Pierluigi Paganini
December 26, 2022
Cybersecurity researchers exposed new evasion techniques adopted by an advanced malware downloader called GuLoader. CrowdStrike researchers d a detailed multiple evasion techniques implemented by an advanced malware downloader called GuLoader (aka CloudEyE). GuLoader uses a polymorphic shellcode loader to avoid traditional security solutions, the experts mapped all embedded DJB2 hash values for every API used by the […]
Pierluigi Paganini
December 25, 2022
Experts warn of a critical Linux Kernel vulnerability (CVSS score of 10) impacting SMB servers that can lead to remote code execution. A critical Linux kernel vulnerability (CVSS score of 10) exposes SMB servers with ksmbd enabled to hack. KSMBD is a Linux kernel server that implements SMB3 protocol in kernel space for sharing files […]
Pierluigi Paganini
December 25, 2022
Threat actors are actively exploiting a critical flaw in the YITH WooCommerce Gift Cards Premium WordPress plugin installed by over 50,000 websites. Hackers are actively exploiting a critical vulnerability, tracked as CVE-2022-45359 (CVSS v3: 9.8), affecting the WordPress plugin YITH WooCommerce Gift Cards Premium. The YITH WooCommerce Gift Cards Premium plugin allows websites of online stores to […]
Pierluigi Paganini
December 25, 2022
A threat actor is claiming they have obtained data of 400,000,000 Twitter users and is offering it for sale. A threat actor claims they have obtained data of 400,000,000 Twitter users and is attempting to sell it. The seller claims the database is private, he provided a sample of 1,000 accounts as proof of claims […]
Pierluigi Paganini
December 24, 2022
The cybersecurity researcher RE-Solver discovered Backdoor credentials in ZyXEL LTE3301-M209 LTE indoor routers. Security researcher ReSolver announced the discovery of hardcoded credentials (CVE-2022-40602) in ZyXEL LTE3301-M209 LTE indoor routers. In previous research, the expert discovered a Telnet backdoor in D-Link DWR-921 which is also present in the ZyXEL LTE3301-M209 as well. The researcher analyzed the […]
Pierluigi Paganini
December 23, 2022
Online sports betting company BetMGM suffered a data breach and threat actors offered for sale a database containing the data of 1.5 million customers. On December 21, the online sports betting company BetMGM disclosed a data breach while threat actors offered for sale a database containing the information of 1,569,310 million BetMGM customers. “We breached BetMGM’s […]
Pierluigi Paganini
December 23, 2022
An Iranian group hacked dozens of CCTV cameras in Israel in 2021 and maintained access for a long period of time. An Iranian group of hackers, known as Moses Staff, had seized control of dozens of Israeli CCTV cameras, the hack was known to the authorities that did nothing to stop it, reported The Times […]
Pierluigi Paganini
December 22, 2022
Microsoft spotted an upgraded variant of the Zerobot botnet that spreads by exploiting Apache vulnerabilities. Microsoft Threat Intelligence Center (MSTIC) researchers discovered a new variant of the Zerobot botnet (aka ZeroStresser) that was improved with the capabilities to target more Internet of Things (IoT) devices. The IT giant is tracking this cluster of threat activity […]
Pierluigi Paganini
December 22, 2022
North Korea-linked threat actors have stolen an estimated $1.2 billion worth of cryptocurrency and other virtual assets in the past five years. South Korea’s spy agency, the National Intelligence Service, estimated that North Korea-linked threat actors have stolen an estimated 1.5 trillion won ($1.2 billion) in cryptocurrency and other virtual assets in the past five […]
Pierluigi Paganini
December 21, 2022
Play ransomware attacks target Exchange servers with a new exploit that bypasses Microsoft’s ProxyNotShell mitigations. Play ransomware operators target Exchange servers using a new exploit chain, dubbed OWASSRF by Crowdstrike, that bypasses Microsoft’s mitigations for ProxyNotShell vulnerabilities. The ProxyNotShell flaws are: they impact Exchange Server 2013, 2016, and 2019, an authenticated attacker can trigger them […]
