Zeljka Zorz
FireEye breach: State-sponsored attackers stole hacking tools
U.S. cybersecurity company FireEye has suffered a breach, and the attackers made off with the company’s RedTeam tools, FireEye CEO Kevin Mandia has disclosed on Tuesday. …
How Kali Linux creators plan to handle the future of penetration testing
Offensive Security might best known as the company behind Kali Linux, the popular (and free) open-source pen testing platform, but its contribution to the information security …
Vulnerable TCP/IP stacks open millions of IoT and OT devices to attack
Forescout researchers have discovered 33 vulnerabilities affecting four open source TCP/IP (communications) stacks used in millions of connected devices worldwide. …
A light December 2020 Patch Tuesday for a no-stress end of the year
On this December 2020 Patch Tuesday: Microsoft has plugged 58 CVEs Adobe has delivered security updates for Lightroom, Experience Manager, and Prelude, and has announced that …
Hackers are targeting the COVID-19 vaccine supply chain
Unknown hackers have been trying to compromise accounts and computer systems of employees in organizations involved in the COVID-19 vaccine supply chain. While it’s …
Open source vulnerabilities go undetected for over four years
For its annual State of the Octoverse report, GitHub has analyzed over 45,000 active code directories to provide insight into open source security (vulnerabilities) and …
Raising defenses against ransomware in healthcare
More than half a decade has passed since ransomware-wielding attackers started focusing on healthcare providers. Despite some initial misgivings about targeting life-saving …
Which security practices lead to best security outcomes?
A proactive technology refresh strategy and a well-integrated tech stack are, according to a recent Cisco report, two security practices that are more likely than many others …
How prevalent is DNS spoofing? Could a repeat of the Dyn/Mirai DDoS attack have the same results?
Two separate groups of academics have recently released research papers based on research into the Domain Name System (DNS). One has found that the overwhelming majority of …
Out-of-band Drupal security updates fix bugs with known exploits
Drupal has released out-of-band security updates to fix two critical code execution flaws (CVE-2020-28948, CVE-2020-28949) in Drupal core, as “there are known exploits …
cPanel 2FA bypass vulnerability can be exploited through brute force
A two-factor authentication (2FA) bypass vulnerability affecting the popular cPanel & WHM software suite may allow attackers to access secured accounts, Digital Defense …
VMware releases workarounds for another critical flaw (CVE-2020-4006)
For the second time in less than a week, VMware is warning about a critical vulnerability (CVE-2020-4006). This time, the affected solutions are VMware Workspace One Access, …
Featured news
Resources
Don't miss
- Even cybersecurity researchers are exposing secrets in their arXiv LaTeX source
- Cyber crooks got Robinhood to send phishing emails to its own users
- Attackers use MS Teams, fake mailbox repair utility to breach organizations
- The AI criminal mastermind is already hiring on gig platforms
- Indirect prompt injection is taking hold in the wild