Zeljka Zorz
KeePass update check MitM flaw can lead to malicious downloads
Open source password manager KeePass sports a MitM vulnerability that could allow attackers to trick users into downloading malware disguised as a software update, security …
FBI warns about email extortion attempts following data breaches
FBI’s Internet Crime Complaint Center has issued a public service announcement warning users about email extortion attempts related to recent high-profile data thefts. …
Bug poachers target businesses, demand money for bug info
Businesses are being hit with an extortion attempt based on attackers penetrating their network or websites and stealing corporate or user data. The attackers don’t say …
Windows zero-day exploit offered for sale on underground market
Someone is selling an exploit for a Windows zero-day on an underground market for Russian-speaking cyber criminals, and the current price is set at $90,000. Trustwave …
Improving software security through a data-driven security model
The current software security models, policies, mechanisms, and means of assurance are a relic of the times when software began being developed, and have not evolved along …
Twitter paid out $322,420 in bug bounties
Researchers have proven that bug bounties are a cheaper way for discovering vulnerabilities than hiring full-time bug hunters would be and, in the last few years, many …
65 million Tumblr users’ email addresses, passwords sold on dark web
Email addresses and hashed and salted passwords of 65 million Tumblr users are being sold online by “peace_of_mind,” aka “Peace”, the individual that …
ICS-CERT warns about vulnerable SCADA system that can’t be updated
A web-based SCADA system deployed mainly in the US energy sector sports vulnerabilities that may allow attackers to perform configuration changes and administrative operations …
Faulty TLS implementation opens VISA sites, users to attack
A group of researchers has discovered 184 HTTPS servers that are wide open to attackers looking to inject seemingly valid content into encrypted sessions. Some of these …
ZCryptor ransomware spreads via removable drives
The newly spotted ZCryptor ransomware has also the ability to spread like a worm, Microsoft warns. Once it infects a system, it also copies itself on removable drives, in the …
DNS provider NS1 hit with multi-faceted DDoS attacks
Early last week, DNS and traffic management provider NS1 was hit with a series of DDoS attacks that lasted several days, and managed to impact DNS delivery in the European, …
Microsoft bans common passwords
If you’re using the Microsoft Account service to sign into the various services offered by the company, and you tried to set up a too commonly used password, you have …