Zeljka Zorz

Microsoft plugs wormable RDP flaw, new speculative execution side channel vulnerabilities
For May 2019 Patch Tuesday, Microsoft has released fixes for 79 vulnerabilities, 22 of which are deemed critical. Among the fixes is that for CVE-2019-0708, a …

What does it take to be an infosec product strategist?
Choosing a security product that will best fit your organization’s needs is a challenge exacerbated by the “polluted, turbulent sea of ineffectual security …

Apple May 2019 security updates fix numerous issues
Another month, another batch of Apple security updates that users of the firm’s computers, phones, tablets, streaming devices and smart watches will be prompted to …

WhatsApp flaw used to install spyware by simply calling the target
A security vulnerability in the popular Facebook-owned end-to-end encrypted messaging app WhatsApp allowed attackers to install spyware on smartphones without any user …

SharePoint servers under attack through CVE-2019-0604
CVE-2019-0604, a critical vulnerability opening unpatched Microsoft SharePoint servers to attack, is being exploited by attackers to install a web shell. The web shell allows …

What CISOs should focus on when deciding on a strategy
The effectiveness of an organization’s security strategy and implementation can sometimes be difficult to assess. Michael Hamilton, President and CISO of CI Security, …

Android Q: Enhanced security for consumers and enterprises
The upcoming, newest version of Android – still only known as “Android Q” – will have many new and improved protections for user privacy. Google has …

WordPress updates are digitally signed at last!
WordPress 5.2 is out and brings a number of functional improvements, but the great news for those who are worried about the security of their installation is the …

Critical flaw allows attackers to take over Cisco Elastic Services Controllers
Cisco has patched a critical, remotely exploitable authentication bypass vulnerability in Cisco Elastic Services Controller (ESC), a popular enterprise software for managing …

Executing a multi-cloud strategy: Crawl, walk, run
Despite many challenges, enterprises are increasingly adopting cloud computing in an effort to become more agile, lower IT costs, and have the ability to scale. Most of those …

Researchers discover highly stealthy Microsoft Exchange backdoor
An extremely stealthy Microsoft Exchange backdoor can read, modify or block emails going through the compromised mail server and even compose and send new emails. LightNeuron …

What will phishers do once push-based MFA becomes widely used?
As phishing continues to be the number one method for initiating a breach, investing in anti-phishing technologies or training – preferably both – should be a …