Zeljka Zorz
Which stolen data are ransomware gangs most likely to disclose?
If your organization gets hit by a ransomware gang that has also managed to steal company data before hitting the “encrypt” button, which types of data are more …
Ransomware gang publishes stolen victim data on the public Internet
The Alphv (aka BlackCat) ransomware group is trying out a new tactic to push companies to pay for their post-breach silence: a clearnet (public Internet) website with …
Microsoft fixes Follina and 55 other CVEs
June 2022 Patch Tuesday has been marked by Microsoft with the release of fixes for 55 new CVEs, as well as security updates that fix Follina (CVE-2022-30190), the Microsoft …
Is your organization ready for Internet Explorer retirement?
June 15, 2022, is the day that Microsoft will stop supporting most versions of Internet Explorer 11, and organizations should have ensured that they ready for its retirement. …
Microsoft helps prevent lateral movement from compromised unmanaged devices
A new feature in Microsoft Defender for Endpoint can make it more difficult for attackers to perform lateral movement within company networks, as it allows admins to prevent …
Researchers unearth highly evasive “parasitic” Linux malware
Security researchers at Intezer and BlackBerry have documented Symbiote, a wholly unique, multi-purpose piece of Linux malware that is nearly impossible to detect. “What …
Summer holiday season fuels upswing of travel-themed spam
With Covid-19-related travel restrictions having been dropped by most countries, pleasure-seeking travelers are booking plane tickets, accomodations and tours with a …
The most common exploit paths enterprises leave open for attackers
Exposed version control repositories, leaked secrets in public code repositories, a subdomain vulnerable to takover, exposed Amazon S3 buckets, and Microsoft Exchange Server …
Qbot – known channel for ransomware – delivered via phishing and Follina exploit
More than a week has passed since Microsoft acknowledged the existence of the “Follina” vulnerability (CVE-2022-30190), after reports of it being exploited in the …
Apple unveils passkeys for passwordless authentication to apps and websites
At WWDC 2022, Apple has announced and previewed iOS 16 and iPad OS 16, macOS 13 (aka macOS Ventura), watchOS 9, their new M2 chips, new MacBook Air and Pro, as well as new …
Attackers are leveraging Follina. What can you do?
As the world is waiting for Microsoft to push out a patch for CVE-2022-30190, aka “Follina”, attackers around the world are exploiting the vulnerability in a …
Unpatched Atlassian Confluence zero-day exploited, fix expected today (CVE-2022-26134)
A critical zero-day vulnerability (CVE-2022-26134) in Atlassian Confluence Data Center and Server is under active exploitation, the software maker has warned on Thursday. …