Zeljka Zorz
Raising defenses against ransomware in healthcare
More than half a decade has passed since ransomware-wielding attackers started focusing on healthcare providers. Despite some initial misgivings about targeting life-saving …
Which security practices lead to best security outcomes?
A proactive technology refresh strategy and a well-integrated tech stack are, according to a recent Cisco report, two security practices that are more likely than many others …
How prevalent is DNS spoofing? Could a repeat of the Dyn/Mirai DDoS attack have the same results?
Two separate groups of academics have recently released research papers based on research into the Domain Name System (DNS). One has found that the overwhelming majority of …
Out-of-band Drupal security updates fix bugs with known exploits
Drupal has released out-of-band security updates to fix two critical code execution flaws (CVE-2020-28948, CVE-2020-28949) in Drupal core, as “there are known exploits …
cPanel 2FA bypass vulnerability can be exploited through brute force
A two-factor authentication (2FA) bypass vulnerability affecting the popular cPanel & WHM software suite may allow attackers to access secured accounts, Digital Defense …
VMware releases workarounds for another critical flaw (CVE-2020-4006)
For the second time in less than a week, VMware is warning about a critical vulnerability (CVE-2020-4006). This time, the affected solutions are VMware Workspace One Access, …
Drupal-based sites open to attack via double extension files (CVE-2020-13671)
Admins of sites running on Drupal are urged to plug a critical security hole (CVE-2020-13671) that may be exploited by attackers to take over vulnerable sites. They have also …
VMware patches serious vulnerabilities in ESXi hypervisor, SD-WAN Orchestrator
VMware has patched critical vulnerabilities affecting its ESXi enterprise-class hypervisor and has released a security update for its SD-WAN Orchestrator, plugging a handful …
Cisco Webex vulnerabilities may enable attackers to covertly join meetings
Cisco has fixed three bugs in its Cisco Webex video conferencing offering that may allow attackers to: Join Webex meetings without appearing in the participant list …
Google forces devs to reveal Chrome extensions’ data use, privacy practices
Starting January 2021, developers of Chrome extensions will have to certify their data use and privacy practices and provide information about the data collected by the …
Kali Linux 2020.4 released: New default shell, fresh tools, and more!
Offensive Security has released Kali Linux 2020.4, the latest version of its popular open source penetration testing platform. You can download it or upgrade to it. Kali Linux …
Critical vulnerabilities in Cisco Security Manager fixed, researcher discloses PoCs
Cisco has patched two vulnerabilities in its Cisco Security Manager solution, both of which could allow unauthenticated, remote attackers to gain access to sensitive …
Featured news
Resources
Don't miss
- OPNsense 26.1 brings updates to open-source firewall management
- WinRAR vulnerability still a go-to tool for hackers, Mandiant warns
- CERT UEFI Parser: Open-source tool exposes UEFI architecture to uncover vulnerabilities
- Why prevention-first secrets security will define enterprise scale: Learnings from a leading telecom
- Fortinet starts patching exploited FortiCloud SSO zero-day (CVE-2026-24858)