Pierluigi Paganini
January 14, 2023
Most internet-exposed Cacti servers are vulnerable to the critical vulnerability CVE-2022-46169 which is actively exploited in the wild. Cacti is an open-source platform that provides a robust and extensible operational monitoring and fault management framework for users. Researchers from Censys discovered that the majority of internet-exposed Cacti servers are vulnerable to the critical flaw CVE-2022-46169 […]
Pierluigi Paganini
January 14, 2023
French data protection watchdog fined short-form video hosting service TikTok €5 million for breaking cookie consent rules. The Commission nationale de l’informatique et des libertés (CNIL) has fined short-form video hosting service TikTok €5 million (about $5.4 million) for violating cookie consent rules. French data protection watchdog claims that users are not able to refuse cookies, as easily […]
Pierluigi Paganini
January 13, 2023
Gen Digital, formerly Symantec Corporation and NortonLifeLock, warns that hackers breached Norton Password Manager accounts. Gen Digital, formerly Symantec Corporation and NortonLifeLock, informed its customers that threat actors have breached Norton Password Manager accounts in credential-stuffing attacks. The company detected an unusually large volume of failed logins to customer accounts on December 12, 2022, and […]
Pierluigi Paganini
January 13, 2023
A Pro-Russian group named NoName057(16) is targeting organizations in Ukraine and NATO countries with DDoS attacks. A Pro-Russian cybercrime group named NoName057(16) (aka 05716nnm or Nnm05716) is behind a wave of DDoS attacks against organizations in Ukraine and NATO countries, SentinelOne researchers reported. The attacks started in March 2022 and targeted government and critical infrastructure […]
Pierluigi Paganini
January 13, 2023
The cyberattack on Royal Mail, Britain’s postal service, is a ransomware attack that was linked to the LockBit ransomware operation. Royal Mail, the British multinational postal service and courier company, this week announced that a “cyber incident” has a severe impact on its operation. The incident only impacted Royal Mail’s international export services, the company said it is temporarily […]
Pierluigi Paganini
January 13, 2023
Recently patched Fortinet FortiOS SSL-VPN zero-day exploited in attacks against government organizations and government-related targets. Fortinet researchers reported how threat actors exploited the recently patched FortiOS SSL-VPN vulnerability (CVE-2022-42475) in attacks against government organizations and government-related targets. According to Resecurity, a cybersecurity company protecting Fortune 500 globally, the vulnerability was earlier marketed privately by several […]
Pierluigi Paganini
January 12, 2023
Cisco warns of a critical flaw in small business RV016, RV042, RV042G, and RV082 routers, which have reached end of life (EoL). Cisco is warning of a critical vulnerability, tracked as CVE-2023-20025 (CVSS score of 9.0), that impacts small business RV016, RV042, RV042G, and RV082 routers. The IT giant announced that these devices will receive no security […]
Pierluigi Paganini
January 12, 2023
Threat actors are actively exploiting a recently patched critical remote code execution (RCE) vulnerability in Control Web Panel (CWP). Threat actors are actively exploiting a recently patched critical vulnerability, tracked as CVE-2022-44877 (CVSS score: 9.8), in Control Web Panel (CWP). The exploitation attempts began on January 6, 2023, after a proof-of-concept (PoC) exploit code was published […]
Pierluigi Paganini
January 12, 2023
Researchers reported that a threat actor claims to provide access to internal servers at Telegram for $20,000. SafetyDetectives reported that a member of a dark web marketplace is claiming to provide access to internal servers at Telegram for $20,000. The seller claims that the access is permanent because is provided by insiders that are staff […]
Pierluigi Paganini
January 12, 2023
Twitter said that its investigation revealed that users’ data offered for sale online was not obtained from its systems. Twitter provided an update on its investigation launched after data of 200 Million users were offered for sale online. The company has found “no evidence” that the data were obtained by hacking into its systems. Below […]
