Pierluigi Paganini
January 25, 2024
Hewlett Packard Enterprise (HPE) revealed that Russia-linked APT group Midnight Blizzard gained access to its Microsoft Office 365 email system. Hewlett Packard Enterprise (HPE) revealed that alleged Russia-linked cyberespionage group Midnight Blizzard gained access to its Microsoft Office 365 cloud-based email environment. The attackers were collecting information on the cybersecurity division of the company and […]
Pierluigi Paganini
January 25, 2024
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Atlassian Confluence Data Center and Server Template Injection bug to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an Atlassian Confluence Data Center and Server Template Injection bug, tracked as CVE-2023-22527, to its Known Exploited Vulnerabilities (KEV) catalog. Atlassian recently warned of a critical […]
Pierluigi Paganini
January 24, 2024
Thousands of GitLab servers are vulnerable to zero-click account takeover attacks exploiting the flaw CVE-2023-7028. GitLab has recently released security updates to address two critical vulnerabilities impacting both the Community and Enterprise Edition. The most critical vulnerability, tracked as CVE-2023-7028 (CVSS score 10), is an account takeover via Password Reset. The flaw can be exploited […]
Pierluigi Paganini
January 24, 2024
Researchers released PoC exploit code for a recently disclosed critical authentication bypass flaw in Fortra’s GoAnywhere MFT (Managed File Transfer). Researchers with cybersecurity firm Horizon3’s Attack Team published technical details of the recently disclosed vulnerability CVE-2024-0204 impacting Fortra GoAnywhere MFT. The security experts also published a proof-of-concept (PoC) exploit that allows the creation of new admin users on vulnerable […]
Pierluigi Paganini
January 24, 2024
A ransomware attack against the Finnish IT services provider Tietoevry disrupted the services of some Swedish government agencies and shops. The online services of multiple Swedish government agencies, universities, and commercial activities were disrupted by an Akira ransomware attack that hit the Finnish IT services and enterprise cloud hosting Tietoevry. Tietoevry is a Finnish multinational […]
Pierluigi Paganini
January 23, 2024
Fortra addressed a new authentication bypass vulnerability impacting GoAnywhere MFT (Managed File Transfer) product. Fortra warns customers of a new authentication bypass vulnerability tracked as CVE-2024-0204 (CVSS score 9.8), impacting the GoAnywhere MFT (Managed File Transfer) product. Fortra GoAnywhere Managed File Transfer is a comprehensive solution for secure file transfer, data encryption, and compliance management. It provides […]
Pierluigi Paganini
January 23, 2024
The Australian government announced sanctions for a member of the REvil ransomware group for the Medibank hack that occurred in 2022. The Australian government announced sanctions for Aleksandr Gennadievich Ermakov (aka GustaveDore, aiiis_ermak, blade_runner, JimJones), a Russian national who is a member of the REvil ransomware group. The man is responsible for the cyber attacks […]
Pierluigi Paganini
January 23, 2024
Financial services company LoanDepot disclosed a data breach that impacted roughly 16.6 million individuals. LoanDepot is a financial services company that primarily operates as a mortgage lender. It is one of the largest nonbank lenders in the United States. The company provides a range of mortgage and non-mortgage loan products and services. LoanDepot disclosed this […]
Pierluigi Paganini
January 22, 2024
Apple addressed the first zero-day vulnerability that impacts iPhones, Macs, and Apple TVs. The issue is actively exploited in the wild. Apple released security updates to address a zero-day vulnerability, tracked as CVE-2024-23222, that impacts iPhones, Macs, and Apple TVs. This is the first actively exploited zero-day vulnerability fixed by the company this year. The […]
Pierluigi Paganini
January 22, 2024
Adaptive phishing campaigns are emerging as an increasingly sophisticated threat in the cybersecurity landscape. The phenomenon This phenomenon represents an evolution of traditional phishing tactics, as attackers seek to overcome defenses using more personalized and targeted approaches. In an adaptive phishing campaign, attackers gather specific information about victims through various sources, such as social media, […]
Security / September 09, 2025
