Pierluigi Paganini
February 10, 2022
The Uptycs threat research team has been observing an increase in utilization of regsvr32.exe heavily via various types of Microsoft Office documents. The full report that includes Indicators of Compromise (IOCs) is available here: https://www.uptycs.com/blog/attackers-increasingly-adopting-regsvr32-utility-execution-via-office-documents During our analysis of these malware samples, we have identified that some of the malware samples belonged to Qbot and […]
Pierluigi Paganini
February 10, 2022
I transcribed a recent interview, here some questions and answers about nation-state hacking, spyware, and cyber warfare. Enjoy” How has spyware changed the rules of cyber security in recent years? What will cyber security look like now that those tools are all over the internet? In the last decade, we have observed a progressive weaponization […]
Pierluigi Paganini
February 10, 2022
WordPress plugin PHP Everywhere is affected by three critical issues that can be exploited to execute arbitrary code on affected systems. Wordfence experts found three critical remote code execution vulnerabilities in the PHP Everywhere WordPress plugin, all the issues have received a CVSS score of 9.9. The plugin that allows WordPress admins to insert PHP code […]
Pierluigi Paganini
February 10, 2022
The Federal Bureau of Investigation (FBI) warns of an escalation in SIM swap attacks that caused millions of losses. The Federal Bureau of Investigation (FBI) observed an escalation in SIM swap attacks aimed at stealing millions from the victims by hijacking their mobile phone numbers. The FBI reported that US citizens have lost more than […]
Pierluigi Paganini
February 09, 2022
The US CISA warns to address a severe security vulnerability dubbed ICMAD impacting SAP business apps using ICM.. Internet Communication Manager Advanced Desync (ICMAD) is a memory pipes (MPI) desynchronization vulnerability tracked as CVE-2022-22536. An unauthenticated remote attacker could exploit this issue by sending a simple HTTP request to a vulnerable instance and take over it. […]
Pierluigi Paganini
February 09, 2022
The master decryption keys for the Maze, Egregor, and Sekhmet ransomware operations were released last night on the BleepingComputer forums. The master decryption keys for the Maze, Egregor, and Sekhmet ransomware families were released on the BleepingComputer forums by the alleged malware developer. The Maze group was considered one of the most prominent ransomware operations […]
Pierluigi Paganini
February 09, 2022
Google February 2022 Android security updates address two critical flaws, including a remote escalation of privilege. Google has released the February 2022 Android security updates that address two critical vulnerabilities, one of them is a remote escalation of privilege that requires no user interaction for its exploitation. The vulnerability, tracked as CVE-2021-39675, only affects the System […]
Pierluigi Paganini
February 09, 2022
CyberNews researchers discovered five clones of The Pirate Bay serving malicious ads to more than seven million users each month. Original Post @ https://cybernews.com/security/the-pirate-bay-clones-target-millions-of-users-with-malware-and-malicious-ads/ CyberNews security researchers discovered five malicious domains masquerading as alternatives to The Pirate Bay. These domains were serving malicious ads to more than seven million users each month. Malvertising, also known […]
Pierluigi Paganini
February 08, 2022
A cyberattack hit Vodafone Portugal causing severe outages in the country of its communication and television services. Vodafone Portugal suffered a major cyberattack that caused service outages in the country, media reported the temporary disruption of 4G/5G communications and television services. “Vodafone was the target of a network disruption that began on the night of […]
Pierluigi Paganini
February 08, 2022
Data belonging to 6,632 Puma employees was stolen in a December 2021 ransomware attack that hit Ultimate Kronos Group (UKG). Data of 6,632 Puma employees was stolen in a ransomware attack that hit HR management platform Ultimate Kronos Group (UKG) in December. Potentially exposed data includes names, Social Security numbers, and other personal information. The […]
