Zeljka Zorz
UniCredit says personal data of 3 million customers was compromised
Italian global banking and financial services giant UniCredit has announced that its cybersecurity team has identified “a data incident” that resulted in the …
PHP RCE flaw actively exploited to pop NGINX servers
A recently patched vulnerability (CVE-2019-11043) in PHP is being actively exploited by attackers to compromise NGINX web servers, threat intelligence firm Bad Packets has …
Phishers have been targeting UN, UNICEF, Red Cross officials for months – and still do
Researchers have brought to light a longstanding phishing campaign aimed at the UN and its various networks, and a variety of humanitarian organizations, NGOs, universities …
18 iOS apps with stealthy ad clicking code removed from App Store
Wandera researchers have discovered 17 apps in Apple’s App Store that contained a clicker module, designed to perform covert ad fraud-related tasks such as opening web …
Phishing attacks are a complex problem that requires layered solutions
Most cyberattacks start with a social engineering attempt and, most often than not, it takes the form of a phishing email. It’s easy to understand the popularity of this …
Firefox 70 lets users track online trackers
Mozilla has released Firefox 70.0, which delivers performance and power consumption improvements, helpful browser features, new options for developers and, most prominently, …
Microsoft debuts hardware-rooted security for foiling firmware attacks
Microsoft partnered with mainstream chip and computer makers to deliver hardware protection of firmware right out of the box: the so-called Secured-core PCs are aimed at …
Avast breached by hackers who wanted to compromise CCleaner again
Czech security software maker Avast has suffered another malicious intrusion into their networks, but the attackers didn’t accomplish what they apparently wanted: …
Cryptojacking worm compromised over 2,000 Docker hosts
Security researchers have discovered a cryptojacking worm that propagates using containers in the Docker Engine (Community Edition) and has spread to more than 2,000 …
Researcher releases PoC rooting app that exploits recent Android zero-day
Late last month Google Project Zero researcher Maddie Stone detailed a zero-day Android privilege escalation vulnerability (CVE-2019-2215) and revealed that it is actively …
Cisco fixes serious flaws in enterprise-grade Catalyst and Aironet access points
Cisco has released another batch of security updates, the most critical of which fixes a vulnerability that could allow unauthenticated, remote attackers to gain access to …
WAV files spotted delivering malicious code
Attackers have embedded crypto-mining and Metasploit code into WAV audio files to stymie threat detection solutions. “All WAV files discovered adhere to the format of a …