Hacking

Pierluigi Paganini October 28, 2023
Bug hunters earned $1,038,250 for 58 unique 0-days at Pwn2Own Toronto 2023

The Pwn2Own Toronto 2023 hacking competition is over, bug hunters earned $1,038,500 for 58 zero-day exploits. The Pwn2Own Toronto 2023 hacking competition is over, the organizers awarded $1,038,250 for 58 unique 0-days. The Team Viettel (@vcslab) won the Master of Pwn with $180K and 30 points. The vulnerabilities exploited by the experts have been disclosed […]

Pierluigi Paganini October 27, 2023
Lockbit ransomware gang claims to have stolen data from Boeing

The Lockbit ransomware gang claims to have hacked the aerospace manufacturer and defense contractor Boeing and threatened to leak the stolen data. The Boeing Company, commonly known as Boeing, is one of the world’s largest aerospace manufacturers and defense contractors.  In 2022, Boeing recorded $66.61 billion in sales, the aerospace giant has 156,000 (2022). The Lockbit ransomware […]

Pierluigi Paganini October 27, 2023
France agency ANSSI warns of Russia-linked APT28 attacks on French entities

France National Agency for the Security of Information Systems warns that the Russia-linked APT28 group has breached several critical networks. The French National Agency for the Security of Information Systems ANSSI (Agence Nationale de la sĂ©curitĂ© des systèmes d’information) warns that the Russia-linked APT28 group has been targeting multiple French organizations, including government entities, businesses, universities, […]

Pierluigi Paganini October 27, 2023
F5 urges to address a critical flaw in BIG-IP

F5 warns customers of a critical vulnerability impacting BIG-IP that could lead to unauthenticated remote code execution. F5 is warning customers about a critical security vulnerability, tracked as CVE-2023-46747 (CVSS 9.8), that impacts BIG-IP and could result in unauthenticated remote code execution. The vulnerability resides in the configuration utility component, it was reported by Michael […]

Pierluigi Paganini October 26, 2023
iLeakage attack exploits Safari to steal data from Apple devices

Boffins devised a new iLeakage side-channel speculative execution attack exploits Safari to steal sensitive data from Macs, iPhones, and iPads. A team of researchers from the University of Michigan, Georgia Institute of Technology, and Ruhr University Bochum has devised a transient side-channel speculative execution attack that exploits the Safari web browser to steal sensitive information […]

Pierluigi Paganini October 26, 2023
Cloudflare mitigated 89 hyper-volumetric HTTP distributed DDoS attacks exceeding 100 million rps

Cloudflare mitigated thousands of hyper-volumetric HTTP distributed denial-of-service (DDoS) attacks exploiting the flaw HTTP/2 Rapid Reset. Cloudflare DDoS threat report of 2023 states that the company has mitigated thousands of hyper-volumetric HTTP distributed denial-of-service attacks. 89 of the attacks mitigated by the company exceeded 100 million requests per second (rps), the largest attack peaked at […]

Pierluigi Paganini October 26, 2023
Winter Vivern APT exploited zero-day in Roundcube webmail software in recent attacks

Russia-linked threat actor Winter Vivern has been observed exploiting a zero-day flaw in Roundcube webmail software. Russian APT group Winter Vivern (aka TA473) has been observed exploiting a zero-day flaw in Roundcube webmail software on October 11, 2023. ESET researchers pointed out that is a different vulnerability than CVE-2020-35730, that the group exploited in other attacks. The Winter […]

Pierluigi Paganini October 25, 2023
Pwn2Own Toronto 2023 Day 1 – organizers awarded $438,750 in prizes

The Pwn2Own Toronto 2023 hacking contest has begun and during the first day, participants received $438,750 in prizes! During the Day 1 of the Pwn2Own Toronto 2023 hacking contest, the organization has awarded a total of $438,750 in prizes! Team Orca of Sea Security received the greatest rewards of the day, the researchers chained two […]

Pierluigi Paganini October 24, 2023
Experts released PoC exploit code for VMware Aria Operations for Logs flaw. Patch it now!

VMware is aware of the availability of a proof-of-concept (PoC) exploit code for an authentication bypass flaw in VMware Aria Operations for Logs. VMware warned customers of the availability of a proof-of-concept (PoC) exploit code for an authentication bypass vulnerability, tracked as CVE-2023-34051, in VMware Aria Operations for Logs (formerly known as vRealize Log Insight). The […]

Pierluigi Paganini October 24, 2023
How did the Okta Support breach impact 1Password?

1Password detected suspicious activity on its Okta instance after the recent compromise of the Okta support system. The password management and security application 1Password announced it had detected suspicious activity on its Okta instance on September 29, but excluded that user data was exposed. The activity is linked to the recent attack on the Okta […]