Zeljka Zorz
Attackers mount Magento supply chain attack by compromising FishPig extensions
FishPig, a UK-based company developing extensions for the popular Magento open-source e-commerce platform, has announced that its paid software offerings have been injected …
Phishers take aim at Facebook page owners
Phishers are looking to trick owners of Facebook pages with fake notices from the social network (i.e., Meta, the company behind Facebook, Instagram and WhatsApp), in an …
Microsoft fixes exploited zero-day in the Windows CLFS Driver (CVE-2022-37969)
September 2022 Patch Tuesday is here, with fixes for 64 CVE-numbered vulnerabilities in various Microsoft products, including one zero-day (CVE-2022-37969) exploited by …
U-Haul reports data breach, customers’ info exposed
U.S. moving and storage rental company U-Haul has suffered a data breach due to an unauthorized person having accessed an unspecified number of rental contracts, …
Apple fixes actively exploited zero-day in macOS, iOS (CVE-2022-32917)
Apple has fixed a slew of vulnerabilities in macOS, iOS, and iPadOS, including a zero-day kernel vulnerability (CVE-2022-32917) exploited by attackers in the wild. About …
Thousands of QNAP NAS devices hit by DeadBolt ransomware (CVE-2022-27593)
QNAP Systems has provided more information about the latest DeadBolt ransomware campaign targeting users of its network-attached storage (NAS) devices and the vulnerability …
You should know that most websites share your in-site search queries with third parties
If you are using a website’s internal search function, chances are good that your search terms are being leaked to third parties in some form, researchers with …
High-risk ConnectWise Automate vulnerability fixed, admins urged to patch ASAP
ConnectWise has fixed a vulnerability in ConnectWise Automate, a popular remote monitoring and management tool, which could allow attackers to compromise confidential data or …
DeadBolt is hitting QNAP NAS devices via zero-day bug, what to do?
A few days ago – and smack in the middle of the weekend preceding Labor Day (as celebrated in the U.S.) – Taiwan-based QNAP Systems has warned about the latest …
Google invites bug hunters to scrutinize its open source projects
Google wants to improve the security of its open source projects and those projects’ third-party dependencies by offering rewards for bugs found in them. …
Should ransomware payments be banned? A few considerations
Several U.S. states have recently moved to ban local and state agencies and organizations funded by taxpayers’ dollars from paying off ransomware gangs, and a few more …
US-based CISOs get nearly $1 million per year
The role of the Chief Information Security Officer (CISO) is a relatively new senior-level executive position within most organizations, and is still evolving. To find out how …