Pierluigi Paganini
September 23, 2022
Sansec researchers warn of a surge in hacking attempts targeting a critical Magento 2 vulnerability tracked as CVE-2022-24086. Sansec researchers are warning of a hacking campaign targeting the CVE-2022-24086 Magento 2 vulnerability. Magento is a popular open-source e-commerce platform owned by Adobe, which is used by hundreds of thousands of e-stores worldwide. In February, Adobe […]
Pierluigi Paganini
September 23, 2022
Australian telecoms company Optus disclosed a data breach, threat actors gained access to former and current customers. Optus, one of the largest service providers in Australia, disclosed a data breach. The intruders gained access to the personal information of both former and current customers. The company is a subsidiary of Singtel with 10.5 million subscribers as of 2019. […]
Pierluigi Paganini
September 22, 2022
A critical vulnerability in Oracle Cloud Infrastructure (OCI) could be exploited to access the virtual disks of other Oracle customers. Wiz researchers discovered a critical flaw in Oracle Cloud Infrastructure (OCI) that could be exploited by users to access the virtual disks of other Oracle customers. An attacker can trigger the flaw to exfiltrate sensitive […]
Pierluigi Paganini
September 22, 2022
More than 350,000 open source projects can be potentially affected by a 15-Year-Old unpatched Python vulnerability More than 350,000 open source projects can be potentially affected by an unpatched Python vulnerability, tracked as CVE-2007-4559 (CVSS score: 6.8), that was discovered 15 years ago. The issue is a Directory traversal vulnerability that resides in the ‘extract’ […]
Pierluigi Paganini
September 22, 2022
Threat actors are targeting unpatched Atlassian Confluence servers as part of an ongoing crypto mining campaign. Trend Micro researchers warn of an ongoing crypto mining campaign targeting Atlassian Confluence servers affected by the CVE-2022-26134 vulnerability. The now-patched critical security flaw was disclosed by Atlassian in early June, at the time the company warned of a […]
Pierluigi Paganini
September 22, 2022
A disgruntled developer seems to be responsible for the leak of the builder for the latest encryptor of the LockBit ransomware gang. The leak of the builder for the latest encryptor of the LockBit ransomware gang made the headlines, it seems that the person who published it is a disgruntled developer. The latest version of […]
Pierluigi Paganini
September 21, 2022
Threat actors targeted tens thousands of unauthenticated Redis servers exposed on the internet as part of a cryptocurrency campaign. Redis, is a popular open source data structure tool that can be used as an in-memory distributed database, message broker or cache. The tool is not designed to be exposed on the Internet, however, researchers spotted […]
Pierluigi Paganini
September 21, 2022
Threat actors have stolen around $160 million worth of digital assets worth from crypto trading firm Wintermute. Malicious actors continue to target organizations in the cryptocurrency industry, the last victim in order of time is crypto trading firm Wintermute. The company made the headlines after that threat actors have stolen around $160 million worth of digital assets. […]
Pierluigi Paganini
September 21, 2022
Cybersecurity company Imperva announced to have mitigated a distributed denial-of-service (DDoS) attack with a total of over 25.3 billion requests. Cybersecurity firm Imperva mitigated a DDoS attack with over 25.3 billion requests on June 27, 2022. According to the experts, the attack marks a new record for Imperva’s application DDoS mitigation solution. The attack targeted an unnamed […]
Pierluigi Paganini
September 20, 2022
Russia-linked APT group Sandworm has been observed impersonating telecommunication providers to target Ukrainian entities with malware. Russia-linked cyberespionage group Sandworm has been observed impersonating telecommunication providers to target Ukrainian entities with malware. Multiple security firms have reported that the Sandworm APT continues to target Ukraine with multiple means, including custom malware and botnet like Cyclops […]
