Zeljka Zorz
Thousands of QNAP NAS devices hit by DeadBolt ransomware (CVE-2022-27593)
QNAP Systems has provided more information about the latest DeadBolt ransomware campaign targeting users of its network-attached storage (NAS) devices and the vulnerability …
You should know that most websites share your in-site search queries with third parties
If you are using a website’s internal search function, chances are good that your search terms are being leaked to third parties in some form, researchers with …
High-risk ConnectWise Automate vulnerability fixed, admins urged to patch ASAP
ConnectWise has fixed a vulnerability in ConnectWise Automate, a popular remote monitoring and management tool, which could allow attackers to compromise confidential data or …
DeadBolt is hitting QNAP NAS devices via zero-day bug, what to do?
A few days ago – and smack in the middle of the weekend preceding Labor Day (as celebrated in the U.S.) – Taiwan-based QNAP Systems has warned about the latest …
Google invites bug hunters to scrutinize its open source projects
Google wants to improve the security of its open source projects and those projects’ third-party dependencies by offering rewards for bugs found in them. …
Should ransomware payments be banned? A few considerations
Several U.S. states have recently moved to ban local and state agencies and organizations funded by taxpayers’ dollars from paying off ransomware gangs, and a few more …
US-based CISOs get nearly $1 million per year
The role of the Chief Information Security Officer (CISO) is a relatively new senior-level executive position within most organizations, and is still evolving. To find out how …
Patch critical flaw in Atlassian Bitbucket Server and Data Center! (CVE-2022-36804)
A critical vulnerability (CVE-2022-36804) in Atlassian Bitbucket Server and Data Center could be exploited by unauthorized attackers to execute malicious code on vulnerable …
LastPass breach: Source code, proprietary tech info stolen
“An unauthorized party gained access to portions of the LastPass development environment through a single compromised developer account and took portions of source code …
Phishing PyPI users: Attackers compromise legitimate projects to push malware
PyPI, the official third-party software repository for Python packages, is warning about a phishing campaign targeting its users. “We have additionally determined that …
How attackers use and abuse Microsoft MFA
Microsoft has been pushing for the use of multi-factor authentication (MFA) to thwart attackers for many years. But threat actors are keeping up with the increasing enterprise …
Critical RCE bug in GitLab patched, update ASAP! (CVE-2022-2884)
GitLab has fixed a remote code execution vulnerability (CVE-2022-2884) affecting the Community and the Enterprise Edition of its DevOps platform, and has urged admins to …