Zeljka Zorz
North Korea targets US, South Korean hospitals with ransomware to fund further cyber operations
US and South Korean agencies have issued a joint cybersecurity advisory describing the tactics, techniques and procedures used by North Korean hackers to deploy …
Reddit breached: Internal docs, dashboards, systems accessed
Popular social news website and forum Reddit has been breached (again) and the attacker “gained access to some internal docs, code, as well as some internal dashboards …
NIST chooses encryption algorithms for lightweight IoT devices
ASCON is the name of the group of lightweight authenticated encryption and hashing algorithms that the U.S. National Institute of Standards and Technology (NIST) has chosen to …
CISA releases ESXiArgs ransomware recovery script
According to the latest data, the number of ESXiArgs ransomware victims has surpassed 3,800, and CISA has published a recovery script for victim organizations. Fixing the mess …
Attackers are searching for online store backups in public folders. Can they find yours?
Too many online store administrators are storing private backups in public folders and exposing database passwords, secret API keys, administrator URLs and customer data to …
Released: Decryptor for Cl0p ransomware’s Linux variant
Flawed encryption logic used in Cl0p (Clop) ransomware’s Linux (ELF) variant has allowed SentinelOne researchers to create and release a free decryptor. “The …
Thousands of unpatched VMware ESXi servers hit by ransomware via old bug (CVE-2021-21974)
Late last week, unknown attackers launched a widespread ransomware attack hitting VMware ESXi hypervisors via CVE-2021-21974, an easily exploitable vulnerability that allows …
Patch your Jira Service Management Server and Data Center and check for compromise! (CVE-2023-22501)
Australian software maker Atlassian has released patches for CVE-2023-22501, a critical authentication vulnerability in Jira Service Management Server and Data Center, and is …
Vulnerability in Cisco industrial appliances is a potential nightmare (CVE-2023-20076)
Cisco has released patches for a high-severity vulnerability (CVE-2023-20076) found in some of its industrial routers, gateways and enterprise wireless access points, which …
Attackers used malicious “verified” OAuth apps to infiltrate organizations’ O365 email accounts
Malicious third-party OAuth apps with an evident “Publisher identity verified” badge have been used by unknown attackers to target organizations in the UK and …
Critical QNAP NAS vulnerability fixed, update your device ASAP! (CVE-2022-27596)
QNAP Systems has fixed a critical vulnerability (CVE-2022-27596) affecting QNAP network-attached storage (NAS) devices, which could be exploited by remote attackers to inject …
DigiCert releases new unified approach to trust management
New solution brings together full stack of CA-agnostic certificate lifecycle management, PKI services and tightly integrated public trust issuance. We rarely consciously think …