Zeljka Zorz
4 years after data breach, Slack resets 100,000 users’ passwords
Roughly 100,000 Slack users are getting their password reset and will have to choose a new one. The reason? During the data breach the company suffered in 2015, the attackers …
Malicious Python packages found on PyPI
Researchers have uncovered another batch of malicious Python libraries hosted on Python Package Index (PyPI). The malicious packages PyPI is the official third-party software …
FaceApp privacy panic: Be careful which apps you use
The privacy panic over FaceApp, the selfie-editing mobile app that makes photo subjects younger, older or turns them into members of the opposite sex, has been overblown. The …
Flaw in Iomega, LenovoEMC NAS devices exposes millions of files on the Internet
A vulnerability in legacy Iomega and LenovoEMC network-attached storage (NAS) devices has led to many terabytes of potentially sensitive data being accessible to anyone via …
Researcher releases PoC code for critical Atlassian Crowd RCE flaw
A researcher has released proof-of-concept code for a critical code execution vulnerability (CVE-2019-11580) in Atlassian Crowd, a centralized identity management solution …
Do you have what it takes to be a hardware hacker?
If you ask Yago Hansen, a hacker specialized in Wi-Fi and RF security, curiosity and a willingness to learn and improve your skills are the two things that you absolutely must …
German banks to stop using SMS to deliver second authentication/verification factor
German banks are moving away from SMS-based customer authentication and transaction verification (called mTAN or SMS-TAN), as the method is deemed to be too insecure. …
Citrix plugs critical Citrix SD-WAN flaws, patch ASAP!
Researchers have found critical vulnerabilities in Citrix SD-WAN, one of the most widely used SD-WAN solutions out there, and are urging administrators to patch them as soon …
Magecart compromised 17,000+ sites through unsecured Amazon S3 buckets
We often hear about misconfigured Amazon S3 buckets exposing sensitive business and customer data, but there’s another present danger: Magecart attackers have been …
Inside the NIST team working to make cybersecurity more user-friendly
Cybersecurity is usually not a user’s primary duty, yet they suffer an increasing burden to respond to security warnings, maintain many complex passwords, and make security …
Vulnerable GE anesthesia machines can be manipulated by attackers
A vulnerability affecting several anesthesia and respiratory devices manufactured by General Electric (GE) Healthcare could allow attackers to manipulate the devices’ …
July 2019 Patch Tuesday: Microsoft plugs two actively exploited zero-days
For July 2019 Patch Tuesday, Microsoft has pushed out patches for 78 CVE-numbered vulnerabilities (15 of them critical) and Adobe for three, but none of them in its most …
Featured news
Resources
Don't miss
- Okta users under attack: Modern phishing kits are turbocharging vishing attacks
- One-time SMS links that never expire can expose personal data for years
- More employees get AI tools, fewer rely on them at work
- Energy sector orgs targeted with AiTM phishing campaign
- Exposed training apps are showing up in active cloud attacks