Zeljka Zorz
DHS releases guidelines for CISA-sanctioned cybersecurity information sharing
The US Department of Homeland Security has published guidelines on how the private sector and federal entities can share cyber threat indicators (CTIs) with the US federal …
3-in-1 Android malware acts as ransomware, banking Trojan and infostealer
Why stop at asking ransom for encrypted files when you can also steal personal info, passwords, online banking credentials and credit card details, and then sell it or use it …
Ransomware offers customer support via chat
PadCrypt, a newly discovered piece of ransomware, offers the victims the possibility to chat with the criminals behind the scheme. This ransomware, as many before it, presents …
E-commerce web apps vulnerable to hijacking, database compromise
High-Tech Bridge researchers have published details and PoC exploit code for several serious vulnerabilities in Osclass, osCmax, and osCommerce, three popular open source …
Is your WordPress site being misused for DDoS attacks?
Many WordPress websites are still being misused to perform layer 7 DDoS attacks against target servers, even though preventing them from participating in these attacks is as …
Hollywood hospital pays ransom to get their computers, files back
The Hollywood hospital whose systems have been infected with ransomware has paid $17,000 to get the decryption key from the criminals, and is operating normally once again. …
Apple will fight court order to unlock gunman’s iPhone
A US magistrate judge has ordered Apple to help the FBI gain access to the contents of a PIN-locked iPhone 5C used by Syed Farook, one of the shooters in the San Bernardino …
Critical Glibc flaw opens Linux distros, other software and devices to compromise
A critical bug has been found to open an unimaginable number of computers, networking and other connected devices to attacks that can result in complete system compromise. …
Dridex botnet alive and well, now also spreading ransomware
Last October’s disruption of the Dridex botnet by UK and US law enforcement agencies and the arrest of a Moldovan bot master have not lead to the death of the botnet. …
Review: Mobile Data Loss
Employees increasingly use mobile devices for work and to access their company’s resources. That should be, by now, an accepted reality for all those who work in the IT …
Year-old critical Magento flaw still exploited, payment info stolen
A whole year has passed since a critical e-shop hijacking flaw in the Magento CMS has been patched, but the vulnerability is still being exploited in attacks in the wild, …
Smart buildings security: Who’s in charge?
As the Internet of Things became an accepted reality, and the security community realized that they have to get involved in securing it, days without news about the insecurity …
Featured news
Resources
Don't miss
- Balancing usability and security in the fight against identity-based attacks
- MSSqlPwner: Open-source tool for pentesting MSSQL servers
- Critical SimpleHelp vulnerabilities fixed, update your server instances!
- Configuration files for 15,000 Fortinet firewalls leaked. Are yours among them?
- New UEFI Secure Boot bypass vulnerability discovered (CVE-2024-7344)