Zeljka Zorz
All of Medibank’s stolen data leaked, Australia increases maximum penalties for data breaches
Australian health insurance provider Medibank has confirmed that another batch of the customer data stolen in the recent breach has been leaked. “We are conducting …
LastPass, GoTo announce security incident
LastPass and its affiliate GoTo (formerly LogMeIn) have announced that they suffered a security incident and, in LastPass’ case, a possible data breach. “Based on …
Predatory loan mobile apps grab data, harass users and their contacts
Lookout researchers have discovered nearly 300 Android and iOS apps that trick victims into unfair loan terms, exfiltrate excessive user data from mobile devices, and then use …
Pre-auth RCE in Oracle Fusion Middleware exploited in the wild (CVE-2021-35587)
A pre-authentication RCE flaw (CVE-2021-35587) in Oracle Access Manager (OAM) that has been fixed in January 2022 is being exploited by attackers in the wild, the …
The top 200 most common passwords in 2022 are bad, mkay?
According to NordPass’ latest list of top 200 most common passwords in 2022, “password” is the most popular choice, followed by “123456”, …
A flaw in ConnectWise Control spurred the company to make life harder for scammers
A vulnerability in popular remote access service/platform ConnectWise Control could have been leveraged by scammers to make compromising targets’ computers easier, …
Fake subscription invoices lead to corporate data theft and extortion
A threat actor dubbed Luna Moth has been leveraging social engineering and legitimate software to steal sensitive data and extort money from small and medium-size businesses. …
Google seeks to make Cobalt Strike useless to attackers
Google Cloud’s intelligence research and applications team has created and released a collection of 165 YARA rules to help defenders flag Cobalt Strike components deployed by …
Electronics repair technicians snoop on your data
When your computer or smartphone needs repairing, can you trust repair technicians not to access or steal your personal data? According to the results of a recent research by …
SSVC: Prioritization of vulnerability remediation according to CISA
Given that 2021 was a record year for new vulnerabilities published and threat actors became better at weaponizing vulnerabilities, timely and well-judged vulnerability …
Russian hacktivists hit Ukrainian orgs with ransomware – but no ransom demands
The Ukrainian CERT (CERT-UA) has uncovered an attack campaign aimed at compromising Ukrainian organizations and irretrievably encrypting their files. To do that, they are …
Photos: IRISSCON 2022
IRISSCON, the annual cyber crime-themed conference organized by the Irish Reporting and Information Security Service (IRISS), was held in Dublin, Ireland on Thursday, November …
Featured news
Resources
Don't miss
- Meta open-sources AI tool to automatically classify sensitive documents
- Why SAP security updates are a struggle for large enterprises
- Attackers fake IT support calls to steal Salesforce data
- Google fixes Chrome zero-day with in-the-wild exploit (CVE-2025-5419)
- How to manage your cyber risk in a modern attack surface