Zeljka Zorz
SAP applications are getting compromised by skilled attackers
Newly provisioned, unprotected SAP applications in cloud environments are getting discovered and compromised in mere hours, Onapsis researchers have found, and vulnerabilities …
Vulnerabilities in ICS-specific backup solution open industrial facilities to attack
Claroty researchers have found and privately disclosed nine vulnerabilities affecting Rockwell Automation’s FactoryTalk AssetCentre, an ICS-specific backup solution. All of …
Zero Trust creator talks about implementation, misconceptions, strategy
A little over a decade ago, John Kindervag outlined the Zero Trust security model. As a VP and Principal Analyst on the Security and Risk Team at Forrester Research, he spent …
MindAPI makes API security research and testing easier
Security researcher David Sopas has published a new open-source project: MindAPI, a mind map with resources for making API security research easier. “I love mind maps. …
VMware patches critical vRealize Operations flaws that could lead to RCE
Two vulnerabilities (CVE-2021-21975, CVE-2021-21983) recently patched by VMware in its vRealize Operations platform can be chained together to achieve unauthenticated remote …
DDoS attacks in 2021: What to expect?
We’re only three months into 2021, and Akamai has mitigated 3 out of the 6 largest DDoS attacks they have ever witnessed. Two of these hit the same company on the same …
Cloud security experts wanted: You can be one of them
A recent study from Boston Consulting Group and analytics firm Faethm has attempted to predict how digitization and technology will upend labor markets in Australia, Germany, …
Attackers tried to insert backdoor into PHP source code
The PHP development team has averted an attempted supply chain compromise that could have opened a backdoor into many web servers. What happened? “[On Sunday, March 28] …
Microsoft offers rewards for security bugs in Microsoft Teams
Microsoft is starting a new Applications Bounty Program, and the first application that they want researchers to find bugs in is Microsoft Teams, its popular business …
Phishers’ perfect targets: Employees getting back to the office
Phishers have been exploiting people’s fear and curiosity regarding breakthroughs and general news related to the COVID-19 pandemic from the very start, and will …
iOS app developers targeted with trojanized Xcode project
“We recently became aware of a trojanized Xcode project in the wild targeting iOS developers thanks to a tip from an anonymous researcher. The malicious project is a …
Automatically mitigate ProxyLogon, detect IoCs associated with SolarWinds attackers’ activities
Microsoft has updated its Defender Antivirus to mitigate the ProxyLogon flaw on vulnerable Exchange Servers automatically, while the Cybersecurity and Infrastructure Security …