Security

Pierluigi Paganini May 17, 2024
CISA adds D-Link DIR router flaws to its Known Exploited Vulnerabilities catalog

CISA adds two D-Link DIR-600 and DIR-605 router vulnerabilities to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following D-Link router vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the identified vulnerabilities […]

Pierluigi Paganini May 16, 2024
Google fixes seventh actively exploited Chrome zero-day this year, the third in a week

Google released security updates to address a new actively exploited Chrome zero-day vulnerability, the third in a week. Google has released a new emergency security update to address a new vulnerability, tracked as CVE-2024-4947, in the Chrome browser, it is the third zero-day exploited in attacks that was disclosed this week. The vulnerability CVE-2024-4947 is […]

Pierluigi Paganini May 15, 2024
Adobe fixed multiple critical flaws in Acrobat and Reader

Adobe addressed multiple code execution vulnerabilities in several products, including Adobe Acrobat and Reader. Adobe addressed multiple code execution vulnerabilities in its products, including Adobe Acrobat and Reader software The software giant released its Patch Tuesday updates to fix 35 security vulnerabilities 12 of these issues impact Adobe Acrobat and Reader software. The arbitrary code execution […]

Pierluigi Paganini May 14, 2024
Microsoft Patch Tuesday security updates for May 2024 fixes 2 actively exploited zero-days

Microsoft Patch Tuesday security updates for May 2024 fixed 59 flaws across various products including an actively exploited zero-day. Microsoft Patch Tuesday security updates for May 2024 addressed 59 vulnerabilities in Windows and Windows Components; Office and Office Components; .NET Framework and Visual Studio; Microsoft Dynamics 365; Power BI; DHCP Server; Microsoft Edge (Chromium-based); and […]

Pierluigi Paganini May 14, 2024
MITRE released EMB3D Threat Model for embedded devices

The non-profit technology organization MITRE released the EMB3D threat model for embedded devices used in critical infrastructure. MITRE announced the public release of its EMB3D threat model for embedded devices used in various industries (i.e. Automotive, healthcare, and manufacturing), including critical infrastructure. The threat model provides a knowledge base of cyber threats to embedded devices. […]

Pierluigi Paganini May 14, 2024
Google fixes sixth actively exploited Chrome zero-day this year

Google released emergency security updates to address an actively exploited Chrome zero-day vulnerability. Google has released emergency security updates to address a high-severity zero-day vulnerability vulnerability, tracked as CVE-2024-4761, in the Chrome browser. The vulnerability is an out-of-bounds write issue that resides in the V8 JavaScript engine of the Google web browser. The company confirmed […]

Pierluigi Paganini May 13, 2024
Threat actors may have exploited a zero-day in older iPhones, Apple warns

Apple rolled out urgent security updates to address code execution vulnerabilities in iPhones, iPads, and macOS. Apple released urgent security updates to address multiple vulnerabilities in iPhones, iPads, macOS. The company also warns of a vulnerability patched in March that the company believes may have been exploited as a zero-day. The issue impacts older iPhone […]

Pierluigi Paganini May 13, 2024
Russian hackers defaced local British news sites

A group of hackers that defines itself as “first-class Russian hackers” claims the defacement of hundreds of local and regional British newspaper websites. A group claiming to be “first-class Russian hackers” defaced numerous local and regional British newspaper websites owned by Newsquest Media Group. The group defaced the home pages of the targeted websites and […]

Pierluigi Paganini May 10, 2024
Google fixes fifth actively exploited Chrome zero-day this year

Since the start of the year, Google released an update to fix the fifth actively exploited zero-day vulnerability in the Chrome browser. Google this week released security updates to address a zero-day flaw, tracked as CVE-2024-4671, in Chrome browser. The vulnerability is the fifth zero-day flaw in the Google browser that is exploited in the […]

Pierluigi Paganini May 10, 2024
Russia-linked APT28 targets government Polish institutions

CERT Polska warns of a large-scale malware campaign against Polish government institutions conducted by Russia-linked APT28. CERT Polska and CSIRT MON teams issued a warning about a large-scale malware campaign targeting Polish government institutions, allegedly orchestrated by the Russia-linked APT28 group. The attribution of the attacks to the Russian APT is based on similarities with […]