Zeljka Zorz
Log4j exploitation risk is not as high as first thought, cyber MGA says
When the Log4Shell vulnerability (CVE-2021-44228) was publicly revealed in December 2021, CISA Director Jen Easterly said that it is the “most serious” vulnerability she has …
End of 2021 witnessed an explosion of RDP brute-force attacks
RDP brute-force attacks continue to be one of the most used attack vectors for breaching enterprise networks, ESET’s latest Threat Report has revealed. RDP brute-force …
A “light” February 2022 Patch Tuesday that should not be ignored
February 2022 Patch Tuesday is here and it’s all-around “light” – light in fixed CVE-numbered vulnerabilities (51), extremely light in critical fixes …
Disaster recovery is critical for business continuity
Business continuity (BC) and disaster recovery (DR) efforts go hand in hand in this digitized world of ours. The former is focused on maintaining business operations rolling …
Google announces threat detection for virtual machines in its cloud
Google is adding a new defensive layer to protect enterprise workloads running in Google Cloud. It’s called Virtual Machine Threat Detection (VMTD), and will help select …
Microsoft: Enterprise MFA adoption still low
While two-factor authentication usage in the consumer space is climbing quickly, enterprises are still straggling when it comes to using multi-factor authentication (MFA) to …
Phishing kits that bypass MFA protection are growing in popularity
The increased use of multi-factor authentication (MFA) has pushed developers of phishing kits to come up with ways to bypass that added account protection measure. A current …
Cisco plugs critical holes in small business routers
Cisco has patched 14 vulnerabilities affecting some of its Small Business RV Series routers, the worst of which may allow attackers to achieve unauthenticated remote code …
Samba bug may allow code execution as root on Linux machines, NAS devices (CVE-2021-44142)
A critical vulnerability (CVE-2021-44142) in Samba, a widely used open source implementation of the Server Message Block (SMB) networking protocol, could allow attackers to …
Attackers connect rogue devices to organizations’ network with stolen Office 365 credentials
Attackers are trying out a new technique to widen the reach of their phishing campaigns: by using stolen Office 365 credentials, they try to connect rogue Windows devices to …
Malware resets Android devices after performing fraudulent wire transfers
If your Android phone initiates a factory reset out of the blue, there’s a chance it has been infected with the BRATA banking malware and you’ve just been ripped …
PolKit vulnerability can give attackers root on many Linux distros (CVE-2021-4034)
A memory corruption vulnerability (CVE-2021-4034) in PolKit, a component used in major Linux distributions and some Unix-like operating systems, can be easily exploited by …
Featured news
Resources
Don't miss
- Creative cybersecurity strategies for resource-constrained institutions
- Product showcase: UserLock IAM for Active Directory
- Cryptomixer crypto laundering service taken down by law enforcement
- Treating MCP like an API creates security blind spots
- Offensive cyber power is spreading fast and changing global security