Zeljka Zorz
High-impact DoS flaw patched in Node.js, update as soon as possible
The Node.js Foundation has pushed out a patch for its eponymous open source, cross-platform runtime environment for developing server-side web applications. The fix plugs two …
A double whammy of tech support scam and ransomware hits US, UK users
Tech support scams and ransomware usually don’t go together, but there’s a first time for everything. Symantec researchers have spotted a generic tech support scam …
Elasticsearch servers actively targeted by botmasters
Elasticsearch is one of the most popular choices when it comes to enterprise search engines.Unfortunately, a couple of remote code execution flaws (CVE-2015-5377, …
3G/4G cellular USB modems are full of critical security flaws, many 0-days
An analysis of popular 3G and 4G cellural USB modems and routers used around the world revealed a myriad of serious vulnerabilities in each of them.The SCADA Strange Love team …
Darkode forum returns with lousy security that keeps serious users away
The newest version of the infamous Darkode cybercriminal forum is up, and it’s the worst one ever, says Loucif Kharouni, a senior threat researcher with Damballa.As you …
Flaws in medical data management system can be exploited to modify patient information
Two vulnerabilities found in v3.3 of Epiphany’s Cardio Server ECG Management System, a popular system that is used to centralize and manage patient data by healthcare …
How Europol analyzes malware
In the wake of the takedown of a major cybercriminal group wielding banking Trojans in Ukraine in June this year, Europol noted that it “provided crucial support to the …
Belkin’s N150 router sports multiple flaws, including default access credentials for telnet server
Belkin’s SOHO routers are not exactly a paragon of a secure device, so it shouldn’t come as a surprise that, once again, a security researcher has unearthed a …
Windows machines stop trusting Dell’s two unconstrained root CA certs
Microsoft has updated the Certificate Trust list for all supported releases of Microsoft Windows so that the two digital certificates (complete with inadvertently disclosed …
Hacktivists and cyber extortionists hit Greek, Russian, UAE banks
A number of “regular” and central banks across Europe, Russia and Asia have been targeted by cyber attackers.Last week, in the wake of Turkey downing a Russian …
VTech data breach gets worse: Children’s pictures and chat logs were also compromised
The hacker who breached VTech’s customer database and shared with the world the fact that the exploit was so easy anyone could do it (SQL injection), has found …
VPN protocol flaw allows attackers to discover users’ true IP address
The team running the Perfect Privacy VPN service has discovered a serious vulnerability that affects all VPN providers that offer port forwarding, and which can be exploited …
Featured news
Sponsored
Don't miss
- Update: Worldwide IT outage due to buggy Crowdstrike sensor configuration update
- Faulty CrowdStrike update takes out Windows machines worldwide
- GenAI network acceleration requires prior WAN optimization
- Critical Splunk flaw can be exploited to grab passwords (CVE-2024-36991)
- eBook: How CISSP turns career goals into reality