Pierluigi Paganini
January 21, 2022
McAfee addressed a security flaw in its McAfee Agent software for Windows that allows running arbitrary code with SYSTEM privileges. McAfee (now Trellix) has addressed a high-severity vulnerability, tracked as CVE-2022-0166, that resides in McAfee Agent software for Windows. An attacker can exploit this flaw to escalate privileges and execute arbitrary code with SYSTEM privileges. The McAfee Agent is […]
Pierluigi Paganini
January 21, 2022
Google Project Zero experts disclosed details of two zero-day flaws impacting Zoom clients and Multimedia Router (MMR) servers. Google Project Zero researchers Natalie Silvanovich disclosed details of two zero-day vulnerabilities in Zoom clients and Multimedia Router (MMR) servers. An attacker could have exploited the now-fixed issues to crash the service, execute malicious code, and even leak the content […]
Pierluigi Paganini
January 20, 2022
Cisco addressed a critical RCE flaw in the Cisco Redundancy Configuration Manager (RCM) for Cisco StarOS Software. Cisco has addressed a critical remote code execution vulnerability, tracked as CVE-2022-20649, discovered in the Cisco Redundancy Configuration Manager (RCM) for Cisco StarOS Software. The flaw, discovered by the company experts during internal security testing, can be exploited by […]
Pierluigi Paganini
January 20, 2022
Security vendor SolarWinds has fixed a Serv-U vulnerability that threat actors attempted to exploit in attacks in the wild. SolarWinds has addressed a vulnerability in Serv-U products that threat actors are actively exploited in the wild. The company pointed out that all the attack attempts failed. The vulnerability, tracked as CVE-2021-35247, was discovered by Microsoft security […]
Pierluigi Paganini
January 19, 2022
UK NCSC has published new guidance for organizations to secure their communications with customers via SMS or phone calls. UK’s National Cyber Security Center (NCSC) has published new guidance for organizations for combatting telephone and SMS fraud. This guide aims at protecting their customers from fraudulent activities, while also ensuring that their SMS and telephone […]
Pierluigi Paganini
January 19, 2022
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned organizations about “potential critical threats” following the recent cyberattacks that hit Ukraine. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) published an “insights” document that warned organizations about “potential critical threats” following the recent cyberattacks aimed at Ukraine. The document starts from most recent attacks targeting […]
Pierluigi Paganini
January 17, 2022
The pre-release announcement for Critical Patch Update (CPU) for January 2022 states that Oracle will fix 483 new flaws. This pre-release announcement for Critical Patch Update (CPU) for January 2022 confirms that Oracle security updates will address 483 new security patches. The Critical Patch Update for January will be released on Tuesday, January 18, 2022. […]
Pierluigi Paganini
January 17, 2022
Zoho addressed a new critical severity flaw (CVE-2021-44757) that affects its Desktop Central and Desktop Central MSP unified endpoint management (UEM) solutions Zoho fixed a new critical severity flaw, tracked as CVE-2021-44757, that affects its Desktop Central and Desktop Central MSP unified endpoint management (UEM) solutions. The issue is an authentication bypass vulnerability, a remote attacker […]
Pierluigi Paganini
January 17, 2022
Researchers discovered a high-severity vulnerability in three different WordPress plugins that impact over 84,000 websites. Researchers from WordPress security company Wordfence discovered a high-severity vulnerability that affects three different WordPress plugins that impact over 84,000 websites. The vulnerability tracked as CVE-2022-0215 is a cross-site request forgery (CSRF) issue that received a CVSS score of 8.8. […]
Pierluigi Paganini
January 16, 2022
The European Union simulated a cyber attack on a fictitious Finnish power company to test its cyber-defense capabilities. Cyber drills are essential to test the resilience of our infrastructure, the European Union simulated a cyber attack on a fictitious Finnish power company to test its cyber-defense capabilities. The simulation took place on Friday and is […]
APT / February 05, 2026
