Zeljka Zorz
September 2019 Patch Tuesday: Microsoft plugs two actively exploited zero-days
For the September 2019 Patch Tuesday, Microsoft delivered fixes for 80 CVE-numbered security issues (including to actively exploited zero-days), Adobe fixed flaws in Flash …
Office 365 security: Automated incident response based on playbooks
Five months after introducing Automated Incident Response in Office 365 ATP, Microsoft has announced it’s making it more widely available. Customers who have opted for …
Is your smartphone secretly listening to you?
The question of whether our smartphones are always listening to us is cropping up on online forums and Twitter almost daily, and most users have had the experience of talking …
Critical Exim flaw opens servers to remote code execution, patch now!
The Exim mail transfer agent (MTA) is impacted by a critical vulnerability that may allow local or unauthenticated remote attackers to execute programs with root privileges on …
Cybersecurity issues can’t be solved by simply buying a product
Year after year, data breach losses continue to rise and the cybercrime economy continues to thrive. What is the cybersecurity industry doing wrong? Vendors must genuinely …
Google’s differential privacy library can now be used by anyone
Google has open-sourced a differential privacy library that helps power some of its core products. What it differential privacy? Differential privacy is a method for analyzing …
Firefox now blocks third-party tracking cookies, cryptomining scripts by default
It took a lot of testing and tweaking, but Mozilla’s Firefox browser is finally being delivered with Enhanced Tracking Protection and a web-based cryptomining blocking …
BMC vulnerabilities in Supermicro servers allow remote takeover, data exfiltration attacks
A slew of vulnerabilities affecting the baseboard management controllers (BMCs) of Supermicro servers could be exploited by remote attackers to gain access to corporate …
Attackers are exploiting vulnerable WP plugins to backdoor sites
A group of attackers that has been injecting WordPress-based sites with a script redirecting visitors to malicious and fraudulent pages has now also started backdooring the …
How to reduce the attack surface associated with medical devices
As the number of connected medical devices continues to rise, so does healthcare organizations’ attack surface. “Most medical devices available in the healthcare system today …
Google discovers websites exploiting iPhones, pushing spying implants en masse
Unidentified attackers have been compromising websites for nearly three years, equipping them with exploits that would hack visiting iPhones without any user interaction and …
Google will pay for data abuse reports related to popular Android apps, Chrome extensions
Google is expanding the Google Play Security Reward Program (GPSRP) to include all apps in Google Play with 100 million or more installs, and is launching a new Developer Data …