Zeljka Zorz
WPAD name collision bug opens door for MitM attackers
A vulnerability in Web Proxy Auto-Discovery (WPAD), a protocol used to ensure all systems in an organization utilize the same web proxy configuration, can be exploited to …
Tips for evolving your office’s security culture
Changing a corporate security culture, or even just that of your own office or department, can sometimes seem impossible. In general, people don’t like change: they just …
OWASP set to address API security risks
OWASP has started a new project and is set to publish a new guide on security risks. The issue they aim to tackle this time is API security. The new OWASP API Security Project …
Criminals stole $12.7 million from ATMs in Japan
In the early morning hours of May 15, 2016, a group of over 100 people executed coordinated, fraudulent ATM withdrawals that netted them about 1.44 billion yen. In a period of …
Ubiquiti routers hit by backdoor-generating worm
A worm targeting wireless network equipment developed by US-based Ubiquiti Networks has already managed to compromise thousands of routers across the world. To spread it, …
Phineas Fisher records, publishes latest attack
Phineas Fisher, the hacker behing the Gamma International and Hacking Team breaches and data leaks, is at it again. This time his target was Sindicat de Mossos …
Review: The Architecture of Privacy
About the authors Courtney Bowman has been working in the data analytics space for the last decade. He joined Palantir Technologies in 2010 as an in-house Privacy and Civil …
The gravest dangers for CMS-based websites
Over a third of all websites on the Internet are powered by one of these four key open source platforms: WordPress, Joomla!, Drupal and Magento. This makes the life of …
Google Allo messaging app offers end-to-end crypto, but not as default
On Wednesday, at its annual developer-focused conference, Google introduced two new cross-platform apps: Allo and Duo. Google Allo is a messaging app, and Duo is a video …
The end of TeslaCrypt: Master decryption key released
The operators of TeslaCrypt ransomware have decided to close up shop and have published a master key that decrypts the files encrypted by the malware. They also wrote that the …
LinkedIn users’ data on sale on the dark web
A hacker has put up a batch of info about 167 million LinkedIn accounts for sale on dark web marketplace The Real Deal. Of these, some 117 million records contain email …
Phone metadata can reveal sensitive info about individuals
Since Snowden revealed that the NSA collects from Verizon phone records of US citizens on a daily basis, those who support that kind of collection have been repeatedly …
Featured news
Resources
Don't miss
- Mastering the cybersecurity tightrope of protection, detection, and response
- PRevent: Open-source tool to detect malicious code in pull requests
- Darcula allows tech-illiterate crooks to create, deploy DIY phishing kits targeting any brand
- Hackers pose as employers to steal crypto, login credentials
- Unknown and unsecured: The risks of poor asset visibility