Pierluigi Paganini
March 11, 2023
A new version of the Prometei botnet has infected more than 10,000 systems worldwide since November 2022, experts warn. Cisco Talos researchers reported that the Prometei botnet has infected more than 10,000 systems worldwide since November 2022. The crypto-mining botnet has a modular structure and employs multiple techniques to infect systems and evade detection. The Prometei botnet […]
Pierluigi Paganini
March 11, 2023
US CISA added an actively exploited vulnerability in VMware’s Cloud Foundation to its Known Exploited Vulnerabilities Catalog. U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability in VMware’s Cloud Foundation, tracked as CVE-2021-39144 (CVSS score: 9.8), to its Known Exploited Vulnerabilities Catalog. The remote code execution vulnerability resides in the XStream open-source library. Unauthenticated attackers […]
Pierluigi Paganini
March 10, 2023
AT&T is warning some of its customers that some of their information was exposed after the hack of a third-party vendor’s system. AT&T is notifying millions of customers that some of their information was exposed after a third-party vendor was hacked. CPNI is information related to the telecommunications services purchased by the customers, including the […]
Pierluigi Paganini
March 09, 2023
Akamai has mitigated the largest DDoS (distributed denial of service) attack ever, which peaked at 900.1 gigabits per second. Akamai reported that on February 23, 2023, at 10:22 UTC, it mitigated the largest DDoS attack ever. The attack traffic peaked at 900.1 gigabits per second and 158.2 million packets per second. The record-breaking DDoS was launched against a […]
Pierluigi Paganini
March 09, 2023
Alleged China-linked threat actors infected unpatched SonicWall Secure Mobile Access (SMA) appliances with a custom backdoor. Mandiant researchers reported that alleged China-linked threat actors, tracked as UNC4540, deployed custom malware on a SonicWall SMA appliance. The malware allows attackers to steal user credentials, achieve persistence through firmware upgrades, and provides shell access. The analysis of a […]
Pierluigi Paganini
March 09, 2023
The recently discovered Windows ransomware IceFire now also targets Linux enterprise networks in multiple sectors. SentinelLabs researchers discovered new Linux versions of the recently discovered IceFire ransomware that was employed in attacks against several media and entertainment organizations worldwide. The ransomware initially targeted only Windows-based systems, with a focus on technology companies. IceFire was first detected in […]
Pierluigi Paganini
March 09, 2023
A threat actor tracked as 8220 Gang has been spotted using a new crypter called ScrubCrypt in cryptojacking campaigns. Fortinet researchers observed the mining group 8220 Gang using a new crypter called ScrubCrypt in cryptojacking attacks. “Between January and February 2023, FortiGuard Labs observed a payload targeting an exploitable Oracle Weblogic Server in a specific […]
Pierluigi Paganini
March 09, 2023
CloudBees vulnerabilities in the Jenkins open-source automation server can be exploited to achieve code execution on targeted systems. Researchers from cloud security firm Aqua discovered a chain of two vulnerabilities in the Jenkins open-source automation server that could lead to code execution on targeted systems. Jenkins is the most popular open source automation server, it is […]
Pierluigi Paganini
March 08, 2023
North Korea-linked Lazarus APT group exploits a zero-day vulnerability in attacks aimed at a South Korean financial entity. ASEC (AhnLab Security Emergency Response Center) observed North Korea-linked Lazarus APT group exploiting a zero-day vulnerability in an undisclosed software to breach a financial business entity in South Korea. The nation-state actors breached twice the company in one year. The first […]
Pierluigi Paganini
March 08, 2023
China-linked APT group Sharp Panda targets high-profile government entities in Southeast Asia with the Soul modular framework. CheckPoint researchers observed in late 2022, a campaign attributed to the China-linked APT group Sharp Panda that is targeting a high-profile government entity in the Southeast Asia. The state-sponsored hackers used a new version of the SoulSearcher loader, which eventually loads a new […]
