Zeljka Zorz
Vulnerable TCP/IP stack is used by almost 200 device vendors
Researchers have discovered 14 new vulnerabilities affecting the proprietary NicheStack (aka InterNiche) TCP/IP stack, used in OT devices such as the extremely popular Siemens …
A clever phishing campaign is targeting Office 365 users
Microsoft is warning about an ongoing, “sneakier than usual” phishing campaign aimed at Office 365 users. An active phishing campaign is using a crafty combination …
Critical vulnerabilities may allow attackers to compromise hospitals’ pneumatic tube system
Armis researchers have unearthed critical vulnerabilities in Swisslog Healthcare’s Translogic pneumatic tube system, which plays a crucial role in patient care in more …
CISA launches US federal vulnerability disclosure platform
Bug hunters who want to help the US federal government secure their online assets can now source all the relevant information from a vulnerability disclosure policy (VDP) …
Microsoft adds Safe Links phishing protection to Microsoft Teams
Microsoft has extendend the phishing protection offered by Microsoft Defender for Office 365’s Safe Links feature to Microsoft Teams. “At its core, Safe Links …
How to develop a skilled cybersecurity team
What skills should aspiring information security workers possess and work on? What certifications can come in handy more than others? What strategies should organizations …
Kaseya obtains universal REvil decryptor
There’s finally some good news for the MSPs and their customers that have been hit by the REvil ransomware gang via compromised Kaseya VSA software: a universal …
Apple security updates: iOS 14.7 fixes WiFiDemon flaw
Apple has released security updates for macOS Big Sur (11.5), Catalina (10.15) and Mojave (10.14), as well as iOS (14.7) and iPadOS (14.7). There is no indication that Apple …
Fortinet plugs RCE hole in FortiManager and FortiAnalyzer (CVE-2021-32589)
A vulnerability (CVE-2021-32589) in FortiManager and FortiAnalyzer could be exploited by remote, non-authenticated attackers to execute unauthorized / malicious code as root, …
Easily exploitable, unpatched Windows privilege escalation flaw revealed (CVE-2021-36934)
A researcher that goes by the Twitter handle @jonasLyk has unearthed an easily exploitable vulnerability (CVE-2021-36934) in Windows 10 that may allow local non-administrative …
Researchers flag 7-years-old privilege escalation flaw in Linux kernel (CVE-2021-33909)
A vulnerability (CVE-2021-33909) in the Linux kernel’s filesystem layer that may allow local, unprivileged attackers to gain root privileges on a vulnerable host has been …
Bug hunters asked to probe Microsoft Teams mobile apps, can earn up to $30k
Microsoft’s Applications Bounty Program has been extended to cover Microsoft Teams mobile apps, and bug hunters can earn up to $30,000 for reports about specific …