Zeljka Zorz
U-Haul reports data breach, customers’ info exposed
U.S. moving and storage rental company U-Haul has suffered a data breach due to an unauthorized person having accessed an unspecified number of rental contracts, …
Apple fixes actively exploited zero-day in macOS, iOS (CVE-2022-32917)
Apple has fixed a slew of vulnerabilities in macOS, iOS, and iPadOS, including a zero-day kernel vulnerability (CVE-2022-32917) exploited by attackers in the wild. About …
Thousands of QNAP NAS devices hit by DeadBolt ransomware (CVE-2022-27593)
QNAP Systems has provided more information about the latest DeadBolt ransomware campaign targeting users of its network-attached storage (NAS) devices and the vulnerability …
You should know that most websites share your in-site search queries with third parties
If you are using a website’s internal search function, chances are good that your search terms are being leaked to third parties in some form, researchers with …
High-risk ConnectWise Automate vulnerability fixed, admins urged to patch ASAP
ConnectWise has fixed a vulnerability in ConnectWise Automate, a popular remote monitoring and management tool, which could allow attackers to compromise confidential data or …
DeadBolt is hitting QNAP NAS devices via zero-day bug, what to do?
A few days ago – and smack in the middle of the weekend preceding Labor Day (as celebrated in the U.S.) – Taiwan-based QNAP Systems has warned about the latest …
Google invites bug hunters to scrutinize its open source projects
Google wants to improve the security of its open source projects and those projects’ third-party dependencies by offering rewards for bugs found in them. …
Should ransomware payments be banned? A few considerations
Several U.S. states have recently moved to ban local and state agencies and organizations funded by taxpayers’ dollars from paying off ransomware gangs, and a few more …
US-based CISOs get nearly $1 million per year
The role of the Chief Information Security Officer (CISO) is a relatively new senior-level executive position within most organizations, and is still evolving. To find out how …
Patch critical flaw in Atlassian Bitbucket Server and Data Center! (CVE-2022-36804)
A critical vulnerability (CVE-2022-36804) in Atlassian Bitbucket Server and Data Center could be exploited by unauthorized attackers to execute malicious code on vulnerable …
LastPass breach: Source code, proprietary tech info stolen
“An unauthorized party gained access to portions of the LastPass development environment through a single compromised developer account and took portions of source code …
Phishing PyPI users: Attackers compromise legitimate projects to push malware
PyPI, the official third-party software repository for Python packages, is warning about a phishing campaign targeting its users. “We have additionally determined that …