Pierluigi Paganini
August 17, 2022
Google addressed a dozen vulnerabilities in the Chrome browser, including the fifth Chrome zero-day flaw exploited this year. Google this week released security updates to address a dozen vulnerabilities in its Chrome browser for desktops including an actively exploited high-severity zero-day flaw in the wild. The actively exploited flaw, tracked as CVE-2022-2856, is an Insufficient validation […]
Pierluigi Paganini
August 17, 2022
Researchers uncovered a new flaw, dubbed ÆPIC, in Intel CPUs that enables attackers to obtain encryption keys and other secret information from the processors. The ÆPIC Leak (CVE-2022-21233) is the first architecturally CPU bug that could lead to the disclosure of sensitive data and impacts most 10th, 11th and 12th generation Intel CPUs. ÆPIC Leak works on […]
Pierluigi Paganini
August 17, 2022
Zoom addressed two high-severity vulnerabilities in its macOS app that were disclosed at the DEF CON conference. Zoom last week released macOS updates to fix two high-severity flaws in its macOS app that were disclosed at the DEF CON conference. Technical details of the vulnerabilities were disclosed at the DEF CON conference by security researcher […]
Pierluigi Paganini
August 15, 2022
Researchers from threat intelligence firm Cyble reported a surge in attacks targeting virtual network computing (VNC). Virtual Network Computing (VNC) is a graphical desktop-sharing system that leverages the Remote Frame Buffer (RFB) protocol to control another machine remotely. It transmits the keyboard and mouse input from one computer to another, relaying the graphical-screen updates, over a […]
Pierluigi Paganini
August 15, 2022
Security Researchers discovered a new PyPI Package designed to drop fileless cryptominer to Linux systems. Sonatype researchers have discovered a new PyPI package named ‘secretslib‘ that drops fileless cryptominer to the memory of Linux machine systems. The package describes itself as “secrets matching and verification made easy,” it has a total of 93 downloads since […]
Pierluigi Paganini
August 14, 2022
The US Cybersecurity and Infrastructure Security Agency (CISA) and the FBI are warning of Zeppelin ransomware attacks. The US Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have published a joint advisory to warn of Zeppelin ransomware attacks. The Zeppelin ransomware first appeared on the threat landscape in November 2019 […]
Pierluigi Paganini
August 13, 2022
Russian hacker group Killnet claims to have launched a DDoS attack on the aerospace and defense giant Lockheed Martin. The Moscow Times first reported that the Pro-Russia hacker group Killnet is claiming responsibility for a recent DDoS attack that hit the aerospace and defense giant Lockheed Martin. The Killnet group also claims to have stolen […]
Pierluigi Paganini
August 13, 2022
Researchers discovered a flaw in three signed third-party UEFI boot loaders that allow bypass of the UEFI Secure Boot feature. Researchers from hardware security firm Eclypsium have discovered a vulnerability in three signed third-party Unified Extensible Firmware Interface (UEFI) boot loaders that can be exploited to bypass the UEFI Secure Boot feature. Secure Boot is […]
Pierluigi Paganini
August 12, 2022
The U.S. State Department announced a $10 million reward for information related to five individuals associated with the Conti ransomware gang. The U.S. State Department announced a $10 million reward for information on five prominent members of the Conti ransomware gang. The government will also reward people that will provide details about Conti and its affiliated groups TrickBot and Wizard […]
Pierluigi Paganini
August 11, 2022
Palo Alto Networks devices running the PAN-OS are abused to launch reflected amplification denial-of-service (DoS) attacks. Threat actors are exploiting a vulnerability, tracked as CVE-2022-0028 (CVSS score of 8.6), in Palo Alto Networks devices running the PAN-OS to launch reflected amplification denial-of-service (DoS) attacks. The vendor has learned that firewalls from multiple vendors are abused to […]
