies targeted with lures impersonating fleet management software
Financially motivated threat actors are targeting North American companies in the transportation and logistics sector with tailored lures, info-stealing malware, and a clever …
US-based Kaspersky users startled by unexpected UltraAV installation
A poorly executed “handover” of US-based Kaspersky customers has led some users to panic when software named UltraAV popped up on their computers without any …
Telegram will share IP addresses, phone numbers of criminal suspects with cops
Telegram will start handing over the IP addresses and phone numbers of users who violate their Terms of Service “to relevant authorities in response to valid legal …
Windows Server 2025 gets hotpatching option, without reboots
Organizations that plan to upgrade to Windows Server 2025 once it becomes generally available will be able to implement some security updates by hotpatching running processes. …
Organizations are changing cybersecurity providers in wake of Crowdstrike outage
More often than not, a cyber attack or a cyber incident that results in business disruption will spur organizations to make changes to improve their cybersecurity and cyber …
Windows users targeted with fake human verification pages delivering malware
For a while now, security researchers have been warning about fake human verification pages tricking Windows users into inadvertently installing malware. A recently exposed …
Patch this critical Safeguard for Privileged Passwords auth bypass flaw (CVE-2024-45488)
Researchers have released technical details about CVE-2024-45488, a critical authentication bypass vulnerability affecting One Identity’s Safeguard for Privileged …
FBI forced Flax Typhoon to abandon its botnet
A botnet operated by the Chinese state-sponsored threat actor known as Flax Typhoon has been disrupted by the law enforcement agency and abandoned by the group, FBI Director …