Pierluigi Paganini
December 14, 2021
Google has released Chrome 96.0.4664.110 to address a high-severity zero-day vulnerability, tracked as CVE-2021-4102, exploited in the wild. Google released security updates to address five vulnerabilities in the Chrome web browser, including a high-severity zero-day flaw, tracked as CVE-2021-4102, exploited in the wild. The CVE-2021-4102 flaw is a use-after-free issue in the V8 JavaScript and WebAssembly engine, its exploitation could lead to the execution […]
Pierluigi Paganini
December 14, 2021
The TinyNuke malware is back and now was used in attacks aimed at French users working in manufacturing, technology, construction, and business services. Proofpoint researchers uncovered a campaign exclusively targeting French entities and organizations with operations in France with the banking malware TinyNuke. The attackers used invoice-themed lures targeting entities in manufacturing, industry, technology, finance, and […]
Pierluigi Paganini
December 13, 2021
Boffins discovered bugs in WiFi chips that can be exploited to extract passwords and manipulate traffic by targeting a device’s Bluetooth component. A group of researchers from the University of Darmstadt, University of Brescia, CNIT, and the Secure Mobile Networking Lab, have discovered security vulnerabilities in WiFi chips that can be exploited to extract passwords […]
Pierluigi Paganini
December 13, 2021
The U.S. CISA added 13 new vulnerabilities to the Known Exploited Vulnerabilities Catalog, including Apache Log4Shell Log4j and Fortinet FortiOS issues. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added 13 new vulnerabilities to the Known Exploited Vulnerabilities Catalog, including recently disclosed Apache Log4Shell Log4j and Fortinet FortiOS flaws. Below is the list of new vulnerabilities added […]
Pierluigi Paganini
December 13, 2021
Threat actors are already abusing Log4Shell vulnerability in the Log4j library for malicious purposes such as deploying malware. A few hours ago, researchers at NetLab 360 reported that their Anglerfish and Apacket honeypots were already hit by attacks attempting to trigger the Log4Shell flaw in the Log4j library. The attempts were carried out by Muhstik and Mirai botnets in […]
Pierluigi Paganini
December 13, 2021
Immediately after the disclosure of the Log4Shell flaw in Log4j library threat actors started including the exploit code in Linux botnets. Researchers at NetLab 360 reported that their Anglerfish and Apacket honeypots were already hit by attacks attempting to trigger the Log4Shell flaw in the Log4j library. The attempts were carried out by Muhstik and […]
Pierluigi Paganini
December 12, 2021
Quebec shut down nearly 4,000 of its sites in response to the discovery of the Log4Shell flaw in the Apache Log4j Java-based logging library. Quebec shut down nearly 4,000 of its sites as a preventative measure after the disclosure of a PoC exploit for the Log4Shell flaw (CVE-2021-44228) in the Apache Log4j Java-based logging library. On Friday, 10, 2021, Chinese […]
Pierluigi Paganini
December 12, 2021
A United States court has sentenced to four years in prison for the Russian citizen Oleg Koshkin for his role in Kelihos Botnet development. Oleg Koshkin (41) has been sentenced to 48 months in prison for one count of conspiracy to commit computer fraud and abuse and one count of computer fraud and abuse. Russian […]
Pierluigi Paganini
December 12, 2021
Cofense researchers discovered a new phishing campaign using QR codes targeting German e-banking users in the last weeks. Threat actors continue to use multiple techniques to avoid detection and trick recipients into opening phishing messages, including the use of QR codes. The messages used in a campaign recently discovered by cybersecurity firm Cofense use QR codes […]
Pierluigi Paganini
December 12, 2021
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here. Western Digital SanDisk SecureAccess flaws allow brute force and dictionary attacks New ‘Karakurt’ cybercrime […]
Laws and regulations / December 24, 2025
