Zeljka Zorz
Cyber crooks push Android malware via letter
Cyber crooks are trying out an interesting new approach for getting information-stealing malware installed on Android users’ smartphones: a physical letter impersonating …
Palo Alto Networks firewalls, Expedition under attack (CVE-2024-9463, CVE-2024-9465)
Attackers have been spotted exploiting two additional vulnerabilities (CVE-2024-9463, CVE-2024-9465) in Palo Alto Networks’ Expedition firewall configuration migration …
NIST is chipping away at NVD backlog
The National Institute of Standards and Technology (NIST) is clearing the backlog of unprocessed CVE-numbered vulnerabilities in the National Vulnerability Database (NVD), but …
FBI confirms China-linked cyber espionage involving breached telecom providers
After months of news reports that Chinese threat actors have breached the networks of US telecommunications and internet service providers, the FBI and the Cybersecurity and …
How a Windows zero-day was exploited in the wild for months (CVE-2024-43451)
CVE-2024-43451, a Windows zero-day vulnerability for which Microsoft released a fix on November 2024 Patch Tuesday, has been exploited since at least April 2024, ClearSky …
Aerospace employees targeted with malicious “dream job” offers
It’s not just North Korean hackers who reach out to targets via LinkedIn: since at least September 2023, Iranian threat actor TA455 has been trying to compromise workers …
Microsoft fixes actively exploited zero-days (CVE-2024-43451, CVE-2024-49039)
November 2024 Patch Tuesday is here, and Microsoft has dropped fixes for 89 new security issues in its various products, two of which – CVE-2024-43451 and CVE-2024-49039 …
Hot Topic breach: Has your credit card info been compromised?
If you’re wondering whether your personal and financial data has been compromised in the massive Hot Topic breach, you can use two separate online tools to check: Have I …
Massive troves of Amazon, HSBC employee data leaked
A threat actor who goes by the online moniker “Nam3L3ss” has leaked employee data belonging to a number of corporations – including Amazon, 3M, HSBC and HP …
Critical Palo Alto Networks Expedition bug exploited (CVE-2024-5910)
A vulnerability (CVE-2024-5910) in Palo Alto Networks Expedition, a firewall configuration migration tool, is being exploited by attackers in the wild, the Cybersecurity and …
Industrial companies in Europe targeted with GuLoader
A recent spear-phishing campaign targeting industrial and engineering companies in Europe was aimed at saddling victims with the popular GuLoader downloader and, ultimately, a …
North Korean hackers employ new tactics to compromise crypto-related businesses
North Korean hackers are targeting crypto-related businesses with phishing emails and novel macOS-specific malware. The crypto-related phishing campaign Since July 2024, …