Zeljka Zorz
SonicWall patches critical flaw affecting its firewalls (CVE-2024-40766)
SonicWall has patched a critical vulnerability (CVE-2024-40766) in its next-gen firewalls that could allow remote attackers unauthorized access to resources and, in specific …
Another critical SolarWinds Web Help Desk bug fixed (CVE-2024-28987)
A week after SolarWinds released a fix for a critical code-injection-to-RCE vulnerability (CVE-2024-28986) in Web Help Desk (WHD), another patch for another critical flaw …
Critical GitHub Enterprise Server auth bypass flaw fixed (CVE-2024-6800)
A critical vulnerability (CVE-2024-6800) affecting all currently supported versions of GitHub Enterprise Server (GHES) may allow attackers to gain unrestricted access to the …
New Chrome zero-day actively exploited, patch quickly! (CVE-2024-7971)
A new Chrome zero-day vulnerability (CVE-2024-7971) exploited by attackers in the wild has been fixed by Google. About CVE-2024-7971 CVE-2024-7971 is a high-severity …
PostgreSQL databases under attack
Poorly protected PostgreSQL databases running on Linux machines are being compromised by cryptojacking attackers. The attack – observed by Aqua Security researchers on a …
Microchip Technology manufacturing facilities impacted by cyberattack
American semiconductor manufacturer Microchip Technology Incorporated has had some of its business operations disrupted by a cyberattack. “As a result of the incident, …
0-day in Windows driver exploited by North Korean hackers to deliver rootkit (CVE-2024-38193)
CVE-2024-38193, an actively exploited zero-day that Microsoft patched earlier this month, has been leveraged by North Korean hackers to install a rootkit on targets’ …
Vulnerabilities in Microsoft macOS apps may give attackers access to microphone, camera
Vulnerabilities in popular Microsoft apps for macOS can be abused by attackers to record video and audio clips, take pictures, access and exfiltrate data and send emails, …
Stolen, locked payment cards can be used with digital wallet apps
Fraudsters can add stolen payment cards to digital wallet apps and continue making online purchases even after victims report the card stolen and the bank replaces it, …
Mandatory MFA for Azure sign-ins is coming
Microsoft is making multi-factor authentication (MFA) – “one of the most effective security measures available” – mandatory for all Azure sign-ins. …
Tech support scammers impersonate Google via malicious search ads
Google Search ads that target users looking for Google’s own services lead them to spoofed sites and Microsoft and Apple tech support scams. The fake Google Search ads …
Hide yo environment files! Or risk getting your cloud-stored data stolen and held for ransom
Cybercriminals are breaking into organizations’ cloud storage containers, exfiltrating their sensitive data and, in several cases, have been paid off by the victim …