Zeljka Zorz

Emotet: A veritable Swiss Army knife of malicious capabilities
Formerly just a banking Trojan, Emotet is now one of the most dangerous and multifaceted malware out there. According to Malwarebytes, it and Trickbot are part of the reason …

Facebook plans to integrate WhatsApp, Messenger and Instagram
The New York Times offers the option but is not on by default, and Instagram offers none. “This move could be potentially be good or bad for security/privacy. But given …

Vulnerable cloud infrastructure experiencing increasing attacks
Attackers are increasingly targeting vulnerable cloud infrastructure to exploit it for covert cryptojacking or to deliver ransomware, Securonix researchers warn. Some attacks …

PHP PEAR supply chain attack: Backdoor added to installer
Some additional details have emerged about the recent security breach involving the PHP PEAR (PHP Extension and Application Repository) webserver, but much is still unknown. …

Cisco fixes security holes in SD-WAN, Webex, Small Business routers
Cisco has fixed a heap of security holes in a variety of its products, including a critical one affecting its SD-WAN Solution. Cisco SD-WAN vulnerabilities The most critical …

Apple delivers security patches, plugs an RCE achievable via FaceTime
Apple has released a new set of updates for its various products, plugging a wide variety of vulnerabilities. WatchOS, tvOS, Safari and iCloud Let’s start with …

Cybercriminals increasingly taking aim at businesses
2018 has been the year when cryptominers first dethroned ransomware as the most prevalent threat due to a meteoric spike in Bitcoin value in late 2017, then slowly trailed off …

0patch releases micropatch for Windows Contacts RCE zero-day
ACROS Security, the creators of 0patch, have released a micropatch for a recently revealed zero-day RCE flaw affecting Windows. About the vulnerability and the micropatch …

Bug in widespread Wi-Fi chipset firmware can lead to zero-click code execution
A vulnerability in the firmware of a Wi-Fi chipset that is widely used in laptops, streaming, gaming and a variety of “smart” devices can be exploited to …

Microsoft launches Azure DevOps bug bounty program
Microsoft has launched yet another bug bounty program and is urging security researchers to look into the security of Azure DevOps, its cloud service for collaborating on code …

Most Facebook users aren’t aware that Facebook tracks their interests
Too many Facebook users aren’t aware that the company uses the information provided by them and their actions on the platform and outside of it to create a list of their …

Mining malware evades agent-based cloud security solutions
Cloud infrastructures are a growing target for threat actors looking to mine cryptocurrency, as their vast computational power allows them to multiply the mining …
Featured news
Resources
Don't miss
- Attackers breached ConnectWise, compromised customer ScreenConnect instances
- Product showcase: Smarter pentest reporting and exposure management with PlexTrac
- CISO 3.0: Leading AI governance and security in the boardroom
- Review: Metasploit, 2nd Edition
- Security awareness training isn’t stopping breaches. Can AI help?