Zeljka Zorz
August 2020 Patch Tuesday: Microsoft fixes two vulnerabilities under attack
On this August 2020 Patch Tuesday: Microsoft has plugged 120 flaws, two of which are being exploited in attacks in the wild Adobe has delivered security updates for Adobe …
Exploits for vBulletin zero-day released, attacks are ongoing
The fix for CVE-2019-16759, a remote code execution vulnerability in vBulletin that was patched in September 2019, is incomplete, security researcher Amir Etemadieh has …
Facebook open-sources a static analyzer for Python code
Need a tool to check your Python-based applications for security issues? Facebook has open-sourced Pysa (Python Static Analyzer), a tool that looks at how data flows through …
Critical ManageEngine ADSelfService Plus RCE flaw patched
A critical vulnerability (CVE-2020-11552) in ManageEngine ADSelfService Plus, an Active Directory password-reset solution, could allow attackers to remotely execute commands …
Researchers flag two zero-days in Windows Print Spooler
In May 2020, Microsoft patched CVE-2020-1048, a privilege escalation vulnerability in the Windows Print Spooler service discovered by Peleg Hadar and Tomer Bar from SafeBreach …
State Department offers $10 million for info on hackers targeting U.S. elections
As the day of the U.S. presidential elections is quickly approaching, election security is again becoming a topic of more and more security discussions. Are the polling booth …
TeamViewer flaw could be exploited to crack users’ password
A high-risk vulnerability (CVE-2020-13699) in TeamViewer for Windows could be exploited by remote attackers to crack users’ password and, consequently, lead to further …
Firefox to block redirect tracking
Mozilla has announced a new Firefox protection feature to stymie a new user tracking technique lately employed by online advertisers: redirect tracking. How does redirect …
PE Tree: Free open source tool for reverse-engineering PE files
PE Tree, a malware reverse-engineering, open source tool developed by the BlackBerry Research and Intelligence team, has been made available for free to the cybersecurity …
Meetup vulnerabilities enabled group takeovers, payment redirections
Two high-risk vulnerabilities in Meetup, a popular online service that’s used to create groups that host local in-person events, allowed attackers to easily take over …
Twitter employees were spear-phished over the phone
Twitter has finally shared more details about how the perpetrators of the recent hijacking of high-profile accounts to push a Bitcoin scam managed to pull it off. The way in …
Cisco fixes critical flaws in data center and SD-WAN solutions
Cisco has released another batch of critical security updates for flaws in Cisco Data Center Network Manager (DCMN) and the Cisco SD-WAN Solution software. Cisco Data Center …