Zeljka Zorz

Phishers exploiting employees’ layoff, payroll concerns
A few days ago, we outlined several phishing campaigns going after Zoom and WebEx credentials of employees. Two new ones are trying to exploit their (at the moment very …

Google unveils secure remote access service to unburden enterprise VPNs
Google has made available BeyondCorp Remote Access, a cloud-based, zero trust service that allows employees, contractors and partners to securely access specific corporate …

Update MS Office, Paint 3D to plug RCE vulnerabilities
A week after the April 2020 Patch Tuesday, Microsoft has released out-of-band security updates for its Office suite, to fix a handful of vulnerabilities that attackers could …

Phishers exploit Zoom, WebEx brands to target businesses
Proofpoint researchers have spotted and documented email phishing campaigns targeting US companies in a variety of industries with emails impersonating Zoom and Cisco (Webex). …

760+ malicious packages found typosquatting on RubyGems
Researchers have discovered over 760 malicious Ruby packages (aka “gems”) typosquatting on RubyGems, the Ruby community’s gem repository / hosting service. The …

Using Cisco IP phones? Fix these critical vulnerabilities
Cisco has released another batch of fixes for a number of its products. Among the vulnerabilities fixed are critical flaws affecting a variety of Cisco IP phones and Cisco UCS …

US victims lose $13 million from COVID-19-related scams
Successful COVID-19-themed fraud attempts perpetrated in the US, since the beginning of the year resulted in a little over $13 million losses, the Federal Trade Commission has …

Microsoft offers free threat notification service to healthcare, human rights organizations
After recently directly notifying a number of hospitals about vulnerable gateway and VPN appliances in their infrastructure, Microsoft has decided to offer its AccountGuard …

April 2020 Patch Tuesday: Microsoft fixes three actively exploited vulnerabilities
For the April 2020 Patch Tuesday, Adobe plugs 5 flaws and Microsoft 113, three of which are currently being exploited by attackers. Adobe’s updates On this Patch …

Will Zoom manage to retain security-conscious customers?
While Zoom Video Communications is trying to change the public’s rightful perception that, at least until a few weeks ago, Zoom security and privacy were low on their …

VMware plugs critical flaw in vCenter Server, patch ASAP!
VMware has fixed a critical vulnerability (CVE-2020-3952) affecting vCenter Server, which can be exploited to extract highly sensitive information that could be used to …

Beware of fake COVID-19-themed emails from President Trump
As US citizens wait for President Trump’s final decision about whether quarantine will be over by Easter, malware peddlers have already “decided”: quarantine …