Zeljka Zorz
Ad-injecting malware hijacks Chrome, Edge, Firefox
When searching for things online, has a greater number of ads than usual been popping up at the top of your search results? If it has, and you’re using Microsoft Edge, …
Phishers bypass Microsoft 365 security controls by spoofing Microsoft.com
A domain spoofing email phishing campaign that very convincingly impersonates Microsoft and successfully tricks legacy secure email gateways has recently been spotted by …
FireEye breach: State-sponsored attackers stole hacking tools
U.S. cybersecurity company FireEye has suffered a breach, and the attackers made off with the company’s RedTeam tools, FireEye CEO Kevin Mandia has disclosed on Tuesday. …
How Kali Linux creators plan to handle the future of penetration testing
Offensive Security might best known as the company behind Kali Linux, the popular (and free) open-source pen testing platform, but its contribution to the information security …
Vulnerable TCP/IP stacks open millions of IoT and OT devices to attack
Forescout researchers have discovered 33 vulnerabilities affecting four open source TCP/IP (communications) stacks used in millions of connected devices worldwide. …
A light December 2020 Patch Tuesday for a no-stress end of the year
On this December 2020 Patch Tuesday: Microsoft has plugged 58 CVEs Adobe has delivered security updates for Lightroom, Experience Manager, and Prelude, and has announced that …
Hackers are targeting the COVID-19 vaccine supply chain
Unknown hackers have been trying to compromise accounts and computer systems of employees in organizations involved in the COVID-19 vaccine supply chain. While it’s …
Open source vulnerabilities go undetected for over four years
For its annual State of the Octoverse report, GitHub has analyzed over 45,000 active code directories to provide insight into open source security (vulnerabilities) and …
Raising defenses against ransomware in healthcare
More than half a decade has passed since ransomware-wielding attackers started focusing on healthcare providers. Despite some initial misgivings about targeting life-saving …
Which security practices lead to best security outcomes?
A proactive technology refresh strategy and a well-integrated tech stack are, according to a recent Cisco report, two security practices that are more likely than many others …
How prevalent is DNS spoofing? Could a repeat of the Dyn/Mirai DDoS attack have the same results?
Two separate groups of academics have recently released research papers based on research into the Domain Name System (DNS). One has found that the overwhelming majority of …
Out-of-band Drupal security updates fix bugs with known exploits
Drupal has released out-of-band security updates to fix two critical code execution flaws (CVE-2020-28948, CVE-2020-28949) in Drupal core, as “there are known exploits …
Featured news
Resources
Don't miss
- Smart glasses are back, privacy issues included
- Cybersecurity planning keeps moving toward whole-of-society models
- Major vulnerabilities found in Google Looker, putting self-hosted deployments at risk
- Global Threat Map: Open-source real-time situational awareness platform
- How Secure by Design helps developers build secure software