Pierluigi Paganini
December 21, 2020
While investigating the recent SolarWinds Orion supply-chain attack security researchers discovered another backdoor, tracked SUPERNOVA. The investigation of the SolarWinds Orion supply-chain attack revealed the existence of another backdoor that was likely used by a separate threat actor. After the initial disclosure of the SolarWinds attack, several teams of researchers mentioned the existence of two […]
Pierluigi Paganini
December 21, 2020
Tens of Al Jazeera employees were targeted in a cyber espionage campaign leveraging a zero-click iOS zero-day vulnerability to hack their iPhones. Researchers from Citizen Lab reported that at least 36 Al Jazeera employees were targeted in a cyber espionage campaign leveraging a zero-click iOS zero-day vulnerability to hack their iPhones. The attackers used an […]
Pierluigi Paganini
December 20, 2020
US DOE confirmed that threat actors behind the recent SolarWinds supply chain attack also hacked the networks of the US NNSA nuclear agency. US DOE confirmed this week that threat actors behind the recent SolarWinds supply chain attack also compromised the networks of the US National Nuclear Security Administration (NNSA) agency. “The Department of Energy […]
Pierluigi Paganini
December 20, 2020
This post includes the details of the COVID-19 themed attacks launched from December 6 – December 19, 2020. December 6 – Drug dealers are selling Pfizer COVID-19 vaccines on the darkweb While the United Kingdom announced the distribution of the COVID19 vaccine to the population drug dealers is selling ‘Pfizer COVID Vaccines.’ December 10 – […]
Pierluigi Paganini
December 19, 2020
Joker’s Stash, the largest carding marketplace online, was shut down by a coordinated operation conducted by the FBI and the Interpol. Joker’s Stash, the largest carding marketplace online, was shut down as a result of a coordinated operation conducted by the FBI and the Interpol. The Joker’s Stash carding platform has been active since October […]
Pierluigi Paganini
December 18, 2020
Threat actors continue to trade critical medical data in the Dark Web while organizations are involved in the response to the COVID-19 pandemic. Cybercrime organizations continue to be very active while pharmaceutical organizations are involved in the development of a COVID-19 vaccine and medicines to cure the infections. Experts from Cyble discovered in several forums on the dark web, the […]
Pierluigi Paganini
December 18, 2020
Microsoft confirms that it was also breached in the SolarWinds supply chain hack, but excluded that the attack impacted its customers. Microsoft has confirmed that it was one of the companies breached in the recent SolarWinds supply chain attack, but the IT giant denied that the nation-state actors compromised its software supply-chain to infect its […]
Pierluigi Paganini
December 17, 2020
The development team behind the Contact Form 7 WordPress plugin discloses an unrestricted file upload vulnerability. Jinson Varghese Behanan from Astra Security discovered an unrestricted file upload vulnerability in the popular Contact Form 7 WordPress vulnerability. The WordPress plugin allows users to add multiple contact forms on their site. “By exploiting this vulnerability, attackers could simply upload files of […]
Pierluigi Paganini
December 17, 2020
FBI says DoppelPaymer ransomware gang is harassing victims who refuse to pay, threatening to send individuals to their homes. FBI is warning of a new escalation in the extortion activities of the DoppelPaymer ransomware gang, the operators have been calling victims, threatening to send individuals to their homes if they don’t pay the ransom. According […]
Pierluigi Paganini
December 17, 2020
KELA researchers analyzed a database recently leaked online that contains data for 1.9 million Chinese Communist Party members in Shanghai. After the announcement of the leak of the database which contains the personal information of 1.9 million Chinese Communist Party (CCP) members in Shanghai, KELA researchers have obtained it. This database includes the members’ name, […]
