Zeljka Zorz
XSS, SQLi bugs found in several Network Management Systems
Network Management System (NMS) offerings by Spiceworks, Ipswitch, Opsview and Castle Rock Computing have been found sporting several cross-site scripting and SQL injection …
Asian company is the newest APT threat
An unnamed South Asian software development consultancy that creates software for employee monitoring is also an APT player and, according to CloudSek CTO Rahul Sasi, it …
Critical RCE bug in FireEye’s security appliances exploitable via email
Last week, FireEye has silently pushed out a patch for an extremely easy-to-exploit remote code execution bug affecting its NX, EX, FX and AX Series security appliances in …
Comcast users hit with malvertising, malware and tech support scam all in one go
Another tech support scam / ransomware campaign combo has been launched at users, but this time the order of delivery is reversed. The intended victims are the customers of …
Critical Joomla RCE bug actively exploited, patch immediately!
An eight-year-old Joomla critical remote code execution vulnerability, which is being actively exploited in attacks in the wild, has been patched by the developers of the …
13 million MacKeeper users exposed in data breach
The company pushing MacKeeper, the security and utility software suite for Macs many consider to be scareware, has confirmed that the database containing passwords and …
Fake “account verification” email targeting Alibaba.com users
Businesses who use Alibaba.com to connect with Chinese manufacturers are being targeted in a recently discovered phishing campaign, Comodo warns. It takes the form of phishing …
Vuvuzela: An untraceable messaging system aimed at thwarting powerful adversaries
A group of scientists from the MIT Computer Science and Artificial Intelligence Laboratory (CSAIL) believe they have created an effective and scalable text-messaging system …
Twitter users warned about being targeted by state-sponsored attacks
Twitter has sent out unexpected warning notices to a number of users, informing them that their account might have been targeted by state-sponsored hackers. “We believe …
New Steam escrow system drives impatient users to fake trading sites serving malware
On Wednesday, Valve introduced a new “trade hold” system that should prevent scammers from stealing items from Steam users’ hijacked account, or at least …
Business email compromise scams still happening, still successful
Despite repeated warnings issued by law enforcement, information sharing organizations, and security companies, Business Email Compromise (BEC) scams still abound and the …
WP Engine breached, forces users to change their passwords
Popular WordPress-specific hosting provider WP Engine has apparently suffered a data breach, and is forcing their customers to change their passwords.“We are writing …
Featured news
Resources
Don't miss
- Balancing usability and security in the fight against identity-based attacks
- MSSqlPwner: Open-source tool for pentesting MSSQL servers
- Critical SimpleHelp vulnerabilities fixed, update your server instances!
- Configuration files for 15,000 Fortinet firewalls leaked. Are yours among them?
- New UEFI Secure Boot bypass vulnerability discovered (CVE-2024-7344)