Zeljka Zorz
New SolarWinds Serv-U vulnerability targeted in Log4j-related attacks
Attackers looking to exploit recently discovered Log4j vulnerabilities are also trying to take advantage of a previously undisclosed vulnerability in the SolarWinds Serv-U …
Phishers go after business email credentials by impersonating U.S. DOL
Phishers are trying to harvest credentials for Office 365 or other business email accounts by impersonating the U.S. Department of Labor (DOL), Inky‘s researchers have …
VirusTotal Hacking: Finding stolen credentials hosted on VirusTotal
VirusTotal, the popular online service for analyzing suspicious files, URLs and IP addresses, can be used to collect credentials stolen by malware, researchers at SafeBreach …
Phishers’ favorite brands in Q4 2021
International courier and package delivery company DHL heads the list of most imitated brands by phishers and malware peddlers in Q4 2021, according to Check Point Research. …
Ukraine: Wiper malware masquerading as ransomware hits government organizations
In the wake of last week’s attention-grabbing defacements of many Ukrainian government websites, Microsoft researchers have revealed evidence of a malware operation …
Phishers are targeting Office 365 users by exploiting Adobe Cloud
Phishers are creating Adobe Creative Cloud accounts and using them to send phishing emails capable of thwarting traditional checks and some advanced threat protection …
A new multi-platform backdoor is leveraged by an advanced threat actor
A novel multi-platform backdoor dubbed SysJoker has been successfully evading security solutions since mid-2021. “In the Linux and macOS versions, it masquerades as a …
Microsoft fixes wormable RCE in Windows Server and Windows (CVE-2022-21907)
The first Patch Tuesday of 2022 is upon us, and Microsoft has delivered patches for 96 CVE-numbered vulnerabilities, including a wormable RCE flaw in Windows Server …
Detect and identify IoT malware by analyzing electromagnetic signals
Electromagnetic (EM) emanations can be recorded and used to detect and identify malware running on IoT devices, a group of researchers working at IRISA have proven. The setup …
How can SMBs extend their SecOps capabilities without adding headcount?
Which is more important for achieving organizational cybersecurity: security products or security people? The right answer to this (trick) question is that both are equally …
CTO of Security at Salesforce talks e-commerce cybersecurity threat trends for 2022
Online retailers are dealing with more cybersecurity threats than ever before, and the holiday (shopping) season is when they have to fend them off most aggressively. In this …
The Log4j saga: New vulnerabilities and attack vectors discovered
The Apache Log4j saga continues, as several new vulnerabilities have been discovered in the popular library since Log4Shell (CVE-2021-44228) was fixed by releasing Log4j …