Zeljka Zorz
Cisco re-patches wormable Jabber RCE flaw
In September 2020, Cisco patched four Jabber vulnerabilities (including one wormable RCE flaw), but as it turns out, three of four have not been sufficiently mitigated. The …
Ad-injecting malware hijacks Chrome, Edge, Firefox
When searching for things online, has a greater number of ads than usual been popping up at the top of your search results? If it has, and you’re using Microsoft Edge, …
Phishers bypass Microsoft 365 security controls by spoofing Microsoft.com
A domain spoofing email phishing campaign that very convincingly impersonates Microsoft and successfully tricks legacy secure email gateways has recently been spotted by …
FireEye breach: State-sponsored attackers stole hacking tools
U.S. cybersecurity company FireEye has suffered a breach, and the attackers made off with the company’s RedTeam tools, FireEye CEO Kevin Mandia has disclosed on Tuesday. …
How Kali Linux creators plan to handle the future of penetration testing
Offensive Security might best known as the company behind Kali Linux, the popular (and free) open-source pen testing platform, but its contribution to the information security …
Vulnerable TCP/IP stacks open millions of IoT and OT devices to attack
Forescout researchers have discovered 33 vulnerabilities affecting four open source TCP/IP (communications) stacks used in millions of connected devices worldwide. …
A light December 2020 Patch Tuesday for a no-stress end of the year
On this December 2020 Patch Tuesday: Microsoft has plugged 58 CVEs Adobe has delivered security updates for Lightroom, Experience Manager, and Prelude, and has announced that …
Hackers are targeting the COVID-19 vaccine supply chain
Unknown hackers have been trying to compromise accounts and computer systems of employees in organizations involved in the COVID-19 vaccine supply chain. While it’s …
Open source vulnerabilities go undetected for over four years
For its annual State of the Octoverse report, GitHub has analyzed over 45,000 active code directories to provide insight into open source security (vulnerabilities) and …
Raising defenses against ransomware in healthcare
More than half a decade has passed since ransomware-wielding attackers started focusing on healthcare providers. Despite some initial misgivings about targeting life-saving …
Which security practices lead to best security outcomes?
A proactive technology refresh strategy and a well-integrated tech stack are, according to a recent Cisco report, two security practices that are more likely than many others …
How prevalent is DNS spoofing? Could a repeat of the Dyn/Mirai DDoS attack have the same results?
Two separate groups of academics have recently released research papers based on research into the Domain Name System (DNS). One has found that the overwhelming majority of …
Featured news
Sponsored
Don't miss
- Overlooked essentials: API security best practices
- SubSnipe: Open-source tool for finding subdomains vulnerable to takeover
- Void Banshee APT exploited “lingering Windows relic” in zero-day attacks
- SYS01 info-stealer pushed via Facebook ads, LinkedIn and YouTube posts
- ChatGPTriage: How can CISOs see and control employees’ AI use?