Zeljka Zorz
300.000+ users downloaded malware droppers from Google Play
Since August 2021, malware peddlers have managed to spread four families of Android banking trojans via malware droppers introduced in Google Play. They did it by employing a …
After failed fix, researcher releases exploit for Windows EoP flaw (CVE-2021-41379)
A local elevation of privilege vulnerability (CVE-2021-41379) in the Windows Installer that Microsoft supposedly fixed on November 2021 Patch Tuesday is, according to its …
Small businesses urged to protect their customers from card skimming
With Black Friday and Cyber Monday quickly approaching, the UK National Cyber Security Centre (NCSC) is urging small online shops to protect their customers from card skimming …
GoDaddy breach: SSL keys, sFTP, database passwords of WordPress customers exposed
GoDaddy, the popular internet domain registrar and web hosting company, has suffered a data breach that affected over a million of their Managed WordPress customers. What …
How to find hidden spy cameras with a smartphone
Researchers from the National University of Singapore and Yonsei University in South Korea have devised a mobile application that uses smartphones’ time-of-flight (ToF) …
Malicious Python packages employ advanced detection evasion techniques
JFrog researchers have discovered 11 malicious Python packages on PyPI, the official third-party package repository for Python, which have been collectively downloaded over …
What’s stopping consumers from acting on a data breach notice?
Only three percent of consumers implemented a credit freeze after receiving a data breach notice, 11 percent enrolled in credit/data monitoring, and only 22 percent changed …
Researchers shed light on hidden root CAs
How widespread is the use of hidden root CAs and certificates signed by them? To answer that and other questions, a group of researchers from several Chinese and U.S. …
GitHub fixed serious npm registry vulnerability, will mandate 2FA use for certain accounts
GitHub has fixed a serious vulnerability that would have allowed attackers to publish new, malicious versions of any existing package on the npm registry. About the fixed …
Emotet stages a comeback via Trickbot and spam
Emotet is back – a number of researchers have confirmed. About Emotet Emotet is a modular banking trojan that also functions as a downloader of other trojans and …
The latest trends in online cybersecurity learning and training
In this interview with Help Net Security, Mike Hendrickson, VP of Technology & Developer Solutions at educational technology company Skillsoft, talks about the trends in …
How to achieve permanent server hardening through automation
Information security standards such as PCI DSS and ISO 27001 and regulations such as HIPAA and CMMC mandate system hardening as one of the most basic defenses against cyber …
Featured news
Resources
Don't miss
- Hawk Eye: Open-source scanner uncovers secrets and PII across platforms
- The Zoom attack you didn’t see coming
- Sonicwall SMA100 vulnerability exploited by attackers (CVE-2021-20035)
- The UK’s phone theft crisis is a wake-up call for digital security
- Securing digital products under the Cyber Resilience Act