Juha Saarinen

Juha Saarinen has been covering the technology sector since the mid-1990s for publications around the world. He has been writing for iTnews since 2010 and also contributes to the New Zealand Herald, the Guardian and Wired's Threat Level section.

He is based in Auckland, New Zealand. Google

Recent articles by Juha Saarinen

Active Directory defaults lead to no-fix PrivEsc vulnerability

Active Directory defaults lead to no-fix PrivEsc vulnerability

Researcher publishes proof-of-concept.
Juha Saarinen May 11 2022 5:20AM Security
Microsoft fixes remote code exec bug in Azure database connector

Microsoft fixes remote code exec bug in Azure database connector

Amazon Redshift ODBC connector found vulnerable.
Juha Saarinen May 10 2022 6:45AM Security
Heroku hackers got account passwords via OAuth token theft

Heroku hackers got account passwords via OAuth token theft

Hashed and salted user passwords exfiltrated.
Juha Saarinen May 6 2022 12:50PM Security
F5 BIG-IP systems vulnerable to remote takeover

F5 BIG-IP systems vulnerable to remote takeover

Update: researchers demonstrate attacks.
Juha Saarinen May 5 2022 1:00PM Security
Heroku forces user password resets

Heroku forces user password resets

API access tokens invalidated.
Juha Saarinen May 5 2022 6:55AM Security
Critical bugs found in Cisco Enterprise NFV software

Critical bugs found in Cisco Enterprise NFV software

Allows guest virtual machine escape and root command injection.
Juha Saarinen May 5 2022 6:31AM Security
Large amount of IoT gear menaced by unpatched DNS vulnerability

Large amount of IoT gear menaced by unpatched DNS vulnerability

Maintainer can't fix bug in uClibc and uClibc-ng libraries.
Juha Saarinen May 4 2022 6:55AM Security
Cisco's late April patch party fixes 11 high-impact bugs

Cisco's late April patch party fixes 11 high-impact bugs

No critical severity bugs this time.
Juha Saarinen Apr 29 2022 11:42AM Security
Microsoft fixes Azure PostgreSQL cross-account database access bug

Microsoft fixes Azure PostgreSQL cross-account database access bug

"ExtraReplica" tenant bypass not exploited.
Juha Saarinen Apr 29 2022 5:51AM Security
Patch now against Linux 'Nimbuspwn' root priv-esc bugs

Patch now against Linux 'Nimbuspwn' root priv-esc bugs

Microsoft code review finds multiple vulnerabilities.
Juha Saarinen Apr 28 2022 11:55AM Security
Microsoft Exchange Server bugs top 2021 most-exploited list

Microsoft Exchange Server bugs top 2021 most-exploited list

Slack patching leaves systems wide open.
Juha Saarinen Apr 28 2022 6:33AM Security
US puts million dollar bounties on Russian hackers' heads

US puts million dollar bounties on Russian hackers' heads

Seven Russian intelligence officers sought.
Juha Saarinen Apr 27 2022 7:07AM Security
Google's VirusTotal service vulnerable for over eight months

Google's VirusTotal service vulnerable for over eight months

Remote code execution and lateral network movement possible.
Juha Saarinen Apr 26 2022 11:38AM Security
Five-Eyes alliance issues Russian cyber attack alert

Five-Eyes alliance issues Russian cyber attack alert

Russia's finger hovers over internet "off-switch".
Juha Saarinen Apr 21 2022 11:53AM Security
Record number of same-old zero days detected in 2021

Record number of same-old zero days detected in 2021

Only two could be described as novel, Google's Project Zero said.
Juha Saarinen Apr 20 2022 6:51AM Security
Stolen Heroku and Travis-CI OAuth tokens used for GitHub repo hacks

Stolen Heroku and Travis-CI OAuth tokens used for GitHub repo hacks

Data downloaded from npm and other organisations.
Juha Saarinen Apr 16 2022 7:42PM Security
Wormable Windows RPC bug warning issued

Wormable Windows RPC bug warning issued

Busy Easter ahead for administrators.
Juha Saarinen Apr 14 2022 6:25AM Security
Local Gits vulnerable to remote code execution

Local Gits vulnerable to remote code execution

"NotGitBleed" creds leak also fixed.
Juha Saarinen Apr 13 2022 12:00PM Security
HP patches critical bugs in Teradici PCoIP software

HP patches critical bugs in Teradici PCoIP software

Over 15 million instances need updating.
Juha Saarinen Apr 13 2022 6:20AM Security
Mandatory cyber security incident reporting now in force

Mandatory cyber security incident reporting now in force

Sugar mills critical assets.
Juha Saarinen Apr 12 2022 9:48AM Security

Log In

  |  Forgot your password?