Zeljka Zorz
CISA adds Spring4Shell to list of exploited vulnerabilities
It’s been almost a week since the Spring4Shell vulnerability (CVE-2022-22965) came to light and since the Spring development team fixed it in new versions of the Spring …
Log4Shell exploitation: Which applications may be targeted next?
Spring4Shell (CVE-2022-22965) has dominated the information security news these last six days, but Log4Shell (CVE-2021-44228) continues to demand attention and action from …
Spring4Shell: No need to panic, but mitigations are advised
Security teams around the world got another shock on Thursday when news of disclosure of a PoC for an unauthenticated RCE zero-day vulnerability in Spring Core, a massively …
Mars Stealer malware pushed via Google Ads and phishing emails
Cybercriminals trying to foist the Mars Stealer malware onto users seemingly have a penchant for one particulat tactic: disguising it as legitimate, benign software to trick …
How to recruit cybersecurity talent from atypical backgrounds
In this interview with Help Net Security, Max Shuftan, Director of Mission Programs & Partnerships at SANS Institute, talks about how companies and the cybersecurity …
IceID trojan delivered via hijacked email threads, compromised MS Exchange servers
A threat actor is exploiting vulnerable on-prem Microsoft Exchange servers and using hijacked email threads to deliver the IceID (BokBot) trojan without triggering email …
Attackers are exploiting recently patched RCE in Sophos Firewall (CVE-2022-1040)
A critical vulnerability (CVE-2022-1040) in Sophos Firewall is being exploited in the wild to target “a small set of specific organizations primarily in the South Asia …
Beware of old and new tax-themed scams and schemes
April 18 marks the end of the 2022 US tax season and those individuals who are yet to file their taxes should get a move on. But they should not throw caution to the wind, as …
Okta names contractor involved in Lapsus$ gang’s attack
Okta has released additional details about the security incident caused by the Lapsus$ gang, and has named the contractor involved: Sitel. What happened? “Like many SaaS …
Internet crime in 2021: Investment fraud losses soar
Business email compromise/email account compromise scams still have the highest financial toll on victims, but investment fraud has also lead to massive losses last year, …
Microsoft and Okta confirm, detail impact of Lapsus$ gang’s attacks
Recent claims by the cyber extortion gang have been validated by Okta and Microsoft: Lapsus$ have managed to get their hands on some of Microsoft’s source code and have …
US critical infrastructure operators should prepare for retaliatory cyberattacks
US President Joe Biden has urged companies in critical infrastructure sectors to shore up their defenses against potential cyberattacks. The warning “Most of America’s …