Zeljka Zorz
92,000+ internet-facing D-Link NAS devices accessible via “backdoor” account (CVE-2024-3273)
A vulnerability (CVE-2024-3273) in four old D-Link NAS models could be exploited to compromise internet-facing devices, a threat researcher has found. The existence of the …
WiCyS: A champion for a more diverse cybersecurity workforce
In this Help Net Security interview, Lynn Dohm, Executive Director at Women in CyberSecurity (WiCyS), talks about how the organization supports its members across different …
Omni Hotels suffer prolonged IT outage due to cyberattack
Texas-based Omni Hotels & Resorts has been responding to a cyberattack that started last Friday, which resulted in the unavailability of many of its IT systems. According …
Ivanti vows to transform its security operating model, reveals new vulnerabilities
Ivanti has released patches for new DoS vulnerabilities affecting Ivanti Connect Secure (SSL VPN solution) and Ivanti Policy Secure (NAC solution), some of which could also …
A “cascade” of errors let Chinese hackers into US government inboxes
Microsoft still doesn’t known how Storm-0558 attackers managed to steal the Microsoft Services Account cryptographic key they used to forge authentication tokens needed …
NVD: NIST is working on longer-term solutions
The recent conspicuous faltering of the National Vulnerability Database (NVD) is “based on a variety of factors, including an increase in software and, therefore, …
How Google plans to make stolen session cookies worthless for attackers
Google is working on a new security feature for Chrome called Device Bound Session Credentials (DBSC), meant to prevent attackers from using stolen session cookies to gain …
AT&T data leaked: 73 million customers affected
AT&T has confirmed that the data set leaked on the dark web some two weeks ago does, indeed, contain “AT&T data-specific fields”. The company is reaching …
XZ Utils backdoor update: Which Linux distros are affected and what can you do?
UPDATE: April 9, 09:23 AM ET A new story has been published: XZ Utils backdoor: Detection tools, scripts, rules The news that XZ Utils, a compression utility present in most …
Beware! Backdoor found in XZ utilities used by many Linux distros (CVE-2024-3094)
UPDATE: April 9, 09:23 AM ET Two stories have been published since this initial release: Which Linux distros are affected and what can you do? XZ Utils backdoor: Detection …
Zero-day exploitation surged in 2023, Google finds
2023 saw attackers increasingly focusing on the discovery and exploitation of zero-day vulnerabilities in third-party libraries (libvpx, ImagelO) and drivers (Mali GPU, …
NHS Scotland confirms ransomware attackers leaked patients’ data
NHS Dumfries and Galloway (part of NHS Scotland) has confirmed that a “recognised ransomware group” was able to “access a significant amount of data …