Zeljka Zorz
Google increases bounties for Chrome, Google Play bugs
Bug hunters searching for security flaws in Google’s offerings are now vying for higher bounties. Microsoft has launched a new bug bounty program. Google’s changes …
Healthcare’s blind spot: Unmanaged IoT and medical devices
From imaging to monitoring systems, infusion pumps to therapeutic lasers and life support machines, medical devices are used to improve and streamline patient care. Many of …
4 years after data breach, Slack resets 100,000 users’ passwords
Roughly 100,000 Slack users are getting their password reset and will have to choose a new one. The reason? During the data breach the company suffered in 2015, the attackers …
Malicious Python packages found on PyPI
Researchers have uncovered another batch of malicious Python libraries hosted on Python Package Index (PyPI). The malicious packages PyPI is the official third-party software …
FaceApp privacy panic: Be careful which apps you use
The privacy panic over FaceApp, the selfie-editing mobile app that makes photo subjects younger, older or turns them into members of the opposite sex, has been overblown. The …
Flaw in Iomega, LenovoEMC NAS devices exposes millions of files on the Internet
A vulnerability in legacy Iomega and LenovoEMC network-attached storage (NAS) devices has led to many terabytes of potentially sensitive data being accessible to anyone via …
Researcher releases PoC code for critical Atlassian Crowd RCE flaw
A researcher has released proof-of-concept code for a critical code execution vulnerability (CVE-2019-11580) in Atlassian Crowd, a centralized identity management solution …
Do you have what it takes to be a hardware hacker?
If you ask Yago Hansen, a hacker specialized in Wi-Fi and RF security, curiosity and a willingness to learn and improve your skills are the two things that you absolutely must …
German banks to stop using SMS to deliver second authentication/verification factor
German banks are moving away from SMS-based customer authentication and transaction verification (called mTAN or SMS-TAN), as the method is deemed to be too insecure. …
Citrix plugs critical Citrix SD-WAN flaws, patch ASAP!
Researchers have found critical vulnerabilities in Citrix SD-WAN, one of the most widely used SD-WAN solutions out there, and are urging administrators to patch them as soon …
Magecart compromised 17,000+ sites through unsecured Amazon S3 buckets
We often hear about misconfigured Amazon S3 buckets exposing sensitive business and customer data, but there’s another present danger: Magecart attackers have been …
Inside the NIST team working to make cybersecurity more user-friendly
Cybersecurity is usually not a user’s primary duty, yet they suffer an increasing burden to respond to security warnings, maintain many complex passwords, and make security …