Pierluigi Paganini
July 12, 2023
Microsoft announced it has mitigated a cyber attack by a China-linked threat actor, tracked as Storm-0558, which targeted customer emails. Microsoft announced it has mitigated an attack conducted by a China-linked threat actor, tracked as Storm-0558, which targeted customer emails. Storm-0558 threat actors focus on government agencies in Western Europe and were observed conducting cyberespionage, […]
Pierluigi Paganini
July 12, 2023
Microsoft warned today that an unpatched zero-day in multiple Windows and Office products was actively exploited in the wild. Microsoft disclosed an unpatched zero-day vulnerability in multiple Windows and Office products that has been actively exploited in the wild. The issue, tracked as CVE-2023-36884, was exploited by nation-state actors and cybercriminals to gain remote code execution […]
Pierluigi Paganini
July 11, 2023
HCA Healthcare disclosed a data breach that exposed the personal information of roughly 11 million patients. HCA Healthcare this week announced that the personal information of roughly 11 million patients was compromised in a data breach. The organization discovered the security breach on July 5 when a threat actor claimed the hack on an underground […]
Pierluigi Paganini
July 11, 2023
Apple released Rapid Security Response updates for iOS, iPadOS, macOS, and Safari web browser to address an actively exploited zero-day. Apple has released Rapid Security Response updates for iOS, iPadOS, macOS, and Safari web browser to address a zero-day flaw, tracked as CVE-2023-37450, that has been actively exploited in the wild. Tricking the victim into processing specially crafted web content may lead to […]
Pierluigi Paganini
July 11, 2023
Resecurity researchers identified a zero-day Buffer Overflow vulnerability in the Schneider Electric Accutech Manager product. Resecurity identified a zero-day vulnerability in the Schneider Electric Accutech Manager product. The vulnerability, labeled as CVE-2023-29414 and SEVD-2-23-192-03, has been rated high with a CVSS v3.1 Base Score of 7.8. This issue pertains to a Buffer Overflow exploitation (CWE-120) […]
Pierluigi Paganini
July 11, 2023
VMware warns customers of the public availability of an exploit code for the RCE vulnerability CVE-2023-20864 affecting vRealize. VMware warned customers of the availability of an exploit code for the critical RCE vulnerability CVE-2023-20864 in the VMware Aria Operations for Logs analysis tool (formerly vRealize Log Insight). VMware Aria Operations for Networks (formerly vRealize Network Insight) is […]
Pierluigi Paganini
July 11, 2023
Resecurity identified the emergence of adversarial mobile Android-based Antidetect Tooling for Mobile OS-Based Fraud. Resecurity has identified the emergence of adversarial mobile Android-based tools (called “mobile anti-detects”), like Enclave and McFly, as a new frontier in fraud tradecraft evolution. These tools are used by criminals involved in online-banking theft to impersonate compromised account holders and […]
Pierluigi Paganini
July 10, 2023
A Proof-of-Concept (PoC) exploit for the CVE-2023-31998 vulnerability in the Ubiquiti EdgeRouter has been publicly released. The CVE-2023-31998 flaw (CVSS v3 5.9) is a heap overflow issue impacting Ubiquiti EdgeRouters and Aircubes, an attacker can exploit it to potentially execute arbitrary code and interrupt UPnP service to a vulnerable device. The flaw resides in the […]
Pierluigi Paganini
July 10, 2023
Threat actors are targeting NATO and groups supporting Ukraine in a spear-phishing campaign distributing the RomCom RAT. On July 4, the BlackBerry Threat Research and Intelligence team uncovered a spear phishing campaign aimed at an organization supporting Ukraine abroad. The researchers discovered two lure documents submitted from an IP address in Hungary, both targeting upcoming NATO Summit guests who […]
Pierluigi Paganini
July 10, 2023
A zero-day vulnerability in the Revolut payment systems allowed threat actors to steal more than $20 million in early 2022. In early 2022, threat actors exploited a zero-day flaw in Revolut payment systems to steal more than $20 million, reported the Financial Times quoting multiple unnamed sources. The issue resulted from differences between American and […]
