Pierluigi Paganini
March 14, 2023
The LockBit ransomware group claims to have stolen confidential data belonging to SpaceX from the systems of Maximum Industries. The LockBit ransomware gang claims to have stolen confidential data of SpaceX after they hacked the systems of production company Maximum Industries. Maximum Industries is a full-service, piece-part production, and contract manufacturing facility. The ransomware gang […]
Pierluigi Paganini
March 14, 2023
Microsoft Patch Tuesday updates for March 2023 addressed 74 vulnerabilities, including a Windows zero-day exploited in ransomware attacks. Microsoft Patch Tuesday security updates for March 2023 addressed 74 new vulnerabilities in Microsoft Windows and Windows Components; Office and Office Components; Edge (Chromium-based); Microsoft Dynamics; Visual Studio; and Azure. Six of the fixed issues are rated […]
Pierluigi Paganini
March 14, 2023
Microsoft warns of large-scale phishing attacks orchestrated with an open-source adversary-in-the-middle (AiTM) phishing kit available in the cybercrime ecosystem Adversary-in-the-middle (AiTM) phishing kits are becoming an essential technology in the cybercrime ecosystem that is used by multiple threat actors to launch phishing attacks. AiTM phishing allows threat actors to circumvent multifactor authentication (MFA) through reverse-proxy functionality. […]
Pierluigi Paganini
March 14, 2023
An unknown threat actor is targeting Government entities and large organizations by exploiting a security flaw in Fortinet FortiOS. Fortinet researchers are warning of an advanced threat actor that is targeting governmental or government-related entities. The unknown threat actor is exploiting a vulnerability in Fortinet FortiOS software, tracked as CVE-2022-41328, that may allow a privileged […]
Pierluigi Paganini
March 13, 2023
A recently discovered Golang-based botnet, dubbed GoBruteforcer, is targeting web servers running FTP, MySQL, phpMyAdmin, and Postgres services Researchers from Palo Alto Networks Unit 42 recently discovered a Golang-based botnet, tracked as GoBruteforcer, which is targeting web servers running FTP, MySQL, phpMyAdmin, and Postgres services. In order to compromise a target system, the samples require […]
Pierluigi Paganini
March 13, 2023
Researchers reported that Dark Pink APT employed a malware dubbed KamiKakaBot against Southeast Asian targets. In February 2023, EclecticIQ researchers spotted multiple KamiKakaBot malware samples that were employed by the Dark Pink APT group (aka Saaiwc) in attacks against government entities in Southeast Asia countries. The activity of the group was first detailed by Group-IB […]
Pierluigi Paganini
March 12, 2023
Acronis downplays the severity of the recent security breach explaining that only a single customer’s account was compromised. The CISO of Acronis downplayed a recent intrusion, revealing that only one customer was impacted. This week a threat actor, who goes online with the moniker “kernelware”, claimed the theft of data from technology firm Acronis and […]
Pierluigi Paganini
March 11, 2023
Researchers observed threat actors deploying PlugX malware by exploiting flaws in Chinese remote control programs Sunlogin and Awesun. Researchers at ASEC (AhnLab Security Emergency response Center) observed threat actors deploying the PlugX malware by exploiting vulnerabilities in the Chinese remote control software Sunlogin and Awesun. Sunlogin RCE vulnerability (CNVD-2022-10270 / CNVD-2022-03672) is known to be […]
Pierluigi Paganini
March 11, 2023
A new version of the Prometei botnet has infected more than 10,000 systems worldwide since November 2022, experts warn. Cisco Talos researchers reported that the Prometei botnet has infected more than 10,000 systems worldwide since November 2022. The crypto-mining botnet has a modular structure and employs multiple techniques to infect systems and evade detection. The Prometei botnet […]
Pierluigi Paganini
March 11, 2023
US CISA added an actively exploited vulnerability in VMware’s Cloud Foundation to its Known Exploited Vulnerabilities Catalog. U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical vulnerability in VMware’s Cloud Foundation, tracked as CVE-2021-39144 (CVSS score: 9.8), to its Known Exploited Vulnerabilities Catalog. The remote code execution vulnerability resides in the XStream open-source library. Unauthenticated attackers […]
