Zeljka Zorz
Attackers are targeting vulnerable Fortigate and Pulse Secure SSL VPNs
Attackers are taking advantage of recently released vulnerability details and PoC exploit code to extract private keys and user passwords from vulnerable Pulse Connect Secure …
Should you block newly registered domains? Researchers say yes
7 out of 10 newly registered domains (NRDs) are either malicious, suspicious or not safe for work, say Palo Alto Networks researchers, and advise organizations to block access …
Cisco warns about public exploit code for critical flaws in its 220 Series smart switches
Cisco has fixed over 30 vulnerabilities in various solutions, including Cisco UCS Director, Cisco UCS Director Express for Big Data, Cisco IMC Supervisor, and the Cisco 220 …
Identifying vulnerable IoT devices by the companion app they use
For better or worse, connected “smart” devices are springing up like mushrooms. There is no doubt that they can be very helpful but, unfortunately, most have a …
Backdoored Ruby gems stole credentials, injected cryptomining code
The compromise of several older versions of a popular Ruby software package (aka a Ruby “gem”) has led to the discovery of a more widespread effort to inject …
New tool enables users to disconnect their off-Facebook activity from their account
Facebook has announced the (partial) roll-out of a long-awaited “Clear History” privacy tool for users, only it ended up being dubbed “Off-Facebook …
VLC users urged to implement latest security update
VLC, the popular cross-platform media player, has reached version 3.0.8, which fixes over a dozen security vulnerabilities, some of which could be exploited by attackers to …
Automating CCPA compliance: Organize your data and manage requests
Time is running out for California-based businesses to prepare for the California Consumer Privacy Act (CCPA), which goes into effect on January 1, 2020. Despite the Act being …
European Central Bank shuts down website following hack, data theft
The European Central Bank (ECB) confirmed on Thursday that its Banks’ Integrated Reporting Dictionary (BIRD) website has been compromised by attackers and taken down until the …
Critical Bluetooth flaw opens millions of devices to eavesdropping attacks
A newly disclosed vulnerability (CVE-2019-9506) in the Bluetooth Core Specification can be exploited by attackers to intercept and manipulate Bluetooth communications/traffic …
Researchers reveal the latest lateral phishing tactics
Emails coming from legitimate, compromised accounts are difficult to spot, both for existing email protection systems and the recipients themselves. Lateral phishing tactics …
Huge database found leaking biometric, personal info of millions
While working on a web-mapping project, vpnMentor researchers Noam Rotem and Ran Locar discovered a publicly accessible database containing fingerprint records of over 1 …