Please turn on your JavaScript for this page to function normally.

Zeljka Zorz

OWASP Top 10
OWASP Top 10 2021: The most serious web application security risks

The definitive OWASP Top 10 2021 list is out, and it shows that broken access control is currently the most serious web application security risk. How is the list compiled? …

Apple
A new zero-day is being exploited to compromise Macs (CVE-2021-30869)

Another zero-day in Apple’s software (CVE-2021-30869) is being actively exploited by attackers, forcing the company to push out security updates for macOS Catalina and …

Nagios
Nagios XI vulnerabilities open enterprise IT infrastructure to attack

Researchers have unearthed 11 vulnerabilities affecting Nagios XI, a widely used enterprise IT infrastructure/network monitoring solution, some of which can be chained to …

Apache OpenOffice
A malicious document could lead to RCE in Apache OpenOffice (CVE-2021-33035)

Apache OpenOffice, one of the most popular open-source office productivity software suites, sports a RCE vulnerability (CVE-2021-33035) that could be triggered via a specially …

VMware
Plug critical VMware vCenter Server flaw before ransomware gangs start exploiting it (CVE-2021-22005)

VMware has fixed 19 vulnerabilities affecting VMware vCenter Server and VMware Cloud Foundation, the most critical of which is CVE-2021-22005. “This vulnerability can be …

US agricultural co-op hit by ransomware, expects food supply chain disruption

New Cooperative Inc., an agricultural cooperative owned by Iowa corn and soy farmers, has been hit by the BlackMatter ransomware group. The attackers are asking the co-op to …

CVE-2021-40444 exploitation
CVE-2021-40444 exploitation: Researchers find connections to previous attacks

The recent targeted attacks exploiting the (at the time) zero-day remote code execution vulnerability (CVE-2021-40444) in Windows via booby-trapped Office documents have been …

Microsoft
Microsoft announces passwordless authentication option for consumers

After offering the passwordless authentication option to enterprise customers in March 2021, Microsoft has now started rolling it out to its consumer segment of users. The …

Patch Tuesday
Microsoft patches actively exploited MSHTML zero-day RCE (CVE-2021-40444)

On September 2021 Patch Tuesday, Microsoft has fixed 66 CVE-numbered vulnerabilities in a wide variety of its solutions. Of these, the most crucial to address is …

Kali Linux 2021.3
Kali Linux 2021.3 released: Kali NetHunter on a smartwatch, wider OpenSSL compatibility, new tools, and more!

Offensive Security has released Kali Linux 2021.3, the latest version of its popular open source penetration testing platform. You can download it or upgrade to it. Kali Linux …

Apple
Apple fixes “zero-click” iMessage zero-day exploited to deliver spyware (CVE-2021-30860)

Apple has released security updates for macOS, iOS, iPadOS, watchOS and Safari that patch two vulnerabilities (CVE-2021-30860, CVE-2021-30858) that are being exploited in …

medical devices
Healthcare cybersecurity: How to prevent the compromise of patient records?

Year after year, the number of data breaches affecting entities in the healthcare industry rises, and 2020 was no exception. The 616 data breaches reported this past year to …

Featured news

Resources

Don't miss

Cybersecurity news
Daily newsletter sent Monday-Friday
Weekly newsletter sent on Mondays
Editor's choice newsletter sent twice a month
Periodical newsletter released whent there is breaking news
Weekly newsletter listing new cybersecurity job positions
Monthly newsletter focusing on open source cybersecurity tools