Pierluigi Paganini
November 11, 2020
Muhstik botnet leverages known web application exploits to compromise IoT devices, now it targeting Oracle WebLogic, Drupal. Muhstik is a botnet that is known to use web application exploits to compromise IoT devices, it has been around for at least 2018. Botnet operators monetize their efforts via XMRig, combined with DDoS-for-hire services. The botnet leverages IRC servers for command-and-control […]
Pierluigi Paganini
November 11, 2020
Ragnar Locker Ransomware operators have started to run Facebook advertisements to force their victims into paying the ransom. In November 2019, ransomware operators have started adopting a new double-extortion strategy first used by the Maze gang that sees threat actors also stealing unencrypted files before encrypting infected systems. Then the attackers threaten to release the stolen […]
Pierluigi Paganini
November 11, 2020
The European Union this week agreed to tighten up rules for the sale and export of dual-use technology. European Parliament votes to tighten up rules for the sale and export of surveillance and encryption technology. EU lawmakers and the European Council aim to update controls for the sale of dual-use solutions such as surveillance spyware, […]
Pierluigi Paganini
November 11, 2020
Microsoft Patch Tuesday updates for November 2020 address 112 flaws, including a Windows bug that was chained with Chrome issues in attacks. Microsoft Patch Tuesday updates for November 2020 address 112 vulnerabilities in multiple products, including Microsoft Windows, Office and Office Services and Web Apps, Internet Explorer (IE), Edge (EdgeHTML-based and Chromium-based), ChakraCore, Exchange Server, […]
Pierluigi Paganini
November 10, 2020
Multiple critical vulnerabilities affecting the Ultimate Member plugin could be easily exploited to potentially takeover up to 25K websites. Multiple critical vulnerabilities in the Ultimate Member plugin could be easily exploited to take over websites, the issue potentially impact up to 100K installs. The Ultimate Member WordPress plugin allows admins to easily manage membership to […]
Pierluigi Paganini
November 10, 2020
Security researchers discovered today an npm package that contains malicious code designed to steal sensitive Discord and browser files. Sonatype researcher Ax Sharma discovered an npm package, dubbed discord.dll, that contains malicious code designed to steal sensitive files from a user’s browsers and Discord application. The malicious JavaScript library was uploaded to the npm packet repository […]
Pierluigi Paganini
November 10, 2020
Ransomware operators use fake Microsoft Teams updates to deploy Cobalt Strike and compromise the target networks. Ransomware operators are using malicious fake Microsoft Teams updates to deliver backdoors that lead the installation of the Cobalt Strike post-exploitation tool and compromise the target network. The ongoing COVID-19 pandemic is forcing a growing number of organizations and […]
Pierluigi Paganini
November 10, 2020
Researchers from Kaspersky Lab spotted a new Android banking Trojan, dubbed Ghimob, that is able to steal data from 112 financial Apps Ghimob is a new Android banking Trojan discovered by Kaspersky that is able to steal data from 112 financial apps. In July, cybersecurity researchers from Kaspersky Lab have detailed four different families of […]
Pierluigi Paganini
November 10, 2020
Millions of hotel guests worldwide were impacted by a data leak caused by a misconfigured S3 bucket used by Prestige Software’s Cloud Hospitality. Researchers at Website Planet discovered a misconfigured S3 bucket used by the Prestige Software’s Cloud Hospitality that exposed millions of hotel guests worldwide. The reservation system Prestige Software’s “Cloud Hospitality” allows operators […]
Pierluigi Paganini
November 09, 2020
While investigating a cyber attack on the Microsoft Exchange server of an organization in Kuwait, experts found two new Powershell backdoors. Security experts from Palo Alto Networks have spotted two never-before-detected Powershell backdoors while investigating an attack on Microsoft Exchange servers at an organization in Kuwait. Experts attribute the attack to a known threat actor […]
Cyber Crime / December 08, 2025
