Zeljka Zorz
Chrome extension devs must drop deceptive installation tactics
After announcing its intention to limit third-party developers’ access to Chrome’s webRequest API, which is used by many ad-blocking extensions to filter out …
Siemens LOGO!, a PLC for small automation projects, open to attack
LOGO!, a programmable logic controller (PLC) manufactured by Siemens, sports three vulnerabilities that could allow remote attackers to reconfigure the device, access project …
Attackers are exploiting WordPress plugin flaw to inject malicious scripts
Attackers are leveraging an easily exploitable bug in the popular WP Live Chat Support plugin to inject a malicious JavaScript in vulnerable sites, Zscaler warns. The company …
G Suite to get Gmail confidential mode, on by default
Earlier this year, Google introduced Gmail confidential mode for both consumer and G Suite users. While the former were able to use it immediately, the latter depended on …
When it comes to email-based threats, Emotet dominates
Emotet displaced credential stealers, stand-alone downloaders and RATs and became the most prominent threat delivered via email, Proofpoint has shared. According to the …
BlueKeep RDP flaw: Nearly a million Internet-facing systems are vulnerable
Two weeks have passed since Microsoft released security fixes and mitigation advice to defang exploits taking advantage of CVE-2019-0708 (aka BlueKeep), a wormable …
GitHub introduces Dependabot-powered automated security fixes
GitHub, the largest code-hosting site in the world, has announced many new features and changes at the 2019 GitHub Satellite conference that took place last week in Berlin. …
US charges Assange with 17 counts under Espionage Act
The US Department of Justice has hit WikiLeaks founder Julian Assange with 17 charges related to illegally obtaining, receiving and disclosing classified information related …
How mainstream media coverage affects vulnerability management
For better or for worse, mainstream media is increasingly covering particularly dangerous, widespread or otherwise notable security vulnerabilities. The growing coverage has …
Solving the network visibility problem with NaaS
Network visibility is crucial for many things: making sure that the equipment works properly monitoring and tweaking the network’s performance and protecting it against …
If you haven’t yet patched the BlueKeep RDP vulnerability, do so now
There is still no public, working exploit code for CVE-2019-0708, a flaw that could allow an unauthenticated remote attacker to execute remote code on a vulnerable target …
How to write an effective data breach notification?
Data breach notifications sent by companies to affected customers are often unclear and not very helpful, University of Michigan researchers have found. The problem(s) The …
Featured news
Resources
Don't miss
- Okta users under attack: Modern phishing kits are turbocharging vishing attacks
- One-time SMS links that never expire can expose personal data for years
- More employees get AI tools, fewer rely on them at work
- Energy sector orgs targeted with AiTM phishing campaign
- Exposed training apps are showing up in active cloud attacks