Zeljka Zorz
Q1 2021 ransomware trends: Most attacks involved threat to leak stolen data
The vast majority of ransomware attacks now include the theft of corporate data, Coveware says, but victims of data exfiltration extortion have very little to gain by paying a …
Apple patches macOS zero-day exploited by malware for months (CVE-2021-30657)
Apple has patched a critical macOS zero-day (CVE-2021-30657) that has been exploited by Shlayer malware for months and has finally introduced/enabled the App Tracking …
Organizations can no longer afford to overlook encrypted traffic
Whether you’re a small business operating out of a single office or a global enterprise with a huge and distributed corporate network, not inspecting the encrypted traffic …
QNAP NAS devices under ransomware attack
QNAP NAS device owners are once again under attack by ransomware operators, who are exploiting a recently fixed vulnerability to lock data on vulnerable devices by using the …
SniperPhish: An all-in-one open-source phishing toolkit
SniperPhish is an all-in-one open-source phishing toolkit that pentesters and other security professionals can use for setting up and executing email and web-based spear …
Monero-mining botnet targets orgs through recent MS Exchange vulnerabilities
The recent Microsoft Exchange Server vulnerabilities might have initially been exploited by a government-backed APT group, but cybercriminals soon followed suit, using them to …
Cloud Sniper: Manage and automate cloud security operations
Cloud Sniper is an open-source platform for managing cloud security operations that aims to make it easy for cloud teams to deal with security incidents. “One of our …
Hackers found leveraging three SonicWall zero-day vulnerabilities
Attackers that seem to have “intimate knowledge” of the SonicWall Email Security product have been discovered leveraging three (at the time) zero-day …
Attackers are exploiting zero-day in Pulse Secure VPNs to breach orgs (CVE-2021-22893)
Attackers have been exploiting several old and one zero-day vulnerability (CVE-2021-22893) affecting Pulse Connect Secure (PCS) VPN devices to breach a variety of defense, …
Securing vehicles from potential cybersecurity threats
Organizations in the automotive industry are no stranger to demands and mandates regarding car and passenger safety, so addressing the issue of cybersecurity of computerized, …
Securing an online marketplace through the COVID-19-fueled boom
When COVID-19 began to spread around the globe, citizens of many countries were instructed to stay at and work from home. Most non-essential brick-and-mortar shops were closed …
Office 365 phishing campaign uses publicly hosted JavaScript code
A new phishing campaign targeting Office 365 users cleverly tries to bypass email security protections by combining chunks of HTML code delivered via publicly hosted …