Pierluigi Paganini
July 27, 2022
Threat actors are increasingly abusing Internet Information Services (IIS) extensions to maintain persistence on target servers. Microsoft warns of threat actors that are increasingly abusing Internet Information Services (IIS) extensions to establish covert backdoors into servers and maintain persistence in the target networks. IIS backdoors are also hard to detect because they follow the same […]
Pierluigi Paganini
July 26, 2022
Qakbot malware operators are using the Windows Calculator to side-load the malicious payload on target systems. Security expert ProxyLife and Cyble researchers recently uncovered a Qakbot campaign that was leveraging the Windows 7 Calculator app for DLL side-loading attacks. Dynamic-link library (DLL) side-loading is an attack method that takes advantage of how Microsoft Windows applications handle DLL […]
Pierluigi Paganini
July 26, 2022
Thera actors are exploiting a zero-day vulnerability to steal payment information from sites using the open source e-commerce platform PrestaShop. Threat actors are targeting websites using open source e-commerce platform PrestaShop by exploiting a zero-day flaw, tracked as CVE-2022-36408, that can allow to execute arbitrary code and potentially steal customers’ payment information. PrestaShop is currently used by 300,000 shops worldwide […]
Pierluigi Paganini
July 25, 2022
Multiple flaws in FileWave mobile device management (MDM) product exposed organizations to cyberattacks. Claroty researchers discovered two vulnerabilities in the FileWave MDM product that exposed more than one thousand organizations to cyber attacks. FIleWave MDM is used by organizations to view and manage device configurations, locations, security settings, and other device data. An organization may […]
Pierluigi Paganini
July 24, 2022
North Korea-linked APT37 group targets high-value organizations in the Czech Republic, Poland, and other countries. Researchers from the Securonix Threat Research (STR) team have uncovered a new attack campaign, tracked as STIFF#BIZON, targeting high-value organizations in multiple countries, including Czech Republic, and Poland. The researchers attribute this campaign to the North Korea-linked APT37 group, aka […]
Pierluigi Paganini
July 23, 2022
The U.S. DoJ seized $500,000 worth of Bitcoin from North Korea-linked threat actors who are behind the Maui ransomware. The U.S. Department of Justice (DoJ) has seized $500,000 worth of Bitcoin from North Korean threat actors who used the Maui ransomware to target several organizations worldwide. “The Justice Department today announced a complaint filed in […]
Pierluigi Paganini
July 22, 2022
Threat actors hacked the Ukrainian radio station TAVR Media and broadcasted fake news on the critical health condition of President Volodymyr Zelensky Threat actors breached the Ukrainian radio station TAVR Media this week, the attackers spread a fake message on the health status of the Zelensky. The Kyiv Independent reported that a music program on […]
Pierluigi Paganini
July 22, 2022
The spyware developed by Israeli surveillance firm Candiru exploited recently fixed CVE-2022-2294 Chrome zero-day in attacks on journalists. Researchers from the antivirus firm Avast reported that the DevilsTongue spyware, developed, by Israeli surveillance firm Candiru, was used in attacks against journalists in the Middle East and exploited recently fixed CVE-2022-2294 Chrome zero-day. The flaw, which […]
Pierluigi Paganini
July 22, 2022
A threat actor tracked as TA4563 is using EvilNum malware to target European financial and investment entities. A threat actor, tracked as TA4563, leverages the EvilNum malware to target European financial and investment entities, Proofpoint reported. The group focuses on entities with operations supporting foreign exchanges, cryptocurrency, and decentralized finance (DeFi). The EvilNum is a […]
Pierluigi Paganini
July 21, 2022
Threat actors targeted a large software development company in Ukraine using the GoMet backdoor. Researchers from Cisco Talos discovered an uncommon piece of malware that was employed in an attack against a large Ukrainian software development company. The software development company produces software that is used by various state organizations in Ukraine. Researchers believe that […]
Malware / September 13, 2025
