Zeljka Zorz
Firefox to block redirect tracking
Mozilla has announced a new Firefox protection feature to stymie a new user tracking technique lately employed by online advertisers: redirect tracking. How does redirect …
PE Tree: Free open source tool for reverse-engineering PE files
PE Tree, a malware reverse-engineering, open source tool developed by the BlackBerry Research and Intelligence team, has been made available for free to the cybersecurity …
Meetup vulnerabilities enabled group takeovers, payment redirections
Two high-risk vulnerabilities in Meetup, a popular online service that’s used to create groups that host local in-person events, allowed attackers to easily take over …
Twitter employees were spear-phished over the phone
Twitter has finally shared more details about how the perpetrators of the recent hijacking of high-profile accounts to push a Bitcoin scam managed to pull it off. The way in …
Cisco fixes critical flaws in data center and SD-WAN solutions
Cisco has released another batch of critical security updates for flaws in Cisco Data Center Network Manager (DCMN) and the Cisco SD-WAN Solution software. Cisco Data Center …
Bug in widely used bootloader opens Windows, Linux devices to persistent compromise
A vulnerability (CVE-2020-10713) in the widely used GRUB2 bootloader opens most Linux and Windows systems in use today to persistent compromise, Eclypsium researchers have …
Researchers find critical RCE vulnerabilities in industrial VPN solutions
Critical vulnerabilities in several industrial VPN implementations for remotely accessing operational technology (OT) networks could allow attackers to overwrite data, execute …
62,000 QNAP NAS devices infected with persistent QSnatch malware
There are approximately 62,000 malware-infested QNAP NAS (Network Attached Storage) devices located across the globe spilling all the secrets they contain to unknown cyber …
Attackers are exploiting Cisco ASA/FTD flaw in search for sensitive data
An unauthenticated file read vulnerability (CVE-2020-3452) affecting Cisco Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software is being exploited by …
Attackers exploit Twilio’s misconfigured cloud storage, inject malicious code into SDK
Twilio has confirmed that, for 8 or so hours on July 19, a malicious version of their TaskRouter JS SDK was being served from one of their AWS S3 buckets. “Due to a …
Microsoft releases new encryption, data security enterprise tools
Microsoft has released (in public preview) several new enterprise security offerings to help companies meet the challenges of remote work. Double Key Encryption for Microsoft …
Adobe out-of-band security updates for Photoshop, Prelude, Bridge
A week after July 2020 Patch Tuesday, Adobe has released out-of-band security updates to fix thirteen vulnerabilities – twelve of which critical – in Adobe …