Pierluigi Paganini
November 22, 2022
Let’s give a look at API vulnerabilities by reading the API Security Top 10 published by the Open Web Application Security Project (OWASP). It’s no secret that cyber security has become a leading priority for most organizations — especially those in industries that handle sensitive customer information. And as these businesses work towards building robust […]
Pierluigi Paganini
November 22, 2022
A researcher revealed how to bypass some of the filters in Cisco Secure Email Gateway appliance and deliver malware using specially crafted emails. An anonymous researcher publicly disclosed a series of techniques to bypass some of the filters in Cisco Secure Email Gateway appliance and deliver malware using specially crafted emails. The researcher pointed out […]
Pierluigi Paganini
November 21, 2022
A researcher published details and proof-of-concept (PoC) code for High-Severity macOS Sandbox escape vulnerability tracked as CVE-2022-26696. Researcher Wojciech ReguĹ‚a (@_r3ggi) of SecuRing published technical details and proof-of-concept (PoC) code for a macOS sandbox escape vulnerability tracked as CVE-2022-26696 (CVSS score of 7.8). In a wrap-up published by Regula, the researcher observed that the problem is caused […]
Pierluigi Paganini
November 19, 2022
Microsoft warns that a threat actor, tracked as DEV-0569, is using Google Ads to distribute the recently discovered Royal ransomware. Researchers from the Microsoft Security Threat Intelligence team warned that a threat actor, tracked as DEV-0569, is using Google Ads to distribute various payloads, including the recently discovered Royal ransomware. The DEV-0569 group carries out […]
Pierluigi Paganini
November 18, 2022
Atlassian addressed this week two critical vulnerabilities impacting its Crowd and Bitbucket products. Atlassian announced the release of security updates to address critical-severity vulnerabilities in its identity management platform, Crowd Server and Data Center, and in the Bitbucket Server and Data Center, a self-managed solution that provides source code collaboration for professional teams. The vulnerability in […]
Pierluigi Paganini
November 17, 2022
Iran-linked threat actors compromised a Federal Civilian Executive Branch organization using a Log4Shell exploit and installed a cryptomining malware. According to a joint advisory published by the FBI and CISA, an Iran-linked APT group compromised a Federal Civilian Executive Branch (FCEB) organization using an exploit for the Log4Shell flaw (CVE-2021-44228) and deployed a cryptomining malware. Log4Shell impacts […]
Pierluigi Paganini
November 16, 2022
Researchers at cybersecurity firm Rapid7 have identified several vulnerabilities and other potential security issues affecting F5 products. Rapid7 researchers discovered several vulnerabilities in F5 BIG-IP and BIG-IQ devices running a customized distribution of CentOS. The experts also discovered several bypasses of security controls that the security vendor F5 does not recognize as exploitable vulnerabilities. The […]
Pierluigi Paganini
November 16, 2022
Fortinet researchers discovered new samples of RapperBot used to build a botnet to launch Distributed DDoS attacks against game servers. Fortinet FortiGuard Labs researchers have discovered new samples of the RapperBot malware that are being used to build a DDoS botnet to target game servers. Researchers from FortiGuard Labs discovered the previously undetected RapperBot IoT […]
Pierluigi Paganini
November 16, 2022
Google announced it will roll out the Privacy Sandbox system for Android in beta to a limited number of Android 13 devices in early 2023. Google announced it will roll out the Privacy Sandbox for Android in beta to mobile devices running Android 13 starting early next year. The Privacy Sandbox aims at creating technologies to […]
Pierluigi Paganini
November 15, 2022
Researchers discovered a critical vulnerability impacting Spotify’s Backstage Software Catalog and Developer Platform. Researchers from the security firm Oxeye discovered a critical Remote Code Execution in Spotify’s Backstage (CVSS Score of 9.8). Backstage is Spotify’s open-source platform for building developer portals, it’s used by a several organizations, including American Airlines, Netflix, Splunk, Fidelity Investments and Epic Games. […]
