Pierluigi Paganini
November 13, 2020
Schneider Electric released advisories for multiple flaws, including issues that can allow taking control of Modicon M221 PLCs. Schneider Electric released security advisories for multiple vulnerabilities impacting various products, including four issues that can be exploited by attackers to take control of Modicon M221 programmable logic controllers (PLCs). Four encryption and authentication issues in Modicon […]
Pierluigi Paganini
November 12, 2020
The popular children’s online playground Animal Jam has suffered a data breach that affected more than 46 million accounts. Animal Jam is a safe, award-winning online playground for kids created by WildWorks. Kids aging 7 through 11 can play games, personalize their favorite animal, learn fun facts, and so much more. Animal Jam currently has […]
Pierluigi Paganini
November 12, 2020
CostaRicto APT is targeting South Asian financial institutions and global entertainment companies with undocumented malware. Blackberry researchers have documented the activity of a hackers-for-hire group, dubbed CostaRicto, that has been spotted using a previously undocumented piece of malware to target South Asian financial institutions and global entertainment companies. “During the past six months, the BlackBerry Research […]
Pierluigi Paganini
November 12, 2020
Cybersecurity researchers spotted a new modular PoS malware, dubbed ModPipe, that targets PoS restaurant management software from Oracle. ESET researchers discovered a new modular backdoor, dubbed ModPipe, that was designed to target PoS systems running ORACLE MICROS Restaurant Enterprise Series (RES) 3700, which is a management suite widely used in restaurant and hospitality sectors. The backdoor outstands […]
Pierluigi Paganini
November 12, 2020
Google has released Chrome version 86.0.4240.198 that addresses two additional zero-day vulnerabilities that were exploited in the wild. Google has addressed two zero-day vulnerabilities, actively exploited in the wild, with the release of Chrome version 86.0.4240.198. The IT giant has fixed a total of five Chrome zero-day vulnerabilities in only three weeks. Both zero-day flaws, […]
Pierluigi Paganini
November 11, 2020
The alleged decompiled source code for the Cobalt Strike post-exploitation toolkit has been leaked online in a GitHub repository. The decompiled source code for the Cobalt Strike post-exploitation toolkit has allegedly been leaked online in a GitHub repository. Cobalt Strike is a legitimate penetration testing toolkit and threat emulation software that allows attackers to deploy […]
Pierluigi Paganini
November 11, 2020
Mozilla and Google have already fixed the critical flaws in Firefox and Chrome exploited by bug bounty hunters at 2020 Tianfu Cup hacking contest. Mozilla and Google have already addressed the critical Firefox and Chrome vulnerabilities that were recently exploited by white hat hackers at the 2020 Tianfu Cup hacking contest. The vulnerability in Chrome exploited […]
Pierluigi Paganini
November 11, 2020
Ragnar Locker Ransomware operators have started to run Facebook advertisements to force their victims into paying the ransom. In November 2019, ransomware operators have started adopting a new double-extortion strategy first used by the Maze gang that sees threat actors also stealing unencrypted files before encrypting infected systems. Then the attackers threaten to release the stolen […]
Pierluigi Paganini
November 10, 2020
Multiple critical vulnerabilities affecting the Ultimate Member plugin could be easily exploited to potentially takeover up to 25K websites. Multiple critical vulnerabilities in the Ultimate Member plugin could be easily exploited to take over websites, the issue potentially impact up to 100K installs. The Ultimate Member WordPress plugin allows admins to easily manage membership to […]
Pierluigi Paganini
November 10, 2020
Security researchers discovered today an npm package that contains malicious code designed to steal sensitive Discord and browser files. Sonatype researcher Ax Sharma discovered an npm package, dubbed discord.dll, that contains malicious code designed to steal sensitive files from a user’s browsers and Discord application. The malicious JavaScript library was uploaded to the npm packet repository […]
