Pierluigi Paganini
January 31, 2024
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apple improper authentication bug to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an Apple improper authentication bug, tracked as CVE-2022-48618, to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerability can allow an attacker with arbitrary read and write capability to bypass Pointer […]
Pierluigi Paganini
January 31, 2024
Ivanti warns of two new vulnerabilities in its Connect Secure and Policy Secure products, one of which is actively exploited in the wild. Ivanti is warning of two new high-severity vulnerabilities in its Connect Secure and Policy Secure solutions respectively tracked as CVE-2024-21888 (CVSS score: 8.8) and CVE-2024-21893 (CVSS score: 8.2). The software company also warned that […]
Pierluigi Paganini
January 30, 2024
Hundreds of compromised credentials of customers of RIPE, APNIC, AFRINIC, and LACNIC are available on the dark web, Resecurity warns. Resecurity conducted a thorough scan of the Dark Web and identified over 1,572 compromised customers of RIPE, Asia-Pacific Network Information Centre (APNIC), the African Network Information Centre (AFRINIC), and the Latin America and Caribbean Network […]
Pierluigi Paganini
January 30, 2024
Energy management and industrial automation firm Schneider Electric suffered a data breach after a Cactus ransomware attack. Schneider Electric is a multinational company that specializes in energy management, industrial automation, and digital transformation. BleepingComputer first reported the attack that hit the Sustainability Business division of the company on January 17th. BleepingComputer contacted Schneider Electric which […]
Pierluigi Paganini
January 29, 2024
A flaw in Microsoft Outlook can be exploited to access NTLM v2 hashed passwords by tricking users into opening a specially crafted file. The vulnerability CVE-2023-35636 impacting Microsoft Outlook is a Microsoft Outlook information disclosure issue that could be exploited by threat actors to access NT LAN Manager (NTLM) v2 hashed passwords. NTLMv2, which stands […]
Pierluigi Paganini
January 29, 2024
Ukraine’s security service (SBU) detained an alleged member of the pro-Russia hacker group “the Cyber Army of Russia.” Ukraine’s security service, the SBU, announced that it has identified and detained an alleged member of the pro-Russia hacker group known as the Cyber Army of Russia. The news was first reported by The Record Media. The hacktivists […]
Pierluigi Paganini
January 28, 2024
Multiple proof-of-concept (PoC) exploits for recently disclosed critical Jenkins vulnerability CVE-2024-23897 have been released. Researchers warn that several proof-of-concept (PoC) exploits targeting the recently disclosed critical Jenkins vulnerability, CVE-2024-23897, have been made public. Jenkins is the most popular open source automation server, it is maintained by CloudBees and the Jenkins community. The automation server supports developers […]
Pierluigi Paganini
January 28, 2024
Medusa ransomware gang claimed responsibility for the attack against the Kansas City Area Transportation Authority (KCATA). On January 23, 2023, the Kansas City Area Transportation Authority (KCATA) suffered a ransomware attack. The Kansas City Area Transportation Authority (KCATA) is a public transit agency in metropolitan Kansas City. It operates the Metro Area Express (MAX) bus […]
Pierluigi Paganini
January 27, 2024
The Main Intelligence Directorate of Ukraine’s Ministry of Defense states that pro-Ukraine hackers wiped 2 petabytes of data from a Russian research center. The Main Directorate of Intelligence of the Ministry of Defense of Ukraine revealed that pro-Ukraine hackers group “BO Team” wiped the database of the Far Eastern Scientific Research Center of Space Hydrometeorology […]
Pierluigi Paganini
January 27, 2024
Bug bounty hunters earned more than $1.3 million for hacking Teslas, infotainment systems, and electric vehicle chargers at the Pwn2Own Automotive competition. The Zero Day Initiative’s Pwn2Own Automotive competition has ended, participants demonstrated 49 zero-day vulnerabilities affecting automotive products earning a total of $1,323,750. The amazing Synacktiv team won the competition and earned a total […]
