Pierluigi Paganini
March 22, 2022
Three critical RCE flaws affect hundreds of HP LaserJet Pro, Pagewide Pro, OfficeJet, Enterprise, Large Format, and DeskJet printer models. HP issued a security bulletin warning of a buffer overflow vulnerability, tracked as CVE-2022-3942 (CVSS score 8.4), that could lead to remote code execution on vulnerable devices. “Certain HP Print products and Digital Sending products may […]
Pierluigi Paganini
March 22, 2022
The Lapsus$ extortion group claims to have stolen sensitive data from the identity and access management giant Okta solutions. The gang announced the alleged hack through its Telegram channel and shared a series of screenshots as proof of the hack. Some of the images published by the threat actors appear to be related to the company’s […]
Pierluigi Paganini
March 22, 2022
The Lapsus$ extortion group claims to have hacked Microsoft ‘s internal Azure DevOps server and leaked the source code for some projects. Microsoft recently announced that is investigating claims that the Lapsus$ cybercrime gang breached their internal Azure DevOps source code repositories and stolen data. On Sunday, the Lapsus$ gang announced to have compromised Microsoft’s Azure DevOps […]
Pierluigi Paganini
March 22, 2022
A new email campaign aimed at French entities leverages the Chocolatey Windows package manager to deliver the Serpent backdoor. Proofpoint researchers uncovered a targeted attack leveraging an open-source package installer Chocolatey to deliver a backdoor tracked as Serpent. The campaign targeted French entities in the construction, real estate, and government industries. Experts believe the attacks were […]
Pierluigi Paganini
March 22, 2022
Ukraine CERT (CERT-UA) warns of spear-phishing attacks conducted by UAC-0035 group (aka InvisiMole) on state organizations of Ukraine. The Government Team for Response to Computer Emergencies of Ukraine (CERT-UA) warns of spear-phishing messages conducted by UAC-0035 group (aka InvisiMole) against Ukrainian state bodies. The messages use an archive named “501_25_103.zip”, which contains a shortcut file. Upon opening […]
Pierluigi Paganini
March 21, 2022
Microsoft is investigating claims that the Lapsus$ hacking group breached its internal Azure DevOps source code repositories. Microsoft announced that is investigating claims that the Lapsus$ cybercrime gang breached their internal Azure DevOps source code repositories and stolen data. Over the last months, the gang compromised other prominent companies such as NVIDIA, Samsung, Ubisoft, Mercado […]
Pierluigi Paganini
March 21, 2022
A Ukrainian security researcher has leaked more source code from the Conti ransomware operation to protest the gang’s position on the conflict. Hacker leaked a new version of the Conti ransomware source code on Twitter as retaliation of the gang’s support to Russia The attack against the Conti ransomware and the data leak is retaliation […]
Pierluigi Paganini
March 20, 2022
Anonymous hacked Omega Company, the in-house R&D unit of Transneft, the Russian oil pipeline giant, and leaked stolen data. Anonymous collective claims it has hacked Omega Company, which is the in-house R&D unit of Transneft, the Russia-based state-controlled oil pipeline company. Transneft is the largest oil pipeline company in the world, the hacktivists have stolen […]
Pierluigi Paganini
March 19, 2022
TransUnion South Africa discloses a data breach, threat actors who stolen sensitive data, demanded a ransom payment not to release stolen data. TransUnion South Africa announced that threat actors compromised a company server based in South Africa using stolen credentials. Threat actors have stolen company data and demanded a ransom payment not to release stolen […]
Pierluigi Paganini
March 18, 2022
Google’s TAG team revealed that China-linked APT groups are targeting Ukraine ’s government for intelligence purposes. Google’s Threat Analysis Group (TAG) researchers uncovered cyberespionage operations conducted by the Chinese People’s Liberation Army (PLA) and other China-linked APT groups and that targeted Ukraine ‘s government to gather info on the ongoing conflict. Below is the tweet […]
