Zeljka Zorz
Researchers eliminate coding errors by using good code from “donor” apps
The main appeal of open source software is in the fact that its source code can be reviewed by anyone and, theoretically, stealthy backdoors and unintentional errors should be …
Fake Twitter verification profiles trick victims into sharing personal, payment card info
A little over 18,000 Twitter users looking for a way to get their accounts verified have been duped by a single fake account promising to provide the service into visiting a …
US OPM takes vulnerable background investigation portal offline
The US Office of Personnel Management announced on Monday that it has temporarily suspended the E-QIP (Electronic Questionnaires for Investigations Processing) system, a …
Popular VPNs leak data, don’t offer promised privacy and anonymity
Virtual Private Network (VPN) services can be used for circumventing Internet censorship and accessing blocked content, but researchers warn that you shouldn’t believe …
Researcher proves how easy it is to pull off homographic phishing attacks
Security consultant Paul Moore has managed to register a domain that, at first glance, looks like that of UK-based Lloyds Bank, and get a valid TLS certificate for it from …
Major Xen update fixes over 20 vulns, including guest/host escape flaw
The newest version (v4.5.1) of popular hypervisor Xen has been released last week, and includes a bucketload of improvements and bug-fixes, including nearly 20 security …
Hackers are exploiting Magento flaw to steal payment card info
Attackers are exploiting a vulnerability in eBay’s Magento platform to steal users’ billing information (including payment card info), warns Sucuri …
Update your Flash Player if you don’t want ransomware
“It didn’t take long for exploit kit authors to incorporate an exploit for the recently discovered zero-day Adobe Flash vulnerability (CVE-2015-3113) into their …
Researcher tests Tor exit nodes, finds not all operators can be trusted
While the Tor anonymity network conceals (relatively successfully) a user’s location and Internet activity from anyone who might want to know about it, users should be …
Vegan and BeEF clash shows how cyber arms race never stops
Cyber attackers and defenders are caught in a permanent to-and-fro dance, coming up with new solutions that break the last one created by their adversaries. An example of this …
Facebook slowly fine-tuning its popular ThreatExchange
Facebook’s ThreatExchange, which was unveiled this February, is apparently a hit with organizations, and they are vocal about the ways they believe it could be …
Cisco finds, removes more default SSH keys on its software
Cisco has pushed out security updates to address two vulnerabilities in its Web Security Virtual Appliance (WSAv), Email Security Virtual Appliance (ESAv), and Content …
Featured news
Sponsored
Don't miss
- Microsoft releases tool to speed up recovery of systems borked by CrowdStrike update
- Cross-industry standards for data provenance in AI
- Shuffle Automation: Open-source security automation platform
- Cyber insurance 2.0: The systemic changes required for future security
- Update: Worldwide IT outage due to buggy Crowdstrike sensor configuration update