Zeljka Zorz
Remotely exploitable flaw in Schneider Electric PLCs is a danger to OT networks
A vulnerability in the Schneider Electric Modicon M221, a programmable logic controller (PLC) deployed in commercial industrial facilities worldwide, can be exploited to …
Card skimming malware found on thousands of Magento-based sites
A card skimming operation has compromised 7,339 Magento-based online stores, allowing the attackers to quietly slurp payment card info as it’s being entered by …
Chrome 69 is out, includes many functional and security changes
Ten years ago Google released the first iteration of its Chrome browser. On Tuesday, the company pushed out version 69. It comes with a number of design and functional …
There are no real shortcuts to most security problems
For Xerox Chief Information Security Officer Dr. Alissa Johnson, human ingenuity, partnerships and automation are the answer to most security problems the company has …
Access misconfiguration opens 3D printers to remote attacks
Spurred by a report coming from a regular reader, SANS ISC handlers Richard Porter and Xavier Mertens searched for OctoPrint interfaces for 3D printers exposed online and …
Phillips plugs security flaws in e-Alert tool
Dutch tech company Phillips has fixed several serious security flaws in Philips e-Alert, a tool that helps magnetic resonance imaging (MRI) systems work as intended. About …
0patch releases micropatch for Windows Task Scheduler zero-day
Earlier this week a security researcher that goes by “SandboxEscaper” published details and a PoC exploit for a zero-day local privilege escalation vulnerability …
How lucrative is web-based cryptojacking?
1 out of 500 of the one million most visited websites according to Alexa contains a web-based cryptominer that starts mining as soon as the website has been opened in the …
Wireshark can be crashed via malicious packet trace files
The Wireshark team has plugged three serious vulnerabilities that could allow an unauthenticated, remote attacker to crash vulnerable installations. According to Cisco …
EU telecoms suffered 169 major security incidents in 2017
ENISA, EU’s agency for network and information security, has released a report on major telecom security incidents that occurred in the EU in 2017. About the report …
Yahoo woos advertisers with email scanning for targeted ad delivery
While most tech companies that offer free email services are moving away from email scanning as a source of information for advertisers to target users more efficiently, Oath …
Air Canada confirms mobile app data breach, passport numbers were accessed
Air Canada has suffered a data breach and is forcing a password reset on all 1.7 million users of its mobile app, though apparently only 20,000 of the mobile app accounts were …
Featured news
Resources
Don't miss
- Five identity-driven shifts reshaping enterprise security in 2026
- What if your face could say “don’t record me”? Researchers think it’s possible
- Conjur: Open-source secrets management and application identity
- Counterfeit defenses built on paper have blind spots
- Budding infosec pros and aspiring cyber crooks targeted with fake PoC exploits