Zeljka Zorz
Ongoing Office 365-themed phishing campaign targets executives, assistants, financial departments
A sophisticated and highly targeted Microsoft Office 365 phishing campaign is being aimed at C-suite executives, executive assistants and financial departments across numerous …
With data volumes and velocity multiplying, how do you choose the right data security solution?
There is no doubt that the COVID-19 pandemic has caused radical changes in our personal and working lives. The sudden and massive surge of employees working from home and the …
Microsoft releases one-click Exchange On-Premises Mitigation Tool
Microsoft has released Exchange On-Premises Mitigation Tool (EOMT), which quickly performs the initial steps for mitigating the ProxyLogon flaw (CVE-2021-26855) on any …
As attacks on Exchange servers escalate, Microsoft investigates potential PoC exploit leak
Microsoft Exchange servers around the world are still getting compromised via the ProxyLogon (CVE-2021-26855) and three other vulnerabilities patched by Microsoft in early …
Getting your application security program off the ground
IT and security professionals are increasingly concerned about attackers compromising their mission-critical applications. According to a recent Ponemon study, the reasons for …
March 2021 Patch Tuesday: Microsoft fixes yet another actively exploited IE zero-day
As system administrators and security teams around the world are working on ascertaining whether they’ve been breached and compromised via vulnerable Microsoft Exchange …
Exchange Servers targeted via zero-day exploits, have yours been hit?
Microsoft has released out-of-band security updates for seven bugs affecting Microsoft Exchange Servers, four of which are zero-day vulnerabilities being exploited by …
Critical flaw in Rockwell PLCs allows attackers to fiddle with them (CVE-2021-22681)
A critical, easy to exploit vulnerability (CVE-2021-22681) may allow attackers to remotely connect to a number of Rockwell Automation’s programmable logic controllers …
Attackers are looking to exploit critical VMware vCenter Server RCE flaw, patch ASAP!
The day after VMware released fixes for a critical RCE flaw (CVE-2021-21972) found in a default vCenter Server plugin, opportunistic attackers began searching for publicly …
Kali Linux 2021.1 released: Tweaked DEs and terminals, new tools, Kali ARM for Apple Silicon Macs
Offensive Security has released Kali Linux 2021.1, the latest version of its popular open source penetration testing platform. You can download it or upgrade to it. Kali Linux …
CNAME-based tracking increasingly used to bypass browsers’ anti-tracking defenses
As browser-makers move to defang third-party (tracking) cookies, marketers are increasingly switching to alternative tracking techniques. One of these is CNAME cloaking, which …
Accellion FTA attacks, extortion attempts might be the work of FIN11
Mandiant/FireEye researchers have tentatively linked the Accellion FTA zero-day attacks to FIN11, a cybercrime group leveraging CLOP ransomware to extort targeted …