Zeljka Zorz
Qualcomm chips leak crypto data from secure execution environment
A vulnerability in Qualcomm chips could be exploited by attackers to retrieve encryption keys and sensitive information from the chipsets’ secure execution environment, …
The latest DDoS attacks are mostly multi-vector and morph over time
DDoS attacks continue to be an effective means to distract and confuse security teams while inflicting serious damage to brands, according to Neustar. Also, when comparing Q1 …
Which employees receive the most highly targeted email-borne threats?
Workers in R&D/Engineering are the most heavily targeted group of employees within organizations, a new Proofpoint report says, and lower-level employees are at a higher …
Latest numbers show why BEC/EAC scams are here to stay
Extortion has become the second most often reported type of cybercrime, but BEC/EAC scams still reign supreme when it comes to monetary loss (or criminals’ earnings), …
Are your passwords among the 100,000 most breached ones?
Year after year, the list of most often used passwords changes but a little: the latest one, compiled by infosec researcher Troy Hunt and published by the UK National Cyber …
DevSecOps: Fast development without sacrificing safety
DevOps has been a boon to companies looking to shorten the systems development cycle, pushing software developers and IT operations to work together and help their enterprises …
Google will check apps by new developers more thoroughly
In an attempt to thwart Android developers who are set to distribute malicious apps through Google Play, Google will be taking more time when reviewing apps by developers with …
Hackers used credentials of a Microsoft Support worker to access users’ webmail
On Friday, an unknown number of customers of Microsoft’s webmail services (Outlook.com, Hotmail, MSN Mail) received a notice from the company telling them that attackers …
Google introduces many G Suite security enhancements
Last week, the big news from Google Cloud Next 2019 was that phones running Android 7.0 or higher can be turned into a security key for G Suite account 2-step verification. …
Enterprise VPN apps store authentication and session cookies insecurely
CVE-2019-1573, a flaw that makes VPN applications store the authentication and/or session cookies insecurely (i.e. unencrypted) in memory and/or log files, affects a yet to be …
A quarter of phishing emails bypass Office 365 security
Email phishing is one of the most often used – and most successfully used – attack vectors that lead to cybersecurity incidents and breaches. Microsoft is the most …
WPA3 design flaws affect security of new Wi-Fi standard
Researchers have discovered a number of design flaws affecting the security of the recently introduced WPA3 data transmission protocol. Collectively dubbed Dragonblood …