Zeljka Zorz
PoC exploit for critical Apache Struts flaw found online
The Apache Software Foundation revealed last week the existence of a critical Apache Struts flaw (CVE-2018-11776) similar to the one exploited in the Equifax breach and urged …
Google removes 39 YouTube channels linked to Iranian influence operations
Google has identified and removed 39 YouTube channels, six blogs on Blogger and thirteen Google+ accounts linked to IRIB, the Islamic Republic of Iran Broadcasting, which were …
Hacking smart plugs to enter business networks
McAfee researchers have discovered a buffer overflow flaw in Belkin’s Wemo Insight Smart Plug that can be exploited by attackers to access and interfere with other …
Critical Apache Struts flaw opens enterprises to compromise, patch ASAP!
A critical remote code execution vulnerability (CVE-2018-11776) in Apache Struts, the popular open source framework for developing Java-based web apps, could allow remote …
The single sign-on account hijacking threat and what can we do about it?
Single sign-on (SSO) lets users avoid creating and managing accounts across different services, but what happens when that main, identity-providing account gets compromised? …
IoT security: The work on raising the bar continues
One of the main goals of Chief Information Security Officers should be to help the organization succeed, and they are unlikely to do that by denying their organization the …
How often are users’ DNS queries intercepted?
A group of Chinese researchers wanted to find out just how widespread DNS interception is and has presented the result of their large-scale study to the audience at the Usenix …
Retail and finance top the list of vulnerable industries, increasingly targeted with credential threat campaigns
The finance, professional, and information sectors had the highest volume and most variety of malicious activity in Q2 2018, says Rapid7, and the manufacturing sector is …
Researchers reveal new online user tracking techniques
Researchers have identified a number of online user tracking techniques that can’t be blocked by browsers’ built-in anti-tracking defenses and existing …
Smart homes can be easily hacked via unsecured MQTT servers
The Internet of Things is full of security holes, and the latest one has been pointed out by Avast researcher Martin Hron: unsecured MQTT servers. What is MQTT? The Message …
Who’s trying to eavesdrop on your customers’ encrypted mobile traffic?
The number one source of TLS/SSL Man in the Middle (MitM) attacks on encrypted mobile traffic are not corporate firewalls or captive portals used by hotels, airports and other …
Telecom services: Patient zero for email-based attacks?
Organizations offering telecommunication services are seeing more advanced malware threats than organizations in other industries, Lastline researchers have found. They have …