Hacking

Pierluigi Paganini April 30, 2021
UNC2447 cybercrime gang exploited SonicWall Zero-Day before it was fixed

UNC2447 cybercrime gang exploited a zero-day in the Secure Mobile Access (SMA), addressed by SonicWall earlier this year, before the vendor released a fix. Researchers from FireEye’s Mandiant revealed that a sophisticated cybercrime gang tracked as UNC2447 has exploited a zero-day issue (CVE-2021-20016) in SonicWall Secure Mobile Access (SMA) devices, fixed earlier this year, before […]

Pierluigi Paganini April 29, 2021
Purple Lambert, a new malware of CIA-linked Lambert APT group

Cybersecurity firm Kaspersky discovered a new strain of malware that is believed to be part of the arsenal of theUS Central Intelligence Agency (CIA). Cybersecurity firm Kaspersky has discovered a new malware that experts attribute to the US Central Intelligence Agency. Experts from Kaspersky explained that in February 2019, multiple antivirus companies received a collection […]

Pierluigi Paganini April 28, 2021
Google addresses a high severity flaw in V8 engine in Chrome

Google released updates for Chrome 90 that address a new serious issue, tracked as CVE-2021-21227, in the V8 JavaScript engine used by the web browser. Google has released security updates for Chrome 90 that address a new high severity vulnerability, tracked as CVE-2021-21227, that resides in the V8 JavaScript engine used by the web browser. […]

Pierluigi Paganini April 27, 2021
CISA, NIST published an advisory on supply chain attacks

CISA and NIST published a report on software supply chain attacks that shed light on the associated risks and provide instructions on how to mitigate them. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the National Institute of Standards and Technology (NIST) released a joint advisory that provides trends and best practices related to […]

Pierluigi Paganini April 26, 2021
Boffins found a bug in Apple AirDrop that could leak users’ personal info

Experts found a bug in Apple’s wireless file-sharing protocol Apple AirDrop that could expose user’s contact information. Boffins from the Technical University of Darmstadt, Germany, have discovered a privacy issue in Apple’s wireless file-sharing protocol Apple AirDrop that could expose user’s contact information, such as email addresses and phone numbers. “A team of researchers from […]

Pierluigi Paganini April 26, 2021
A supply chain attack compromised the update mechanism of Passwordstate Password Manager

The software company Click Studios was the victim of a supply chain attack, hackers compromised its Passwordstate password management application. Another supply chain attack made the headlines, the Australian software company Click Studios informed its customers of the security breach that impacted its Passwordstate password management application. Passwordstate is the Enterprise Password Management solution used by more […]

Pierluigi Paganini April 25, 2021
Hackers are targeting Soliton FileZen file-sharing servers

Threat actors are exploiting two flaws in the popular file-sharing server FileZen to steal sensitive data from businesses and government organizations. Threat actors are exploiting two vulnerabilities in the popular file-sharing server FileZen, tracked as CVE-2020-5639 and CVE-2021-20655, to steal sensitive data from businesses and government organizations. FileZen servers allow users to share data according to their needs, […]

Pierluigi Paganini April 25, 2021
10,000+ unpatched ABUS Secvest home alarms can be deactivated remotely

10,000+ unpatched ABUS Secvest home alarm systems could be remotely disabled exposing customers to intrusions and thefts. Researchers from Eye Security have found thousands of unpatched ABUS Secvest home alarm systems exposed online despite the vendor has addressed a critical bug (CVE-2020-28973) in January. A remote attacker could exploit the vulnerability to disable alarm systems and expose homes and […]

Pierluigi Paganini April 23, 2021
Evil Maid Attack – Vacuum Hack

Evil Maid Attack – Weaponizing an harmless vacuum cleaner hiding within it a small Rogue Device such as a Raspberry Pi. It is a typical day at the office. You are sitting at your desk, working hard at whatever it is that you do. The cleaning lady is also doing her job nearby, but you […]

Pierluigi Paganini April 22, 2021
Trend Micro flaw actively exploited in the wild

Cybersecurity firm Trend Micro revealed that a threat actor is actively exploiting a flaw, tracked as CVE-2020-24557, in its antivirus solutions to gain admin rights on Windows systems. Security solutions one again are used as attack vectors by threat actors, this time cybersecurity company Trend Micro revealed that attackers are actively exploiting a vulnerability, tracked as CVE-2020-24557, […]