Zeljka Zorz
Veeam fixes RCE flaw in backup management platform (CVE-2024-29212)
Veeam has patched a critical vulnerability (CVE-2024-29212) in Veeam Service Provider Console (VSPC) and is urging customers to implement the patch. About CVE-2024-29212 Veeam …
LockBit leader unmasked: US charges Russian national
Russian national Dmitry Khoroshev is “LockBitSupp”, the creator, developer and administator of the infamous LockBit ransomware group, according to UK, US and …
Ransomware operations are becoming less profitable
As the number of real (and fake) victims of ransomware gangs continues to rise, the number of ransomware payments is falling, along with the average ransom payment. The …
BlackBasta claims Synlab attack, leaks some stolen documents
The BlackBasta ransomware / cyber extortion gang is behind the recent cyber attack that resulted in the temporary shutdown of operations at Synlab Italia. The group claimed …
Bug hunters can get up to $450,000 for an RCE in Google’s Android apps
Google has drastically increased the rewards bug hunters can get for reporting vulnerabilities in Android apps it develops and maintains. “We increased reward amounts by …
Microsoft, Google widen passkey support for its users
Since 2013, the first Thursday in May is marked as World Password Day, a day dedicated to raising awareness about the need for using strong, unique passwords to secure out …
New SOHO router malware aims for cloud accounts, internal company resources
Cuttlefish, a new malware family that targets enterprise-grade small office/home office (SOHO) routers, is used by criminals to steal account credentials / secrets for AWS, …
Dropbox says attackers accessed customer and MFA info, API keys
File hosting service Dropbox has confirmed that attackers have breached the Dropbox Sign production environment and accessed customer personal and authentication information. …
Palo Alto firewalls: CVE-2024-3400 exploitation and PoCs for persistence after resets/upgrades
There are proof-of-concept techniques allowing attackers to achieve persistence on Palo Alto Networks firewalls after CVE-2024-3400 has been exploited, the company has …
UK enacts IoT cybersecurity law
The Product Security and Telecommunications Infrastructure (PSTI) Act has come into effect today, requiring manufacturers of consumer-grade IoT products sold in the UK to stop …
Okta warns customers about credential stuffing onslaught
Credential stuffing attacks have exploded this April, Okta warns, and advises its customers to use available tools to block access requests originating from residential …
Hackers backdoored Cisco ASA devices via two zero-days (CVE-2024-20353, CVE-2024-20359)
A state-sponsored threat actor has managed to compromise Cisco Adaptive Security Appliances (ASA) used on government networks across the globe and use two zero-day …