Zeljka Zorz
FaceApp privacy panic: Be careful which apps you use
The privacy panic over FaceApp, the selfie-editing mobile app that makes photo subjects younger, older or turns them into members of the opposite sex, has been overblown. The …
Flaw in Iomega, LenovoEMC NAS devices exposes millions of files on the Internet
A vulnerability in legacy Iomega and LenovoEMC network-attached storage (NAS) devices has led to many terabytes of potentially sensitive data being accessible to anyone via …
Researcher releases PoC code for critical Atlassian Crowd RCE flaw
A researcher has released proof-of-concept code for a critical code execution vulnerability (CVE-2019-11580) in Atlassian Crowd, a centralized identity management solution …
Do you have what it takes to be a hardware hacker?
If you ask Yago Hansen, a hacker specialized in Wi-Fi and RF security, curiosity and a willingness to learn and improve your skills are the two things that you absolutely must …
German banks to stop using SMS to deliver second authentication/verification factor
German banks are moving away from SMS-based customer authentication and transaction verification (called mTAN or SMS-TAN), as the method is deemed to be too insecure. …
Citrix plugs critical Citrix SD-WAN flaws, patch ASAP!
Researchers have found critical vulnerabilities in Citrix SD-WAN, one of the most widely used SD-WAN solutions out there, and are urging administrators to patch them as soon …
Magecart compromised 17,000+ sites through unsecured Amazon S3 buckets
We often hear about misconfigured Amazon S3 buckets exposing sensitive business and customer data, but there’s another present danger: Magecart attackers have been …
Inside the NIST team working to make cybersecurity more user-friendly
Cybersecurity is usually not a user’s primary duty, yet they suffer an increasing burden to respond to security warnings, maintain many complex passwords, and make security …
Vulnerable GE anesthesia machines can be manipulated by attackers
A vulnerability affecting several anesthesia and respiratory devices manufactured by General Electric (GE) Healthcare could allow attackers to manipulate the devices’ …
July 2019 Patch Tuesday: Microsoft plugs two actively exploited zero-days
For July 2019 Patch Tuesday, Microsoft has pushed out patches for 78 CVE-numbered vulnerabilities (15 of them critical) and Adobe for three, but none of them in its most …
U.S. Coast Guard shares cybersecurity best practices for commercial vessels
Spurred by a recent cyber incident they were called in to help resolve, the U.S. Coast Guard has detailed basic measures to improve vessels ‘cybersecurity. Basic cyber …
A fileless campaign is dropping the Astaroth info-stealer
Attackers are delivering the Astaroth info-stealing backdoor by leveraging a combination of fileless malware and “living off the land” techniques, …
Featured news
Resources
Don't miss
- Cybercriminals exploit RMM tools to steal real-world cargo
- Former ransomware negotiators allegedly targeted US firms with ALPHV/BlackCat ransomware
- How nations build and defend their cyberspace capabilities
- Uncovering the risks of unmanaged identities
- Deepfakes, fraud, and the fight for trust online