Zeljka Zorz
April 2019 Patch Tuesday: Microsoft fixes two actively exploited bugs
Microsoft has plugged 74 CVE-numbered security holes on this April 2019 Patch Tuesday, including two vulnerabilities actively exploited by attackers. All of the bugs are rated …
Hacking healthcare: A call for infosec researchers to probe biomedical devices
It is a brave new connected world out there and there is no shortage of cybersecurity risks associated with everything we do. We can’t even be sure that the technologies …
Windows 10: New update controls for end users, automatic removal of broken updates
It seems that last year’s Windows 10 updating troubles have spurred Microsoft to make some changes to the operating system’s update experience and the …
PoC exploit for Carpe Diem Apache bug released
Charles Fol, the security engineer that unearthed the Carpe Diem Apache HTTP Server bug (CVE-2019-0211), has released an exploit for it. “This is between a POC and a …
Is your organization getting physical security right?
For most organizations (and especially for tech companies), the physical security of data centers and headquarters is of the utmost importance. As Tim Roberts, a senior …
FileTSAR: Free digital forensic investigations toolkit for law enforcement
Purdue University cybersecurity experts have created FileTSAR, an all-in-one digital forensic investigations toolkit for law enforcement. About FileTSAR FileTSAR, which stands …
Magento sites under attack through easily exploitable SQLi flaw
A recently patched SQL injection flaw affecting the popular open-source e-commerce platform Magento is being actively exploited by attackers, so if you haven’t …
Consumer routers targeted by DNS hijacking attackers
Owners of a slew of D-Link, ARGtek, DSLink, Secutech, TOTOLINK and Cisco consumer routers are urged to update their device’s firmware, lest they fall prey to ongoing DNS …
Microsoft rolls out new security capabilities for Azure customers
Microsoft has announced new security features for customers of its Azure cloud computing service. They are a mix of features for storage and compute services: Advanced Threat …
Patched Apache flaw is a serious threat for web hosting providers
Organizations running Apache web servers are urged to implement the latest security update to fix a serious privilege escalation flaw (CVE-2019-0211) that can be triggered via …
Georgia Tech data breach: 1.3M students and staff potentially affected
The Georgia Institute of Technology, commonly referred to as Georgia Tech, has suffered yet another data breach. This time, the number of affected individuals may have reached …
To DevSecOps or not to DevSecOps?
Would your organization benefit from introducing DevSecOps? Dan Cornell, CTO of application security company Denim Group, believes that most organizations would. With one …