Zeljka Zorz
There are new unpatched bugs in Windows Print Spooler
Security researchers have unearthed new elevation of privilege (EoP) bugs in Windows Print Spooler, one of the oldest Windows components. Scarce details have been shared about …
U.S. Government sets up ransomware task force, offers $10 million reward for info
The U.S. Government has set up a cross-agency ransomware task force, a hub for ransomware resources, and is offering $10 million for information on state-sponsored cyber …
Explosion of 0-day exploits: The bad news and the good news
Have you noticed that lately we’ve been hearing more about in-the-wild attacks exploiting 0-day vulnerabilities? “Halfway into 2021, there have been 33 0-day …
July 2021 Patch Tuesday: Microsoft fixes 4 actively exploited bugs
On this July 2021 Patch Tuesday: Microsoft has fixed 117 CVEs, 4 of which are actively exploited Adobe has delivered security updates for Acrobat and Reader, Bridge, …
Gmail increases email security by adding support for BIMI
Organizations who deploy Domain-based Message Authentication, Reporting, and Conformance (DMARC) will, from now on, be able to increase Gmail recipients’ trust in the …
SolarWinds patches zero-day exploited in the wild (CVE-2021-35211)
SolarWinds has released an emergency patch for CVE-2021-35211, a RCE vulnerability affecting its Serv-U Managed File Transfer and Serv-U Secure FTP that is currently being …
How to improve your organization’s Active Directory security posture
Active Directory (AD), a directory service developed by Microsoft for Windows domain networks, is most organizations’ primary store for employee authentication and …
PoC for critical Windows Print Spooler flaw leaked (CVE-2021-1675)
CVE-2021-1675, a Windows Print Spooler vulnerability that Microsoft patched in June 2021, presents a much greater danger than initially thought: researchers have proved that …
New security measures to keep Google Play safe
Google is announcing two new security measures aimed at minimizing the number of malicious / potentially unwanted apps available for download from the Google Play Store: …
Cisco security devices targeted with CVE-2020-3580 PoC exploit
Attackers and bug hunters are leveraging an exploit for CVE-2020-3580 to compromise vulnerable security devices running Cisco ASA or FTD software. Active attacks apparently …
Vulnerabilities in Dell computers allow RCE at the BIOS/UEFI level
An estimated 30 million Dell computers are affected by several vulnerabilities that may enable an attacker to remotely execute code in the pre-boot (BIOS/UEFI) environment, …
Virtual machines hide ransomware until the encryption process is done
The use of virtual machines (VMs) to run the malicious payload is getting more popular with ransomware attackers, Symantec’s Threat Hunter Team claims. Ransomware deployed in …