Pierluigi Paganini
December 04, 2023
The LockBit ransomware attack on the Industrial & Commercial Bank of China demonstrates the weakness of global financial system to cyberattacks. The ransomware breach that crippled U.S. Treasury trading operations at an American subsidiary of Industrial & Commercial Bank of China Ltd. on November 8 has laid bare the vulnerability of the global financial system […]
Pierluigi Paganini
December 04, 2023
Zyxel addressed tens of vulnerabilities that expose users to cyber attacks, including command injection and authentication bypass. Taiwanese vendor Zyxel addressed tens of vulnerabilities in its firewalls and access points. The addressed issues are tracked as CVE-2023-35136, CVE-2023-35139, CVE-2023-37925, CVE-2023-37926, CVE-2023-4397, CVE-2023-4398, CVE-2023-5650, CVE-2023-5797, CVE-2023-5960. Threat actors can exploit the vulnerabilities to steal cookies, access configuration files, carry out command injection and denial-of-service […]
Pierluigi Paganini
December 02, 2023
WeMystic, a website on astrology, numerology, tarot, and spiritual orientation, left an open database exposing 34GB of sensitive data about the platforms’ users. Telling the future is a tricky business, and failure to foretell your own mishaps doesn’t help. The content platform WeMystic is a good example of this, with the Cybernews research team discovering […]
Pierluigi Paganini
December 01, 2023
The popular cybersecurity researcher Patrick Wardle dissected the new macOS ransomware Turtle used to target Apple devices. The popular cyber security researcher Patrick Wardle published a detailed analysis of the new macOS ransomware Turtle. Wardle pointed out that since Turtle was uploaded on Virus Total, it was labeled as malicious by 24 anti-malware solutions, suggesting […]
Pierluigi Paganini
December 01, 2023
The Black Basta ransomware gang infected over 300 victims accumulating ransom payments exceeding $100 million since early 2022. The Black Basta ransomware group has been active since April 2022, like other ransomware operations, it implements a double-extortion attack model. A joint research by Elliptic and Corvus Insurance revealed that the group accumulated at least […]
Pierluigi Paganini
December 01, 2023
US CISA added ownCloud and Google Chrome vulnerabilities to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added ownCloud and Google Chrome vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. The two issues are: CVE-2023-6345 – The CVE-2023-5217 is a high-severity integer overflow in Skia. Skia is an open-source 2D graphics library that provides […]
Pierluigi Paganini
November 30, 2023
Apple released emergency security updates to fix two actively exploited zero-day flaws impacting iPhone, iPad, and Mac devices. Apple released emergency security updates to address two zero-day vulnerabilities impacting iPhone, iPad, and Mac devices. The flaws are actively exploited in attacks in the wild, both issues reside in the WebKit browser engine. The first vulnerability, […]
Pierluigi Paganini
November 29, 2023
Google released security updates to address a new actively exploited zero-day vulnerability, tracked as CVE-2023-6345, in the Chrome browser. Google on Wednesday released security updates to address a new actively exploited zero-day, tracked as CVE-2023-6345, in the Chrome browser. The CVE-2023-5217 is a high-severity integer overflow in Skia. Skia is an open-source 2D graphics library […]
Pierluigi Paganini
November 29, 2023
Thousands of secrets have been left exposed on Docker Hub, a platform where web developers collaborate on their code for web applications. While some are harmless API keys, others could lead to unauthorized access, data breaches, or identity theft, the latest Cybernews research reveals. The Docker Hub store has at least 5,493 container images that […]
Pierluigi Paganini
November 28, 2023
The US Healthcare provider Ardent Health Services disclosed that it was the victim of a ransomware attack last week. Ardent Health Services is a healthcare company that operates hospitals and other medical facilities in the United States. It is a for-profit health system with a focus on acquiring, managing, and improving hospitals. Ardent Health Services […]
