Hacking

Pierluigi Paganini January 19, 2024
China-linked APT UNC3886 exploits VMware zero-day since 2021

China-linked group UNC3886 has been exploiting vCenter Server zero-day vulnerability CVE-2023-34048 since at least late 2021. Mandiant researchers reported that China-linked APT group UNC3886 has been exploiting vCenter Server zero-day vulnerability CVE-2023-34048 since at least late 2021. vCenter Server is a critical component in VMware virtualization and cloud computing software suite. It serves as a […]

Pierluigi Paganini January 19, 2024
U.S. CISA warns of actively exploited Ivanti EPMM flaw CVE-2023-35082

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Ivanti EPMM flaw CVE-2023-35082 to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the Ivanti EPMM flaw CVE-2023-35082 (CVSS score: 9.8) vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. At the end of July, Ivanti disclosed a security vulnerability impacting Endpoint Manager Mobile (EPMM), tracked […]

Pierluigi Paganini January 19, 2024
Kansas State University suffered a serious cybersecurity incident

Kansas State University (K-State) suffered a cybersecurity incident that has disrupted part of its network and services. Kansas State University (K-State) suffered a cybersecurity incident that impacted a portion of its network and services. On January, 16, 2023, the University K-State announced it was experiencing a disruption to certain network systems, including VPN, K-State Today […]

Pierluigi Paganini January 18, 2024
CISA adds Chrome and Citrix NetScaler to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Chrome and Citrix flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. This week Citrix warned customers to install security updates to address two actively exploited zero-day vulnerabilities, tracked as CVE-2023-6548 and CVE-2023-6549, […]

Pierluigi Paganini January 18, 2024
Google TAG warns that Russian COLDRIVER APT is using a custom backdoor

Google warns that the Russia-linked threat actor COLDRIVER expands its targeting and is developing a custom malware. The ColdRiver APT (aka “Seaborgium“, “Callisto”, “Star Blizzard”, “TA446”) is a Russian cyberespionage group that has been targeting government officials, military personnel, journalists and think tanks since at least 2015. In the past, the group’s activity involved persistent phishing […]

Pierluigi Paganini January 18, 2024
PixieFail: Nine flaws in UEFI open-source reference implementation could have severe impacts

Experts found multiple flaws, collectively named PixieFail, in the network protocol stack of an open-source reference implementation of the UEFI. Quarkslab researchers discovered nine vulnerabilities, collectively tracked as e PixieFAIL, affecting the IPv6 network protocol stack of EDK II, TianoCore’s open source reference implementation of UEFI. Unified Extensible Firmware Interface (UEFI) is a specification that defines the […]

Pierluigi Paganini January 17, 2024
Pro-Russia group hit Swiss govt sites after Zelensky visit in Davos

Switzerland believes that the attack claimed by pro-Russian group NoName that hit the government websites is retaliation for Zelensky’s presence at Davos. Switzerland believes that the cyberattack carried out by pro-Russia group NoName disrupted access to some government websites, following Ukrainian President Volodymyr Zelensky’s visit to Davos. “We took a look at Switzerland, where the World Economic […]

Pierluigi Paganini January 17, 2024
FBI, CISA warn of AndroxGh0st botnet for victim identification and exploitation

U.S. CISA and the FBI warned of AndroxGh0st malware used to create a botnet for victim identification and exploitation in target networks. US CISA and the Federal Bureau of Investigation (FBI) released a joint Cybersecurity Advisory (CSA) to warn of AndroxGh0st malware. The malware is spreading to create a botnet for victim identification and exploitation in target networks. […]

Pierluigi Paganini January 17, 2024
Citrix warns admins to immediately patch NetScaler for actively exploited zero-days

Citrix fixed two actively exploited zero-day vulnerabilities impacting Netscaler ADC and Gateway appliances. Citrix warns customers to install security updates to address two actively exploited zero-day vulnerabilities, tracked as CVE-2023-6548 and CVE-2023-6549, impacting Netscaler ADC and Gateway appliances. “Exploits of these CVEs on unmitigated appliances have been observed. Cloud Software Group strongly urges affected customers […]

Pierluigi Paganini January 16, 2024
Google fixed the first actively exploited Chrome zero-day of 2024

Google has addressed the first Chrome zero-day vulnerability of the year that is actively being exploited in the wild. Google has released security updates to address the first Chrome zero-day vulnerability of the year that is actively being exploited in the wild. The high-serverity vulnerability, tracked as CVE-2024-0519, is an out of bounds memory access […]