Zeljka Zorz
ProxyShell vulnerabilities actively exploited to deliver web shells and ransomware
Three so-called “ProxyShell” vulnerabilities are being actively exploited by various attackers to compromise Microsoft Exchange servers around the world, the …
T-Mobile data breach: New information uncovered by the investigation
In the wake of the recent claims that T-Mobile U.S. has suffered a massive data breach and the consequent industry reactions, the company has shared additional information its …
Unpatched Fortinet FortiWeb vulnerability allows remote OS command injection
An unpatched vulnerability in the management interface for FortiWeb, Fortinet’s web application firewall, could allow a remote, authenticated attacker to execute …
Critical bug allows remote compromise, control of millions of IoT devices (CVE-2021-28372)
A vulnerability (CVE-2021-28372) in the SDK that allows IoT devices to use ThroughTek’s Kalay P2P cloud platform could be exploited to remotely compromise and control …
NAS devices under attack: How to keep them safe?
Network-attached storage (NAS) devices are a helpful solution for storing, managing, and sharing files and backups and, as such, they are an attractive target for cyber …
Microsoft confirms another Windows Print Spooler bug, offers workaround (CVE-2021-36958)
A day after the August 2021 Patch Tuesday, Microsoft has released an out-of-band security advisory acknowledging the existence of yet another Print Spooler vulnerability …
Firefox 91 delivers new security and privacy options
Released on August 10, Firefox 91 delivers HTTPS by Default in Private Browsing mode and an enhanced cookie clearing option. Increased security with HTTPS by Default HTTP over …
Allstar app helps enforce security best practices for GitHub projects
Google and the Open Source Security Foundation (OpenSSF) have released Allstar, an app that allows organizations / owners of GitHub repositories to set up security policy …
Microsoft patches actively exploited zero-day (CVE-2021-36948), more Print Spooler flaws
Microsoft’s August 2021 Patch Tuesday is pretty lightweight, through it covers a wide variety of Microsoft solutions. 44 CVE-numbered security holes have been plugged, …
Adobe fixes security holes in Magento, most of which are critical
Adobe has released security updates to address vulnerabilities in Magento and Adobe Connect. Magento August 2021 security updates Magento is a popular open-source e-commerce …
The challenges healthcare CISOs face in an evolving threat landscape
Organizations in the healthcare sector – and especially those engaged in delivering healthcare services – have always been juicy targets for cyber attackers. But …
Patch bypass flaw in Pulse Secure VPNs can lead to total compromise (CVE-2021-22937)
The patch for a vulnerability (CVE-2020-8260) in Pulse Connect Secure VPN devices that attackers have been exploiting in the wild can be bypassed, security researcher Rich …