Zeljka Zorz
ACLU probes US police’s use of fake cell towers
The American Civil Liberties Union (ACLU) is on a mission to find out which local and state law enforcement forces in the US are using “stingrays” and how, but are …
Over half of Android users fail to lock their phones
An ad hoc survey conducted by Google’s anti-abuse research lead Elie Bursztein has shown that over half of Android users don’t lock their phones in any meaningful …
Nmap’s Fyodor restarts the Full Disclosure mailing list
The Full Disclosure mailing list is back on track, with Nmap’s Gordon “Fyodor” Lyon picking up the mantle put down by John Cartwright. “Upon hearing …
Gameover ZeuS now targets users of employment websites
Some newer variants of the Gameover Zeus Trojan, which is exceptionally good at using complex web injections to perform Man-in-the-Browser (MITB) attacks and gain additional …
ATMs running Windows XP targeted with cash-dispensing malware
Microsoft has been aggressively campaigning to get users to stop using Windows XP, and has gone so far as to offer $100 off the purchase of a new PC via the Microsoft Store in …
Android bug can push devices into an endless reboot loop
A Proof-of-Concept app exploiting a recently discovered Android vulnerability that triggers the continuous rebooting of an affected device was apparently also behind the …
Tumblr now offers two-factor authentication
In a playful post on its official feed, Tumblr has announced that it’s now offering two-factor authentication to its users. “You know how you need two keys to …
0-day Microsoft Word flaw exploited in targeted attacks
Microsoft has issued a security advisory warning of a remote code execution vulnerability that is being exploited in “limited, targeted attacks directed at Microsoft …
Flaws in Android update mechanism could turn apps into malware
A group of researchers from Indiana University and Microsoft Research have unearthed six Android vulnerabilities that can be exploited to turn apparently harmless apps into …
10,000 GitHub users inadvertently reveal their AWS secret access keys
GitHub developers who are also Amazon Web Services users are advised to check the code they made public on their project pages and to delete secret access keys for their AWS …
Basecamp gets DDoSed and blackmailed
Basecamp, formerly known as 37signals, has managed to largely mitigate a DDoS attack that started today (March 24) at 8:46 central time and which made its services unavailable …
NSA compromised Huawei’s servers, spied on its executives
For years, the US government has been very vocal about its distrust of Chinese telecommunication giant Huawei, pointedly blocking acquisitions and takeovers that would allow …
Featured news
Resources
Don't miss
- Avoiding vendor lock-in when using managed cloud security services
- The CISO’s dilemma of protecting the enterprise while driving innovation
- PoC exploit for Ivanti Endpoint Manager vulnerabilities released (CVE-2024-13159)
- Account takeover detection: There’s no single tell
- Man vs. machine: Striking the perfect balance in threat intelligence