Zeljka Zorz

Hacking for fun and profit: How one researcher is making IoT device makers take security seriously
We should all be so lucky to enjoy our work as much as Ken Munro does. Generally attracted by research that “looks fun” and particularly interested in probing the …

New Rowhammer attack can be used to hack Android devices remotely
Researchers from Vrije Universiteit in Amsterdam have demonstrated that it is possible to use a Rowhammer attack to remotely hack Android phones. What is a Rowhammer attack? …

Twitter reveals security blunder, asks users to change their passwords
330 million Twitter users around the world have been urged to change their account password after a glitch resulted in some of them being stored in plaintext format inside the …

Crypto flaw in Oracle Access Manager can let attackers pass through
A padding oracle vulnerability in Oracle Access Manager (CVE-2018-2879) can be exploited by attackers to bypass authentication and impersonate any user account. About the …

It’s time to update your Cisco WebEx software again!
Cisco has released security updates for a variety of its offerings, including some that fix critical remote code execution vulnerabilities in Webex software, Cisco Secure ACS …

Amazon to kill off censorship-foiling domain fronting option
Secure messaging services and other privacy-oriented tools that rely on domain fronting to foil censorship efforts by various countries have been dealt a severe blow in the …

Facebook announces “Clear History” privacy tool
Facebook has announced new products and redesigns of old ones during its annual F8 developer conference, as well as changes meant to reassure users that the company is doing …

Twitter sold data access to Cambridge Analytica-affiliated researcher
Dr Aleksandr Kogan, the academic behind the personality quiz app that harvested Facebook information of 80+ million people, has also had access to a random sample of public …

UK High Court rules part of Snoopers’ Charter incompatible with EU law
The UK High Court has ruled that part of the Investigatory Powers Act 2016 (nicknamed Snoopers’ Charter) is incompatible with European Union law and the European …

New Drupal RCE vulnerability under active exploitation, patch ASAP!
Yet another Drupal remote code execution vulnerability has been patched by the Drupal security team, who urge users to implement the offered updates immediately as the flaw is …

Gmail users can now send self-destructing emails
Google is slowly rolling out a number of changes for consumer Gmail users and G Suite users. Some of the changes improve usability and productivity, while others are meant to …

MyEtherWallet users robbed after successful DNS hijacking attack
Unknown attackers have managed to steal approximately $150,000 in Ethereum from a number of MyEtherWallet (MEW) users, after having successfully redirected them to a phishing …