Zeljka Zorz
NIST releases Cybersecurity Framework 1.1
The US Commerce Department’s National Institute of Standards and Technology (NIST) has announced at RSA Conference 2018 the release of version 1.1 of its popular Framework for …
How attackers can exploit iTunes Wi-Fi sync to gain lasting control of target devices
An iOS feature called iTunes Wi-Fi sync, which allows a user to manage their iOS device without physically connecting it to their computer, could be exploited by attackers to …
Photo gallery: RSA Conference 2018 Expo
The RSA Conference 2018 is underway at the Moscone Center in San Francisco. Here are a few photos from the Expo floor. Featured companies: LogRhythm, Qualys, Sophos, RSA …
Cisco plugs critical hole in WebEx, users urged to upgrade ASAP
Cisco has fixed a critical vulnerability in its Webex videoconferencing software that could be exploited to compromise meeting attendees’ systems by simply opening a …
LocalBlox found leaking info on tens of millions of individuals
LocalBlox, a US-based data technology company that “crawls, discovers, extracts, indexes, maps and augments data in a variety of formats from the web and from exchange …
Researchers propose scheme to secure brain implants
A group of researchers from KU Leuven, Belgium, have proposed a practical security scheme that would allow secure communications between a widely used implantable …
New targeted surveillance spyware found on Google Play
A new targeted surveillance app has been found and booted from Google Play. The app, named Dardesh, posed as a chat application and acted as a downloader for a second app that …
US, UK warn Russians hackers are compromising networking devices worldwide
Russian state-sponsored hackers are targeting network infrastructure devices worldwide, the US Department of Homeland Security (DHS), Federal Bureau of Investigation (FBI), …
Moxa plugs serious vulnerabilities in industrial secure router
A slew of serious vulnerabilities in the Moxa EDR-810 series of industrial secure routers could be exploited to inject OS commands, intercept weakly encrypted or extract clear …
Your Android phone says it’s fully patched, but is it really?
How do fully-maintained (i.e., patched) Android phones end up getting exploited? Searching for an answer to that question spurred security researchers to analyze thousands of …
Security researchers sinkholed EITest infection chain
Security researchers have managed to neutralize “EITest,” one of the oldest infection chains and thus preventing as many as two million potential malicious …
Real-time detection of consumer IoT devices participating in DDoS attacks
Could we detect compromised consumer IoT devices participating in a DDoS attack in real-time and do someting about it? A group of researchers Princeton University have …