Zeljka Zorz
“Smart city” governments should also be smart about security
While the definition of “smart city” is still under debate, one thing is indisputable: the technologies used to make smart cities a reality are currently acquired …
Analysis reveals the most common causes behind mis-issued SSL/TLS certificates
We should be able to trust public key certificates, but this is the real world: mistakes and “mistakes” happen. Researchers from Indiana University Bloomington …
Imperva explains how their recent security incident happened
In late August, Imperva suffered a security incident, resulting in the compromise of sensitive information of some of their Cloud WAF customers. On Thursday, Imperva CTO Kunal …
Microsoft NTLM vulnerabilities could lead to full domain compromise
Preempt researchers have discovered two vulnerabilities that may allow attackers to bypass a number of protections and mitigations against NTLM relay attacks and, in some …
2FA, HTTPS and private browsing still a mystery to most Americans
Most US adults know what phishing scams are and where they occur, what browser cookies do, and that advertising is the largest source of revenue for most social media …
Critical command execution vulnerability in iTerm2 patched, upgrade ASAP!
A critical vulnerability (CVE-2019-9535) in iTerm2, a macOS terminal emulator frequently used by developers and system administrators, could allow attackers to take control of …
Twitter 2FA phone numbers “inadvertently” used for advertising purposes
Twitter’s Support account published the following announcement on Tuesday: We recently found that some email addresses and phone numbers provided for account security …
October 2019 Patch Tuesday: A small batch of updates from Microsoft, none from Adobe
As predicted by Ivanti’s Chris Goettl, October 2019 Patch Tuesday came with a relatively small number of Microsoft updates and, curiously enough, with no security …
Winning the security fight: Tips for organizations and CISOs
For large organizations looking to build a robust cybersecurity strategy, failure to get the fundamentals in place practically guarantees a disaster. If you ask Matthew …
macOS Catalina: Security and privacy improvements
Apple has released macOS Catalina (v10.15), a new major release of its desktop operating system, which comes with many functional and security and privacy improvements. The …
Cisco closes high-impact vulnerabilities in its security offerings
Cisco has fixed 18 high-impact vulnerabilities affecting several of its security offerings and is advising administrators to test and implement the offered security updates as …
Microsoft: Any form of MFA takes users out of reach of most attacks
The apparent ease with which SIM hijacking attacks are being perpetrated to get the targets’ second authentication factor for crucial accounts (online banking, …
Featured news
Resources
Don't miss
- Okta users under attack: Modern phishing kits are turbocharging vishing attacks
- One-time SMS links that never expire can expose personal data for years
- More employees get AI tools, fewer rely on them at work
- Energy sector orgs targeted with AiTM phishing campaign
- Exposed training apps are showing up in active cloud attacks