Pierluigi Paganini
December 28, 2021
Password manager app LastPass confirmed that threat actors have launched a credential stuffing attack against its users. While LastPass says that it is not aware that some of its accounts were compromised in the recent credential stuffing attacks that started on Monday, numerous LastPass users claim that their master passwords have been compromised after receiving […]
Pierluigi Paganini
December 27, 2021
The Apache Software Foundation released Apache HTTP Server 2.4.52 to address a couple of security flaws that can lead to remote code execution. The Apache Software Foundation has released the Apache HTTP Server 2.4.52 to address a couple of vulnerabilities, tracked as CVE-2021-44790 and CVE-2021-44224, that can lead to remote code execution attacks. The CVE-2021-44790 […]
Pierluigi Paganini
December 27, 2021
Researchers from DrWeb monitored attacks leveraging exploits for vulnerabilities in the Apache Log4j library Researchers from DrWeb monitored attacks leveraging exploits for vulnerabilities (CVE-2021-44228, CVE-2021-45046, CVE2021-4104, and CVE-2021-42550) in the Apache Log4j library warning of the need to adopt protective measures. The vulnerabilities can allow threat actors to execute arbitrary code on the target systems, […]
Pierluigi Paganini
December 27, 2021
A researcher found a dozen vulnerabilities in mySCADA myPRO product, some of which have been rated as critical. mySCADA myPRO is a multiplatform, human-machine interface (HMI) and supervisory control and data acquisition (SCADA) system that allows to visualize and control industrial processes. The security researcher Michael Heinzl discovered multiple vulnerabilities in the myPRO product, some […]
Pierluigi Paganini
December 26, 2021
Apple recently addressed fixed a flaw in the macOS that could be potentially exploited by an attacker to bypass Gatekeeper security feature. Apple recently addressed a vulnerability in the macOS operating system, tracked as CVE-2021-30853, that could be potentially exploited by an attacker to bypass the Gatekeeper security feature and run arbitrary code. The vulnerability […]
Pierluigi Paganini
December 24, 2021
NVIDIA released a security advisory to inform customers what products are affected by the recently disclosed Log4Shell vulnerability. NVIDIA has assessed its products to determine if they are vulnerable to the Log4shell vulnerability in Log4J library. The company states that the following products are not impacted by the Log4j vulnerabilities: GeForce Experience client software GeForceNOW […]
Pierluigi Paganini
December 23, 2021
The DHS has announced that it is expanding the ‘Hack DHS’ bug bounty program to report for Log4J impacting its systems. The Department of Homeland Security (DHS) announced that white hat hackers can now report the impact of the Log4J on its systems as part of the ‘Hack DHS‘ bug bounty program. Below is the […]
Pierluigi Paganini
December 23, 2021
A vulnerability in the Microsoft Azure App Service led to the exposure of customer source code for at least four years. Early this month, Microsoft has notified a small group of Azure customers that have been impacted by a recently discovered bug, dubbed NotLegit, that exposed the source code of their Azure web apps since at […]
Pierluigi Paganini
December 22, 2021
US CISA release of a scanner for identifying web services affected by two Apache Log4j remote code execution vulnerabilities. The Cybersecurity and Infrastructure Security Agency (CISA) has announced the release of an open-source scanner for identifying web services impacted by Apache Log4j remote code execution vulnerabilities, tracked as CVE-2021-44228 and CVE-2021-45046. “This repository provides a scanning solution […]
Pierluigi Paganini
December 21, 2021
Microsoft warns of a couple of Active Directory flaws fixed with the November 2021 Patch Tuesday updates that could allow takeover of Windows domains. Microsoft released an alert on a couple of Active Directory vulnerabilities, that have been fixed with the November 2021 Patch Tuesday security updates, that could allow threat actors to takeover Windows domains. The flaws, tracked […]
