Pierluigi Paganini
April 25, 2022
State television announced that Iran has foiled massive cyberattacks that targeted public services operated by both government and private organizations. According to the Iran state television, the attack attempts took place in recent days and aimed at the infrastructure of more than 100 public sector agencies. The report did not name entities that were targeted […]
Pierluigi Paganini
April 25, 2022
The number of zero-day vulnerabilities exploited in cyberattacks in the wild exploded in the last years, security firm report. Google and Mandiant have published two reports that highlight a surge in the discovery of zero-day flaws exploited by threat actors in attacks in the wild. Google’s Project Zero researchers reported that 58 zero-day were discovered […]
Pierluigi Paganini
April 24, 2022
Atlassian fixed a critical flaw in its Jira software, tracked as CVE-2022-0540, that could be exploited to bypass authentication. Atlassian has addressed a critical vulnerability in its Jira Seraph software, tracked as CVE-2022-0540 (CVSS score 9.9), that can be exploited by an unauthenticated attacker to bypass authentication. A threat actor could trigger the vulnerability by […]
Pierluigi Paganini
April 24, 2022
OpRussia continues unabated, since declaring ‘cyber war’ on Russia Anonymous has now published approximately 5.8 TB of Russian data. The #OpRussia launched by Anonymous on Russia after the criminal invasion of Ukraine continues to collect successes, the collective claims to have published approximately 5.8 TB of Russian data via DDoSecrets. The collective vows to release […]
Pierluigi Paganini
April 23, 2022
Telecommunication giant T-Mobile confirmed the LAPSUS$ extortion group gained access to its networks in March. Telecom company T-Mobile on Friday revealed that LAPSUS$ extortion gang gained access to its networks. The popular investigator and journalist Brian Krebs first surmised that the LAPSUS$ gang has breached T-Mobile after he reviewed a copy of the private chat messages between members of […]
Pierluigi Paganini
April 23, 2022
Ukraine CERT-UA warns of phishing attacks on state organizations of Ukraine using the topic “Azovstal” and Cobalt Strike Beacon. The Computer Emergency Response Team of Ukraine (CERT-UA) warns of phishing attacks aimed at organizations in the country using the topic “Azovstal”. The phishing message use the subject “Azovstal” and a weaponized office document. Upon opening […]
Pierluigi Paganini
April 22, 2022
Experts disclose an unpatched vulnerability in the RainLoop webmail client, tracked as CVE-2022-29360, that can be exploited to steal users’ emails. RainLoop is an open-source web-based email client used by thousands of organizations, which is affected by a vulnerability, tracked as CVE-2022-29360, that can be exploited to steal users’ emails. The vulnerability is a stored […]
Pierluigi Paganini
April 22, 2022
Taiwanese vendor QNAP warns users to update their NAS Firmware to fix Apache HTTP flaws addressed in the Apache HTTP server last month. Taiwanese vendor QNAP warns users to update their NAS Firmware to address Apache HTTP vulnerabilities, tracked as CVE-2022-22721 and CVE-2022-23943, addressed in the Apache HTTP server in March. “While CVE-2022-22719 and CVE-2022-22720 do […]
Pierluigi Paganini
April 22, 2022
Which hat hackers that participated in the Pwn2Own Miami 2022 hacking contest earned a total of $400,000 for their ICS exploits. The Pwn2Own Miami 2022 is a hacking contest organized by Trend Micro’s Zero Day Initiative (ZDI) that focuses on demonstrating exploits for ICS systems belonging to the following categories: the OPC UA Server, Control […]
Pierluigi Paganini
April 22, 2022
The Lemon_Duck cryptomining botnet is targeting Docker servers to mine cryptocurrency on Linux systems. Crowdstrikes researchers reported that the Lemon_Duck cryptomining botnet is targeting Docker to mine cryptocurrency on Linux systems. The Lemon_Duck cryptomining malware was first spotted in June 2019 by researchers from Trend Micro while targeting enterprise networks. At the time of its first discovery, the bot was […]
