Pierluigi Paganini
January 10, 2023
The open-source jsonwebtoken (JWT) library is affected by a high-severity security flaw that could lead to remote code execution. The open-source JsonWebToken (JWT) library is affected by a high-severity security flaw, tracked as CVE-2022-23529 (CVSS score: 7.6), that could lead to remote code execution. The package is maintained by Auth0, it had over 9 million weekly downloads […]
Pierluigi Paganini
January 09, 2023
Tens of software vulnerabilities affected Qualcomm firmware and impacted the devices of Microsoft, Lenovo, and Samsung. Qualcomm January 2023 security bulletin addressed 22 software vulnerabilities in its Snapdragon suite. Some of the flaws were reported by the efiXplorer Team at the firmware protection firm Binarly, Zinuo Han of OPPO Amber Security Lab, Gengjia Chen from […]
Pierluigi Paganini
January 05, 2023
The popular AI chatbot ChatGPT might be used by threat actors to hack easily hack into target networks. Original post at https://cybernews.com/security/hackers-exploit-chatgpt/ Cybernews research team discovered that the AI-based chatbot ChatGPT – a recently launched platform that caught the online community’s attention – could provide hackers with step-by-step instructions on how to hack websites. Cybernews […]
Pierluigi Paganini
January 05, 2023
Zoho is warning its customers of a critical vulnerability, tracked as CVE-2022-47523, affecting multiple ManageEngine products. Zoho is urging its customers to address a critical SQL Injection vulnerability, tracked as CVE-2022-47523, that affects multiple ManageEngine products. “This security advisory is to let you know that a high severity vulnerability was detected in ManageEngine Password Manager […]
Pierluigi Paganini
January 04, 2023
CyberNews reported that Cricketsocial.com, a social platform for the cricket community, exposed private customer data and admin credentials. Cricketsocial.com, is a social platform developed for the cricket community online. CyberNews discovered that a database used by the platform was left open online, it contains a huge trove of data. The Social platform for the cricket […]
Pierluigi Paganini
January 04, 2023
Fortinet addressed multiple vulnerabilities impacting its products and warned of a high-severity command injection flaw in FortiADC. Cybersecurity vendor Fortinet addressed several vulnerabilities impacting its products. The compaby also warned customers of a high-severity command injection flaw, tracked as CVE-2022-39947 (CVSS score of 8.6), affecting the Application Delivery Controller FortiADC. The CVE-2022-39947 flaw is an […]
Pierluigi Paganini
January 04, 2023
US. rail and locomotive company Wabtec Corporation disclosed a data breach after it was hit with Lockbit ransomware attack. Wabtec Corporation is an American company formed by the merger of the Westinghouse Air Brake Company (WABCO) and MotivePower Industries Corporation in 1999. It manufactures products for locomotives, freight cars and passenger transit vehicles, and builds new locomotives up to 6,000 horsepower. The company employs […]
Pierluigi Paganini
January 03, 2023
Synology fixed several critical flaws in its routers, including flaws likely demonstrated at the Pwn2Own 2022 hacking contest. Taiwanese NAS maker Synology published two new critical advisories in December. The first advisory is related to the most severe vulnerability addressed by the company, which is a critical out-of-bounds write issue, tracked as CVE-2022-43931 (CVSS3 Base Score10). […]
Pierluigi Paganini
January 03, 2023
A post published on a popular hacking forum claims Volvo Cars has suffered a new data breach, alleging stolen data available for sale. French cybersecurity Anis Haboubi yesterday first noticed that a threat actor was attempting to sell data allegedly stolen from Volvo Cars on a popular hacking forum. A member of the forum, who […]
Pierluigi Paganini
January 02, 2023
These are the most-read cybersecurity articles that have been published by SecurtiyAffairs in 2022. 1 – Russia-linked actors may be behind an explosion at a liquefied natural gas plant in Texas Russian threat actors may be behind the explosion at a liquefied natural gas plant in Texas, the incident took place on June 8. 2 […]
