Zeljka Zorz
Magecart attackers hit Claire’s, Intersport web shops
Magecart attackers have compromised web shops belonging to large retail chains Claire’s and Intersport and equipped them with payment card skimmers. Claire’s The …
June 2020 Patch Tuesday: Microsoft fixes record monthly number of CVEs
On this June 2020 Patch Tuesday, Microsoft has plugged 11 critical and 118 high-severity security holes, while Adobe has delivered security updates for Flash, Framemaker and …
UPnP vulnerability lets attackers steal data, scan internal networks
A vulnerability (CVE-2020-12695) in Universal Plug and Play (UPnP), which is implemented in billions of networked and IoT devices – personal computers, printers, mobile …
The importance of effective vulnerability remediation prioritization
Too many organizations have yet to find a good formula for prioritizing which vulnerabilities should be remediated immediately and which can wait. According to the results of …
PoC RCE exploit for SMBGhost Windows flaw released
A security researcher has published a PoC RCE exploit for SMBGhost (CVE-2020-0796), a wormable flaw that affects SMBv3 on Windows 10 and some Windows Server versions. The PoC …
Attackers tried to grab WordPress configuration files from over a million sites
A threat actor that attempted to insert a backdoor into nearly a million WordPress-based sites in early May (and continued to try throughout the month), tried to grab …
Cisco plugs bucketful of security holes in industrial routers, switches
Cisco has fixed more than two dozen critical and high-severity security vulnerabilities affecting operating systems running on the company’s carrier-grade and industrial …
Zoom to offer end-to-end encryption only to paying customers
As Zoom continues on its path to bring end-to-end encryption (E2EE) to users, the big news is that only paid users will have access to the option. “Free users for sure we …
Office 365 users: Beware of fake company emails delivering a new VPN configuration
Phishers are impersonating companies’ IT support team and sending fake VPN configuration change notifications in the hopes that remote employees may be tricked into …
Things to keep in mind when downloading apps from G Suite Marketplace
Security researchers have tested nearly 1,000 enterprise apps offered on Google’s G Suite Marketplace and discovered that many ask for permission to access to user data …
The “return” of fraudulent wire transfers
Ransomware gangs targeting businesses are currently getting more public attention, but scammers trying to trick employees into performing fraudulent wire transfers are once …
VMware Cloud Director vulnerability enables a full cloud infrastructure takeover
A code injection vulnerability (CVE-2020-3956) affecting VMware vCloud Director could be exploited to take over the infrastructure of cloud services, Citadelo researchers have …