Hacking

Pierluigi Paganini May 09, 2024
Mirai botnet also spreads through the exploitation of Ivanti Connect Secure bugs

Threat actors exploit recently disclosed Ivanti Connect Secure (ICS) vulnerabilities to deploy the Mirai botnet. Researchers from Juniper Threat Labs reported that threat actors are exploiting recently disclosed Ivanti Connect Secure (ICS) vulnerabilities CVE-2023-46805 and CVE-2024-21887 to drop the payload of the Mirai botnet. In early January, the software firm reported that threat actors are exploiting two […]

Pierluigi Paganini May 09, 2024
Zscaler is investigating data breach claims

Cybersecurity firm Zscaler is investigating claims of a data breach after hackers offered access to its network. Cybersecurity firm Zscaler is investigating allegations of a data breach following reports that threat actors are offering for sale access to its network. The company confirmed that there is no impact or compromise to its customer, production and […]

Pierluigi Paganini May 08, 2024
LockBit gang claimed responsibility for the attack on City of Wichita

The LockBit ransomware group has added the City of Wichita to its Tor leak site and threatened to publish stolen data. Last week, the City of Wichita, Kansas, was the victim of a ransomware attack and shut down its network to contain the threat. Wichita is the most populous city in the U.S. state of […]

Pierluigi Paganini May 08, 2024
New TunnelVision technique can bypass the VPN encapsulation

TunnelVision is a new VPN bypass technique that enables threat actors to spy on users’ traffic bypassing the VPN encapsulation. Leviathan Security researchers recently identified a novel attack technique, dubbed TunnelVision, to bypass VPN encapsulation. A threat actor can use this technique to force a target user’s traffic off their VPN tunnel using built-in features […]

Pierluigi Paganini May 08, 2024
LiteSpeed Cache WordPress plugin actively exploited in the wild

Threat actors are exploiting a high-severity vulnerability in the LiteSpeed Cache plugin for WordPress to take over web sites. WPScan researchers reported that threat actors are exploiting a high-severity vulnerability in LiteSpeed Cache plugin for WordPress. LiteSpeed Cache for WordPress (LSCWP) is an all-in-one site acceleration plugin, featuring an exclusive server-level cache and a collection […]

Pierluigi Paganini May 08, 2024
Most Tinyproxy Instances are potentially vulnerable to flaw CVE-2023-49606

A critical Remote Code Execution vulnerability in the Tinyproxy service potentially impacted 50,000 Internet-Exposing hosts. Researchers from Cisco Talos reported a use-after-free vulnerability in the HTTP Connection Headers parsing of Tinyproxy 1.11.1 and Tinyproxy 1.10.0. The issue is tracked as CVE-2023-49606 and received a CVSS score of 9.8. The exploitation of the issue can potentially lead […]

Pierluigi Paganini May 08, 2024
UK Ministry of Defense disclosed a third-party data breach exposing military personnel data 

The UK Ministry of Defense disclosed a data breach at a third-party payroll system that exposed data of armed forces personnel and veterans. The UK Ministry of Defense disclosed a data breach impacting a third-party payroll system that exposed data of approximately 272,000 armed forces personnel and veterans. The Ministry of Defence revealed that a […]

Pierluigi Paganini May 07, 2024
MITRE attributes the recent attack to China-linked UNC5221

MITRE published more details on the recent security breach, including a timeline of the attack and attribution evidence. MITRE has shared more details on the recent hack, including the new malware involved in the attack and a timeline of the attacker’s activities. In April 2024, MITRE disclosed a security breach in one of its research […]

Pierluigi Paganini May 05, 2024
NATO and the EU formally condemned Russia-linked APT28 cyber espionage

NATO and the European Union formally condemned cyber espionage operations carried out by the Russia-linked APT28 against European countries. NATO and the European Union condemned cyber espionage operations carried out by the Russia-linked threat actor APT28 (aka “Forest Blizzard”, “Fancybear” or “Strontium”) against European countries. This week the German Federal Government condemned in the strongest […]

Pierluigi Paganini May 03, 2024
Dirty stream attack poses billions of Android installs at risk

Microsoft devised an attack technique, dubbed ‘Dirty Stream,’ impacting widely used Android applications, billions of installations are at risk. Microsoft is warning Android users about a new attack technique, named Dirty Stream, that can allow threat actors to take control of apps and steal sensitive data. The IT giant describes Dirty Stream as an attack pattern, […]