Zeljka Zorz
How Kali Linux creators plan to handle the future of penetration testing
Offensive Security might best known as the company behind Kali Linux, the popular (and free) open-source pen testing platform, but its contribution to the information security …
Vulnerable TCP/IP stacks open millions of IoT and OT devices to attack
Forescout researchers have discovered 33 vulnerabilities affecting four open source TCP/IP (communications) stacks used in millions of connected devices worldwide. …
A light December 2020 Patch Tuesday for a no-stress end of the year
On this December 2020 Patch Tuesday: Microsoft has plugged 58 CVEs Adobe has delivered security updates for Lightroom, Experience Manager, and Prelude, and has announced that …
Hackers are targeting the COVID-19 vaccine supply chain
Unknown hackers have been trying to compromise accounts and computer systems of employees in organizations involved in the COVID-19 vaccine supply chain. While it’s …
Open source vulnerabilities go undetected for over four years
For its annual State of the Octoverse report, GitHub has analyzed over 45,000 active code directories to provide insight into open source security (vulnerabilities) and …
Raising defenses against ransomware in healthcare
More than half a decade has passed since ransomware-wielding attackers started focusing on healthcare providers. Despite some initial misgivings about targeting life-saving …
Which security practices lead to best security outcomes?
A proactive technology refresh strategy and a well-integrated tech stack are, according to a recent Cisco report, two security practices that are more likely than many others …
How prevalent is DNS spoofing? Could a repeat of the Dyn/Mirai DDoS attack have the same results?
Two separate groups of academics have recently released research papers based on research into the Domain Name System (DNS). One has found that the overwhelming majority of …
Out-of-band Drupal security updates fix bugs with known exploits
Drupal has released out-of-band security updates to fix two critical code execution flaws (CVE-2020-28948, CVE-2020-28949) in Drupal core, as “there are known exploits …
cPanel 2FA bypass vulnerability can be exploited through brute force
A two-factor authentication (2FA) bypass vulnerability affecting the popular cPanel & WHM software suite may allow attackers to access secured accounts, Digital Defense …
VMware releases workarounds for another critical flaw (CVE-2020-4006)
For the second time in less than a week, VMware is warning about a critical vulnerability (CVE-2020-4006). This time, the affected solutions are VMware Workspace One Access, …
Drupal-based sites open to attack via double extension files (CVE-2020-13671)
Admins of sites running on Drupal are urged to plug a critical security hole (CVE-2020-13671) that may be exploited by attackers to take over vulnerable sites. They have also …