Breaking News

Pierluigi Paganini November 02, 2024
FBI arrested former Disney World employee for hacking computer menus and mislabeling allergy info

A former Disney World employee hacked servers after being fired, altering prices, adding profanities, and mislabeling allergy info. A former Walt Disney World employee hacked servers after being fired by the company. He is accused of changing prices, adding profanities, and falsely labeling items as allergy-safe. The FBI arrested the man last week, falsely declaring […]

Pierluigi Paganini November 02, 2024
Sophos details five years of China-linked threat actors’ activity targeting network devices worldwide

Sophos used custom implants to monitor China-linked thret actors targeting firewall zero-days in a years-long battle. Sophos revealed a years-long “cat-and-mouse” battle with China-linked threat actors, using custom implants to track the attackers’ activities. Since 2018, Sophos has faced increasingly aggressive campaigns, including the India-based Sophos subsidiary Cyberoam, where attackers exploited a wall-mounted display for […]

Pierluigi Paganini November 02, 2024
PTZOptics cameras zero-days actively exploited in the wild

Hackers are exploiting two zero-day vulnerabilities, tracked as CVE-2024-8956 and CVE-2024-8957, in PTZOptics cameras. Threat actors are attempting to exploit two zero-day vulnerabilities, tracked as CVE-2024-8956 and CVE-2024-8957, in PTZOptics pan-tilt-zoom (PTZ) live streaming cameras, GretNoise researchers warn. GreyNoise discovered the two flaws while investigating the use of an exploit detected by its LLM-powered threat-hunting tool Sift. The company discovered […]

Pierluigi Paganini October 31, 2024
Threat actor says Interbank refused to pay the ransom after a two-week negotiation

Peruvian Interbank confirmed a data breach after threat actors accessed its systems and leaked stolen information online. Interbank, formally the Banco Internacional del PerĂș Service Holding S.A.A. is a leading Peruvian provider of financial services has over 2 million customers. Interbank disclosed a data breach after a threat actor claimed the hack of the organization and leaked stolen […]

Pierluigi Paganini October 31, 2024
QNAP fixed second zero-day demonstrated at Pwn2Own Ireland 2024

QNAP addressed the second zero-day vulnerability demonstrated by security researchers during the recent Pwn2Own Ireland 2024. Taiwanese manufacturer QNAP patched the second zero-day vulnerability, tracked as CVE-2024-50387, which was exploited by security researchers during the recent Pwn2Own Ireland 2024. The vulnerability is a SQL injection (SQLi) issue that impacts the QNAP’s SMB Service. The researcher YingMuo […]

Pierluigi Paganini October 31, 2024
New version of Android malware FakeCall redirects bank calls to scammers

The latest FakeCall malware version for Android intercepts outgoing bank calls, redirecting them to attackers to steal sensitive info and bank funds. Zimperium researchers spotted a new version of the FakeCall malware for Android that hijacks outgoing victims’ calls and redirects them to the attacker’s phone number. The malware allows operators to steal bank users’ […]

Pierluigi Paganini October 30, 2024
Russia-linked Midnight Blizzard APT targeted 100+ organizations with a spear-phishing campaign using RDP files

Microsoft warns of a new phishing campaign by Russia-linked APT Midnight Blizzard targeting hundreds of organizations. Microsoft warns of a large-scale spear-phishing campaign by Russia-linked APT Midnight Blizzard (aka APT29, SVR group, BlueBravo, Cozy Bear, Nobelium, Midnight Blizzard, and The Dukes), targeting 1,000+ users across 100+ organizations for intelligence gathering. The Midnight Blizzard group along with APT28 cyber espionage group was involved in the Democratic National […]

Pierluigi Paganini October 30, 2024
Google fixed a critical vulnerability in Chrome browser

Google addressed a critical vulnerability in its Chrome browser, tracked as CVE-2024-10487, which was reported by Apple. Google has patched a critical Chrome vulnerability, tracked as CVE-2024-10487, reported by Apple Security Engineering and Architecture (SEAR) on October 23, 2024. The vulnerability is an out-of-bounds write issue that resides in the Dawn implementation. Dawn is an open-source […]

Pierluigi Paganini October 29, 2024
International law enforcement operation dismantled RedLine and Meta infostealers

A global law enforcement operation disrupted RedLine and Meta infostealers, seizing their infrastructure and making arrests. The Dutch police announced it has dismantled infrastructure used by RedLine and Meta infostealers as part of an international law enforcement operation led by Eurojust that was code-named Operation Magnus. RedLine and META targeted millions of victims worldwide, according to Eurojust […]

Pierluigi Paganini October 29, 2024
Fog and Akira ransomware attacks exploit SonicWall VPN flaw CVE-2024-40766

Fog and Akira ransomware operators are exploiting SonicWall VPN flaw CVE-2024-40766 to breach enterprise networks. Fog and Akira ransomware operators are exploiting the critical SonicWall VPN vulnerability CVE-2024-40766 (CVSS v3 score: 9.3) to breach corporate networks via SSL VPN access. CVE-2024-40766  is an Improper Access Control Vulnerability impacting SonicWall SonicOS, the company addressed it in August […]