Pierluigi Paganini
July 09, 2021
Threat actors have devised a new trick to disable macro security warning that leverage non-malicious docs in malspam attacks. Most of the malspam campaigns leverage weaponized Microsoft Office documents and social engineering techniques to trick recipients into enabling the macros. Now experts from McAfee Labs warn of a novel technique used by threat actors that […]
Pierluigi Paganini
July 09, 2021
Microsoft confirmed that the emergency security updates (KB5005010) correctly address the PrintNightmare Print Spooler vulnerability (CVE-2021-34527). Microsoft says that the emergency security patches released early this week correctly address the PrintNightmare Print Spooler vulnerability (CVE-2021-34527) for all supported Windows versions. Immediately after the release of the updates (KB5004945) multiple researchers questioned its efficiency and explained […]
Pierluigi Paganini
July 08, 2021
A threat actor has deposited 26.99 Bitcoins on one of the cybercrime forums, he aims at purchasing zero-day exploits from other forum members. A threat actor that goes online with the name “integra” has deposited 26.99 Bitcoins on one of the cybercrime forums with the intent to purchase zero-day Exploits from other forum members, researchers from threat intelligence firm Cyble. According to the experts, the […]
Pierluigi Paganini
July 08, 2021
The emergency patch for the PrintNightmare vulnerability released by Microsoft is incomplete and still allows RCE. Yesterday, Microsoft has released an out-of-band KB5004945 security update to address the PrintNightmare vulnerability, unfortunately, the patch is incomplete and still allows remote code execution. Researchers have demonstrated that it is possible to bypass the emergency patch to achieve remote code execution […]
Pierluigi Paganini
July 07, 2021
WildPressure APT is targeting industrial organizations in the Middle East since 2019 and was spotted using now a new malware that targets both Windows and macOS. Researchers from Kaspersky have spotted a new malware used by the WildPressure APT group to targets both Windows and macOS systems. The WildPressure was spotted for the first time […]
Pierluigi Paganini
July 07, 2021
A hacker has leaked claims to have breached pro-Trump GETTR and leaked the private information of almost 90,000 members on a hacking forum. GETTR is a new pro-Trump social media platform created by Jason Miller, a former Trump advisor, the Twitter-like platform suffered a data breach. The security breach comes a few hours after its […]
Pierluigi Paganini
July 06, 2021
Taiwanese vendor QNAP addressed a critical flaw, tracked as CVE-2021-28809, that could be exploited to compromise vulnerable NAS devices. Taiwanese vendor QNAP fixed a critical vulnerability, tracked as CVE-2021-28809, that could be exploited by attackers to compromise vulnerable NAS devices. The vulnerability affects certain legacy versions of HBS 3 Hybrid Backup Sync, it was reported to […]
Pierluigi Paganini
July 05, 2021
CISA and the FBI published guidance for the victims impacted by the REvil supply-chain ransomware attack against Kaseya. CISA and the Federal Bureau of Investigation (FBI) have published guidance for the organizations impacted by the massive REvil supply-chain ransomware attack that hit Kaseya ‘s cloud-based MSP platform. The US agencies provides instructions to affected MSPs and their customers […]
Pierluigi Paganini
July 04, 2021
Kaseya was addressing the zero-day vulnerability that REvil ransomware gang exploited to breach on-premise Kaseya VSA servers. A new supply chain attack made the headlines, on Friday the REvil ransomware gang hit the Kaseya cloud-based MSP platform impacting MSPs and their customers. The REvil ransomware operators initially compromised the Kaseya VSA’s infrastructure, then pushed out […]
Pierluigi Paganini
July 01, 2021
US and UK cybersecurity agencies said the Russia-linked APT28 group is behind a series of large-scale brute-force attacks.US and UK cybersecurity agencies said today that a Russian military cyber unit has been behind a series of brute-force attacks that have targeted the cloud IT resources of government and private sector companies across the world. US […]
Security / September 30, 2025
