December 2019 Patch Tuesday: Microsoft fixes one actively exploited zero-day
For December 2019 Patch Tuesday, Microsoft and Adobe have released the final scheduled security updates for this year. Microsoft’s fixes Microsoft’s security …
Zeljka Zorz
Microsoft demystifies email attack campaigns targeting organizations
Email is attackers’ preferred method for gaining a foothold into organizations. Campaign views, a new type of report available to some Microsoft enterprise customers, …
Compromised passwords used on 44 million Microsoft accounts
44 million Microsoft Azure AD and Microsoft Services accounts were vulnerable to account hijacking due to use of compromised passwords, Microsoft has shared. The discovery was …
G Suite admins get restricted security code option
Earlier this year, Google provided G Suite admins and users with a new 2FA option: one-time security codes based on security keys. Now it offers an new option to make them …
CrackQ: Efficient password cracking for pentesters and red teamers
CrackQ employs automation to make password cracking a faster and more efficient undertaking for pentesters and red teamers. CrackQ dashboard “Regular security testing is …
Crooks are exploiting unpatched Android flaw to drain users’ bank accounts
Hackers are actively exploiting StrandHogg, a newly revealed Android vulnerability, to steal users’ mobile banking credentials and empty their accounts, a Norwegian app …
How are enterprises coping with the security challenges brought on by digital transformation initiatives?
451 Research has polled IT decision makers at 400 larger companies about the current state of cybersecurity in their organizations, the security initiatives they have planned, …
5G IoT security: Opportunity comes with risks
Slowly but surely, 5G digital cellular networks are being set up around the world. It will take years for widespread coverage and use to be achieved, so what better time than …
Apache Solr RCEs with public PoCs could soon be exploited
Two remote code execution (RCE) vulnerabilities in Apache Solr could be exploited by attackers to compromise the underlying server. One – CVE-2019-12409 – has …
Preventing insider threats, data loss and damage through zero trust
With the proliferation of mobile devices and BYOD, ubiquitous and always available internet connectivity and the widespread use of private, public and hybrid cloud solutions, …
Google ups bug bounties for Android flaws, exploits
Google has expanded the Android Security Rewards (ASR) program and increased the bug bounties it’s willing to award for certain kinds of exploits. About the Android …
Twitter finally allows users to delete their phone number without disabling 2FA
Twitter users can finally delete their mobile phone number from their account while still being able to use 2FA to additionally secure it. The move comes after too many …
