Zeljka Zorz
Researcher releases PoC for Windows VCF file RCE vulnerability
A vulnerability that exists in the way Windows processes VCard files (.vcf) can be exploited by remote attackers to achieve execute arbitrary code on vulnerable systems, …
BEC scammers add payroll diversion to their repertoire
All the attention the most typical BEC scams have been receiving in the last few years must have affected their effectiveness and forced scammers to come up with new ways for …
Widely used building access system can be easily compromised
A researcher has discovered several egregious vulnerabilities in the PremiSys IDenticard building access management system, some of which could allow attackers to take control …
Hack a Tesla Model 3, get cash and the car
For this year’s edition of the Pwn2Own hacking contest at CanSecWest, Trend Micro’s Zero Day Initiative has announced a new target category: Automotive. So, aside from …
A new taxonomy for SCADA attacks
Attacks aimed at SCADA networks are still much rarer than those targeting IT networks, but the number is slowly rising. And, according to Radiflow CTO Yehonatan Kfir, …
Criminals wielding Ryuk ransomware specialize in targeting enterprises
A cybercriminal group dubbed Grim Spider has been using the Ryuk ransomware to exclusively target enterprises and has managed to amass over 705 Bitcoins (around $3.7 million) …
Hackers who DDoSed African telecom and US hospital get long prison sentences
Two men who launched DDoS attacks against a variety of targets have received substantial prison sentences on Friday. Attacks against Liberian telecom 30-year-old Daniel Kaye …
Juniper releases barrage of security fixes for security, networking devices
Juniper Networks has released patches for vulnerabilities affecting its networking and security devices running Junos OS, as well as a bucketload of security flaws in the …
Cisco fixes serious DoS flaws in its email security appliances
Cisco has plugged a heap of security holes in many of its products, including two vulnerabilities (one critical) that open its email security appliances to denial of service …
G Suite warns admins about domain data exfiltration attempts
Google has rolled out new options for the G Suite alert center, to help administrators battle phishing emails more efficiently and spot data export operations initiated by …
January 2019 Patch Tuesday: 49 security patches, 7 critical
Microsoft’s first Patch Tuesday of 2019 includes 49 security patches, seven of which are listed as Critical. Of all the plugged security holes, none are reported as …
Battling attacks from global criminal networks in the financial sector
Every now and then, banks and financial institutions (and their customers) are targeted by opportunistic hackers, but they are much more worried about those that are smarter, …