Zeljka Zorz
Review: Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own
About the author Dejan Kosutic is the author of numerous articles, tutorials, documentation templates, webinars, and courses about information security and business continuity …
Russian ransomware boss earns $90,000 per year
Despite too many users not even being aware of the existence of the ransomware threat, there is no doubt that it’s currently one of the most popular ways for cyber …
KeePass update check MitM flaw can lead to malicious downloads
Open source password manager KeePass sports a MitM vulnerability that could allow attackers to trick users into downloading malware disguised as a software update, security …
FBI warns about email extortion attempts following data breaches
FBI’s Internet Crime Complaint Center has issued a public service announcement warning users about email extortion attempts related to recent high-profile data thefts. …
Bug poachers target businesses, demand money for bug info
Businesses are being hit with an extortion attempt based on attackers penetrating their network or websites and stealing corporate or user data. The attackers don’t say …
Windows zero-day exploit offered for sale on underground market
Someone is selling an exploit for a Windows zero-day on an underground market for Russian-speaking cyber criminals, and the current price is set at $90,000. Trustwave …
Improving software security through a data-driven security model
The current software security models, policies, mechanisms, and means of assurance are a relic of the times when software began being developed, and have not evolved along …
Twitter paid out $322,420 in bug bounties
Researchers have proven that bug bounties are a cheaper way for discovering vulnerabilities than hiring full-time bug hunters would be and, in the last few years, many …
65 million Tumblr users’ email addresses, passwords sold on dark web
Email addresses and hashed and salted passwords of 65 million Tumblr users are being sold online by “peace_of_mind,” aka “Peace”, the individual that …
ICS-CERT warns about vulnerable SCADA system that can’t be updated
A web-based SCADA system deployed mainly in the US energy sector sports vulnerabilities that may allow attackers to perform configuration changes and administrative operations …
Faulty TLS implementation opens VISA sites, users to attack
A group of researchers has discovered 184 HTTPS servers that are wide open to attackers looking to inject seemingly valid content into encrypted sessions. Some of these …
ZCryptor ransomware spreads via removable drives
The newly spotted ZCryptor ransomware has also the ability to spread like a worm, Microsoft warns. Once it infects a system, it also copies itself on removable drives, in the …
Featured news
Resources
Don't miss
- Balancing usability and security in the fight against identity-based attacks
- MSSqlPwner: Open-source tool for pentesting MSSQL servers
- Critical SimpleHelp vulnerabilities fixed, update your server instances!
- Configuration files for 15,000 Fortinet firewalls leaked. Are yours among them?
- New UEFI Secure Boot bypass vulnerability discovered (CVE-2024-7344)