Zeljka Zorz
CISO do’s and don’ts: Lessons learned
Keeping a business safe from cyber threats while allowing it to thrive is every CISO’s goal. The task is not easy: a CISO has to keep many balls in the air while being …
Sandboxie becomes freeware, soon-to-be open source
Sophos plans to open source Sandboxie, a relatively popular Windows utility that allows users to run applications in a sandbox. Until that happens, they’ve made the …
September 2019 Patch Tuesday: Microsoft plugs two actively exploited zero-days
For the September 2019 Patch Tuesday, Microsoft delivered fixes for 80 CVE-numbered security issues (including to actively exploited zero-days), Adobe fixed flaws in Flash …
Office 365 security: Automated incident response based on playbooks
Five months after introducing Automated Incident Response in Office 365 ATP, Microsoft has announced it’s making it more widely available. Customers who have opted for …
Is your smartphone secretly listening to you?
The question of whether our smartphones are always listening to us is cropping up on online forums and Twitter almost daily, and most users have had the experience of talking …
Critical Exim flaw opens servers to remote code execution, patch now!
The Exim mail transfer agent (MTA) is impacted by a critical vulnerability that may allow local or unauthenticated remote attackers to execute programs with root privileges on …
Cybersecurity issues can’t be solved by simply buying a product
Year after year, data breach losses continue to rise and the cybercrime economy continues to thrive. What is the cybersecurity industry doing wrong? Vendors must genuinely …
Google’s differential privacy library can now be used by anyone
Google has open-sourced a differential privacy library that helps power some of its core products. What it differential privacy? Differential privacy is a method for analyzing …
Firefox now blocks third-party tracking cookies, cryptomining scripts by default
It took a lot of testing and tweaking, but Mozilla’s Firefox browser is finally being delivered with Enhanced Tracking Protection and a web-based cryptomining blocking …
BMC vulnerabilities in Supermicro servers allow remote takeover, data exfiltration attacks
A slew of vulnerabilities affecting the baseboard management controllers (BMCs) of Supermicro servers could be exploited by remote attackers to gain access to corporate …
Attackers are exploiting vulnerable WP plugins to backdoor sites
A group of attackers that has been injecting WordPress-based sites with a script redirecting visitors to malicious and fraudulent pages has now also started backdooring the …
How to reduce the attack surface associated with medical devices
As the number of connected medical devices continues to rise, so does healthcare organizations’ attack surface. “Most medical devices available in the healthcare system today …