Zeljka Zorz
Windows Recall will be opt-in and the data more secure, Microsoft says
The insistent public complaints and proof-of-concept tools have have borne fruit: Microsoft has realized that the security of its recently previewed Windows Recall feature …
SolarWinds fixes severe Serv-U vulnerability (CVE-2024-28995)
SolarWinds has fixed a high-severity vulnerability (CVE-2024-28995) affecting its Serv-U managed file transfer (MFT) server solution, which could be exploited by …
Zyxel patches critical flaws in EOL NAS devices
Zyxel has released patches for three critical vulnerabilities (CVE-2024-29972, CVE-2024-29973, and CVE-2024-29974) affecting two network-attached storage (NAS) devices that …
Vulnerability in Cisco Webex cloud service exposed government authorities, companies
The vulnerability that allowed a German journalist to discover links to video conference meetings held by Bundeswehr (the German armed forces) and the Social Democratic Party …
TotalRecall shows how easily data collected by Windows Recall can be stolen
Ethical hacker Alexander Hagenah has created TotalRecall, a tool that demonstrates how malicious individuals could abuse Windows’ newly announced Recall feature to steal …
PoC for Progress Telerik RCE chain released (CVE-2024-4358, CVE-2024-1800)
Security researchers have published a proof-of-concept (PoC) exploit that chains together two vulnerabilities (CVE-2024-4358, CVE-2024-1800) to achieve unauthenticated remote …
361 million account credentials leaked on Telegram: Are yours among them?
A new trove of 361 million email addresses has been added to Have I Been Pwned? (HIBP), the free online service through which users can check whether their account credentials …
High-risk Atlassian Confluence RCE fixed, PoC available (CVE-2024-21683)
If you’re self-hosting an Atlassian Confluence Server or Data Center installation, you should upgrade to the latest available version to fix a high-severity RCE flaw …
Snowflake denies breach, blames data theft on poorly secured customer accounts
Snowflake is disputing claims made by a threat actor who stole data belonging to Santander and Ticketmaster, and maintains that the theft of customer data was the result of …
Snowflake compromised? Attackers exploit stolen credentials
New story – Saturday, June 1, 2024 at 4:48 PM Snowflake denies breach, Santander and Ticketmaster confirm data theft, Hudson Rock deletes report Have attackers …
25,000 individuals affected in BBC Pension Scheme data breach
Personal information of current and former BBC employees has been exposed in a data breach that affected the broadcaster’s in-house pension scheme. More than 25,000 …
Check Point VPN zero-day exploited since beginning of April (CVE-2024-24919)
Attackers have been exploiting CVE-2024-24919, a zero-day vulnerability in Check Point Security Gateways, to pinpoint and extract password hashes for local accounts, which …