Pierluigi Paganini
January 23, 2023
Researchers dismantled a sophisticated ad fraud scheme, dubbed VASTFLUX, that targeted more than 11 million devices. HUMAN’s Satori Threat Intelligence and Research Team dismantled a sophisticated ad fraud operation dubbed VASTFLUX. The name VASTFLUX comes from the evasion technique “fast flux” and VAST, the Digital Video Ad Serving Template that was abused by threat actors in this fraudulent scheme. The researchers […]
Pierluigi Paganini
January 22, 2023
Roaming Mantis threat actors were observed using a new variant of their mobile malware Wroba to hijack DNS settings of Wi-Fi routers. Researchers from Kaspersky observed Roaming Mantis threat actors using an updated variant of their mobile malware Wroba to compromise Wi-Fi routers and hijack DNS settings. Roaming Mantis surfaced in March 2018 when hacked routers in Japan to […]
Pierluigi Paganini
January 20, 2023
An alleged Chinese threat actor was observed exploiting the recently patched CVE-2022-42475 vulnerability in FortiOS SSL-VPN. Researchers from Mandiant reported that suspected Chinese threat actors exploited the recently patched CVE-2022-42475 vulnerability in FortiOS SSL-VPN as a zero-day. According to the security firm, the vulnerability was exploited in attacks against a series of targets, including a […]
Pierluigi Paganini
January 17, 2023
A ransomware attack against the maritime software supplier DNV impacted approximately 1,000 vessels. About 1,000 vessels have been impacted by a ransomware attack against DNV, one of the major maritime software suppliers. DNV GL provides solutions and services throughout the life cycle of any vessel, from design and engineering to risk assessment and ship management. […]
Pierluigi Paganini
January 17, 2023
Researchers discovered three malicious packages that have been uploaded to the Python Package Index (PyPI) repository by Lolip0p group. FortiGuard Labs researchers discovered three malicious PyPI packages (called ‘colorslib’, ‘httpslib’, and “libhttps”) on the PyPI repository that were uploaded by the same actor, Lolip0p. The packages were discovered on January 10, 2023, the packages “colorslib” and […]
Pierluigi Paganini
January 16, 2023
Antivirus firm Avast released a free decryptor for the BianLian ransomware family that allows victims to recover locked files. Security firm Avast has released a free decryptor for the BianLian ransomware to allow victims of the malware to recover locked files. The BianLian ransomware emerged in August 2022, the malware was employed in attacks against organizations in […]
Pierluigi Paganini
January 16, 2023
Netlab 360 observed unidentified threat actors using a new backdoor based on the US CIA’s Project Hive malware suite. Researchers from Qihoo Netlab 360 reported that unidentified threat actors using a new backdoor based on the US CIA’s Project Hive malware suite. “Hive provides a covert communications platform for a whole range of CIA malware to send exfiltrated […]
Pierluigi Paganini
January 16, 2023
Expert discovered that the T95 Android TV box, available for sale on Amazon and AliExpress, came with sophisticated pre-installed malware. Security researcher, Daniel Milisic, discovered that the T95 Android TV box he purchased on Amazon was infected with sophisticated pre-installed malware. This Android TV box model is available on Amazon and AliExpress for as low […]
Pierluigi Paganini
January 13, 2023
The cyberattack on Royal Mail, Britain’s postal service, is a ransomware attack that was linked to the LockBit ransomware operation. Royal Mail, the British multinational postal service and courier company, this week announced that a “cyber incident” has a severe impact on its operation. The incident only impacted Royal Mail’s international export services, the company said it is temporarily […]
Pierluigi Paganini
January 13, 2023
Recently patched Fortinet FortiOS SSL-VPN zero-day exploited in attacks against government organizations and government-related targets. Fortinet researchers reported how threat actors exploited the recently patched FortiOS SSL-VPN vulnerability (CVE-2022-42475) in attacks against government organizations and government-related targets. According to Resecurity, a cybersecurity company protecting Fortune 500 globally, the vulnerability was earlier marketed privately by several […]
