Zeljka Zorz
Microsoft patches actively exploited MSHTML zero-day RCE (CVE-2021-40444)
On September 2021 Patch Tuesday, Microsoft has fixed 66 CVE-numbered vulnerabilities in a wide variety of its solutions. Of these, the most crucial to address is …
Kali Linux 2021.3 released: Kali NetHunter on a smartwatch, wider OpenSSL compatibility, new tools, and more!
Offensive Security has released Kali Linux 2021.3, the latest version of its popular open source penetration testing platform. You can download it or upgrade to it. Kali Linux …
Apple fixes “zero-click” iMessage zero-day exploited to deliver spyware (CVE-2021-30860)
Apple has released security updates for macOS, iOS, iPadOS, watchOS and Safari that patch two vulnerabilities (CVE-2021-30860, CVE-2021-30858) that are being exploited in …
Healthcare cybersecurity: How to prevent the compromise of patient records?
Year after year, the number of data breaches affecting entities in the healthcare industry rises, and 2020 was no exception. The 616 data breaches reported this past year to …
OpenSSL 3.0: A new FIPS module, new algorithms, support for Linux Kernel TLS, and more
The OpenSSL Project has released OpenSSL 3.0, a major new stable version of the popular and widely used cryptography library. What is OpenSSL? OpenSSL contain an open-source …
Researchers pinpoint ransomware gangs’ ideal enterprise victims
Researchers with threat intelligence company KELA have recently analyzed 48 active threads on underground (dark web) marketplaces made by threat actors looking to buy access …
Attackers are exploiting zero-day RCE flaw to target Windows users (CVE-2021-40444)
Attackers are exploiting CVE-2021-40444, a zero-day remote code execution vulnerability in MSHTML (the main HTML component of the Internet Explorer browser), to compromise …
Patched: Critical bug with public PoC exploit in Cisco infrastructure virtualization software (CVE-2021-34746)
A critical vulnerability (CVE-2021-34746) that affects Cisco Enterprise NFV Infrastructure Software (NFVIS) has been patched and Cisco is urging enterprise admins to quickly …
Vulnerabilities allow attackers to remotely deactivate home security system (CVE-2021-39276, CVE-2021-39277)
A DiY home security system sold to families and businesses across the US sports two vulnerabilities (CVE-2021-39276, CVE-2021-39277) that, while not critical, “are …
Ransomware gangs target organizations during holidays and weekends
Ransomware gangs may take advantage of upcoming holidays and weekends to hit US organizations, the FBI and the CISA have warned. They don’t have any specific threat …
Trends in the OT/ICS security space and what’s to come
In July 2021, Armis appointed Sachin Shah, an Intel veteran of over 21 years, as its new CTO for Operational Technology (OT) and Industrial Control Systems (ICS). In this …
Realtek SDK vulnerability exploitation attempts detected (CVE-2021-35395)
Threat actors are attempting to exploit CVE-2021-35395, a group of vulnerabilities in the web interface of the Realtek SDK, to spread Mirai malware to vulnerable IoT devices. …