Hacking

Pierluigi Paganini March 15, 2021
NCSC is not aware of ransomware attacks compromising UK orgs through Microsoft Exchange bugs

The UK’s National Cyber Security Centre (NCSC) urges UK organizations to install the patches for the recently disclosed vulnerabilities in Microsoft Exchange. The UK’s National Cyber Security Centre is urging UK organizations to install security patches for their Microsoft Exchange installs. The UK agency revealed to have helped UK organisations to secure their installs, around […]

Pierluigi Paganini March 15, 2021
Google fixes the third actively exploited Chrome 0-Day since January

Google has addressed a new zero-day flaw in its Chrome browser that has been actively exploited in the wild, the second one within a month Google has fixed a new actively exploited zero-day in its Chrome browser, this is the second zero-day issue addressed by the IT giant within a month. The flaw, tracked as […]

Pierluigi Paganini March 14, 2021
Experts found 15 flaws in Netgear JGS516PE switch, including a critical RCE

Netgear has released security and firmware updates for its JGS516PE Ethernet switch to address 15 vulnerabilities, including a critica remote code execution issue. Netgear has released security and firmware updates to address 15 vulnerabilities in its JGS516PE Ethernet switch, including an unauthenticated remote code execution flaw rated as critical. The flaws were discovered by researchers […]

Pierluigi Paganini March 14, 2021
Google releases Spectre PoC code exploit for Chrome browser

Google released proof-of-concept code to conduct Spectre attacks against its Chrome browser to share knowledge of browser-based side-channel attacks. Google released proof-of-concept code for conducting a Spectre attack against its Chrome browser on GitHub. The experts decided to publish the proof of concept code to demonstrate the feasibility of a web-based Spectre exploit.  The PoC […]

Pierluigi Paganini March 13, 2021
Experts found three new 15-year-old bugs in a Linux kernel module

Three 15-year-old flaws in Linux kernel could be exploited by local attackers with basic user privileges to gain root privileges on vulnerable Linux systems. GRIMM researchers found three vulnerabilities in the SCSI (Small Computer System Interface) component of the Linux kernel, the issues could be exploited by local attackers with basic user privileges to gain root privileges […]

Pierluigi Paganini March 13, 2021
New variant for Mac Malware XCSSET compiled for M1 Chips

Kaspersky researchers spotted a new variant of the XCSSET Mac malware that compiled for devices running on Apple M1 chips. XCSSET is a Mac malware that was discovered by Trend Micro in August 2020, it was spreading through Xcode projects and exploits two zero-day vulnerabilities to steal sensitive information from target systems and launch ransomware […]

Pierluigi Paganini March 12, 2021
10,000+ WeLeakInfo customer records leaked

An actor claimed to have registered one of the domains of WeLeakInfo, accessed details of 10000+ WeLeakInfo’ s customers, and leaked it. WeLeakInfo.com was a data breach notification service that was allowing its customers to verify if their credentials been compromised in data breaches. The service was claiming a database of over 12 billion records from over […]

Pierluigi Paganini March 12, 2021
Researchers warn of a surge in cyber attacks against Microsoft Exchange

Researchers warn of a surge in cyber attacks against Microsoft Exchange servers exploiting the recently disclosed ProxyLogon vulnerabilities. Researchers at Check Point Research team reported that threat actors are actively exploiting the recently disclosed ProxyLogon zero-day vulnerabilities in Microsoft Exchange. On March 2nd, Microsoft released emergency out-of-band security updates that address four zero-day issues (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065) […]

Pierluigi Paganini March 11, 2021
Expert publishes PoC exploit code for Microsoft Exchange flaws

This week a security researcher published on GitHub a proof-of-concept tool to hack Microsoft Exchange servers chaining two of ProxyLogon flaws.  On March 2nd, Microsoft has released emergency out-of-band security updates that address four zero-day issues (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065) in all supported Microsoft Exchange versions that are actively exploited in the wild. The IT giant […]

Pierluigi Paganini March 11, 2021
Hackers stole data from Norway parliament exploiting Microsoft Exchange flaws

Norway parliament, the Storting, has suffered a new cyberattack, hackers stole data by exploiting recently disclosed Microsoft Exchange vulnerabilities. Norway ‘s parliament, the Storting, was hit by a new cyberattack, threat actors stole data exploiting the recently disclosed vulnerabilities in Microsoft Exchange, collectively tracked as ProxyLogon. On March 2nd, Microsoft has released emergency out-of-band security updates that […]