Zeljka Zorz
Microsoft asks bug hunters to probe on-premises Exchange, SharePoint servers
Bug hunters that discover and report high-impact security vulnerabilities in on-premises Exchange, SharePoint and Skype for Business may earn as much as $26,000 per eligible …
CISA adds Spring4Shell to list of exploited vulnerabilities
It’s been almost a week since the Spring4Shell vulnerability (CVE-2022-22965) came to light and since the Spring development team fixed it in new versions of the Spring …
Log4Shell exploitation: Which applications may be targeted next?
Spring4Shell (CVE-2022-22965) has dominated the information security news these last six days, but Log4Shell (CVE-2021-44228) continues to demand attention and action from …
Spring4Shell: No need to panic, but mitigations are advised
Security teams around the world got another shock on Thursday when news of disclosure of a PoC for an unauthenticated RCE zero-day vulnerability in Spring Core, a massively …
Mars Stealer malware pushed via Google Ads and phishing emails
Cybercriminals trying to foist the Mars Stealer malware onto users seemingly have a penchant for one particulat tactic: disguising it as legitimate, benign software to trick …
How to recruit cybersecurity talent from atypical backgrounds
In this interview with Help Net Security, Max Shuftan, Director of Mission Programs & Partnerships at SANS Institute, talks about how companies and the cybersecurity …
IceID trojan delivered via hijacked email threads, compromised MS Exchange servers
A threat actor is exploiting vulnerable on-prem Microsoft Exchange servers and using hijacked email threads to deliver the IceID (BokBot) trojan without triggering email …
Attackers are exploiting recently patched RCE in Sophos Firewall (CVE-2022-1040)
A critical vulnerability (CVE-2022-1040) in Sophos Firewall is being exploited in the wild to target “a small set of specific organizations primarily in the South Asia …
Beware of old and new tax-themed scams and schemes
April 18 marks the end of the 2022 US tax season and those individuals who are yet to file their taxes should get a move on. But they should not throw caution to the wind, as …
Okta names contractor involved in Lapsus$ gang’s attack
Okta has released additional details about the security incident caused by the Lapsus$ gang, and has named the contractor involved: Sitel. What happened? “Like many SaaS …
Internet crime in 2021: Investment fraud losses soar
Business email compromise/email account compromise scams still have the highest financial toll on victims, but investment fraud has also lead to massive losses last year, …
Microsoft and Okta confirm, detail impact of Lapsus$ gang’s attacks
Recent claims by the cyber extortion gang have been validated by Okta and Microsoft: Lapsus$ have managed to get their hands on some of Microsoft’s source code and have …