Pierluigi Paganini
June 16, 2023
Progress Software addressed a third vulnerability impacting its MOVEit Transfer application that could lead to privilege escalation and information disclosure. Progress Software disclosed a new SQL injection vulnerability impacting its MOVEit Transfer application, it is the third issue fixed by the company after: “Progress has discovered a vulnerability in MOVEit Transfer that could lead to escalated privileges […]
Pierluigi Paganini
June 16, 2023
An updated version of the Android remote access trojan GravityRAT can steal WhatsApp backup files and can delete files ESET researchers discovered an updated version of Android GravityRAT spyware that steals WhatsApp backup files and can delete files. The malware is distributed as the messaging apps BingeChat and Chatico. MalwareHunterTeam researchers first shared the hash for […]
Pierluigi Paganini
June 15, 2023
Experts linked the UNC4841 threat actor behind the attacks exploiting the recently patched Barracuda ESG zero-day to China. Mandiant researchers linked the threat actor UNC4841 to the attacks that exploited the recently patched Barracuda ESG zero-day vulnerability to China. “Through the investigation, Mandiant identified a suspected China-nexus actor, currently tracked as UNC4841, targeting a subset […]
Pierluigi Paganini
June 15, 2023
Russia-linked APT group Gamaredon is using a new toolset in attacks aimed at critical organizations in Ukraine. The Gamaredon APT group (aka Shuckworm, Actinium, Armageddon, Primitive Bear, UAC-0010, and Trident Ursa) continues to carry out attacks against entities in Ukraine, including security services, military, and government organizations. Symantec researchers reported that in some cases, the cyberespionage group remained undetected in the […]
Pierluigi Paganini
June 15, 2023
The LockBit ransomware group successfully extorted roughly $91 million from approximately 1,700 U.S. organizations since 2020. According to a joint advisory published by cybersecurity agencies, the LockBit ransomware group has successfully extorted roughly $91 million in about 1,700 attacks against U.S. organizations since 2020. The advisory was published by Cybersecurity and Infrastructure Security Agency (CISA), […]
Pierluigi Paganini
June 14, 2023
Microsoft linked a series of wiping attacks to a Russia-linked APT group, tracked as Cadet Blizzard, that is under the control of the GRU. Microsoft attributes the operations carried out by the Russia-linked APT group tracked as Cadet Blizzard to the Russian General Staff Main Intelligence Directorate (GRU). The IT giant pointed out that Cadet Blizzard is […]
Pierluigi Paganini
June 14, 2023
Hundreds of thousands of online stores are potentially exposed to hacking due to a critical vulnerability in the WooCommerce Stripe Payment Gateway plugin. The WooCommerce Stripe Payment Gateway plugin is affected by a critical vulnerability tracked as CVE-2023-34000. The Stripe plugin extends WooCommerce allowing administrators of the e-commerce sites to take payments directly on their […]
Pierluigi Paganini
June 14, 2023
Learn the shocking truth behind the Balada Injector campaign and find out how to protect your organization from this relentless viral invasion. A deadly cyber campaign has been working silently to undermine website security by exploiting popular WordPress plugins — infiltrating over a million websites and leaving administrators scrambling for solutions. In April 2023, Bleeping […]
Pierluigi Paganini
June 14, 2023
Malware researchers analyzed the application of Large Language Models (LLM) to malware automation investigating future abuse in autonomous threats. Executive Summary In this report we shared some insight that emerged during our exploratory research, and proof of concept, on the application of Large Language Models to malware automation, investigating how a potential new kind of […]
Pierluigi Paganini
June 13, 2023
Microsoft Patch Tuesday security updates for June 2023 fixed 69 flaws in its products, including six critical issues. Microsoft Patch Tuesday security updates for June 2023 fixed 69 vulnerabilities in multiple products, including Microsoft Windows and Windows Components; Office and Office Components; Exchange Server; Microsoft Edge (Chromium-based); SharePoint Server; .NET and Visual Studio; Microsoft Teams; […]
