Pierluigi Paganini
September 12, 2022
Cisco confirmed the May attack and that the data leaked by the Yanluowang ransomware group was stolen from its systems. In August, Cisco disclosed a security breach, the Yanluowang ransomware gang breached its corporate network in late May and stole internal data. The investigation conducted by Cisco Security Incident Response (CSIRT) and Cisco Talos revealed […]
Pierluigi Paganini
September 12, 2022
Six high-severity firmware bugs affecting several HP Enterprise devices are yet to be patched, some of them since July 2021. The Binarly security research team reported several HP Enterprise devices are affected by six high-severity firmware vulnerabilities that are yet to be patched, and some of them have been disclosed more than a year ago. […]
Pierluigi Paganini
September 09, 2022
The U.S. Treasury Department sanctioned Iran ‘s Ministry of Intelligence and Security (MOIS) and its Minister of Intelligence over the Albania cyberattack. The U.S. Treasury Department announced sanctions against Iran ‘s Ministry of Intelligence and Security (MOIS) and its Minister of Intelligence over the cyber attack that hit Albania in July. MOIS is the primary intelligence […]
Pierluigi Paganini
September 09, 2022
US authorities recovered more than $30 million worth of cryptocurrency stolen by the North Korea-linked Lazarus APT from Axie Infinity. A joint operation conducted by enforcement and leading organizations in the cryptocurrency industry allowed to recover more than $30 million worth of cryptocurrency stolen by North Korean-linked APT group Lazarus from online video game Axie […]
Pierluigi Paganini
September 09, 2022
Threat actors are exploiting a zero-day vulnerability in a WordPress plugin called BackupBuddy, Wordfence researchers warned. On September 6, 2022, the Wordfence Threat Intelligence team was informed of a vulnerability being actively exploited in the BackupBuddy WordPress plugin. This plugin allows users to back up an entire WordPress installation, including theme files, pages, posts, widgets, users, and […]
Pierluigi Paganini
September 08, 2022
CISA added 12 more security flaws to its Known Exploited Vulnerabilities Catalog including four D-Link vulnerabilities. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added 12 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, including four vulnerabilities in D-Link routers, two Chrome zero-day issues, and a recently disclosed flaw in the QNAP Photo Station. According to Binding Operational […]
Pierluigi Paganini
September 08, 2022
Cisco fixed new security flaws affecting its products, including a recently disclosed high-severity issue in NVIDIA Data Plane Development Kit. The most severe issues fixed by Cisco are an unauthenticated Access to Messaging Services Vulnerability affecting Cisco SD-WAN vManage software and a vulnerability in NVIDIA Data Plane Development Kit. The two issues have been tracked as CVE-2022-20696 […]
Pierluigi Paganini
September 07, 2022
In the digital age, authentication is paramount to a strong security strategy. Which are the challenges of user authentication? In the digital age, authentication is paramount to a strong security strategy. As virtually every aspect of day-to-day life and business is conducted online, the added convenience has also brought added risk. Information privacy, data sovereignty, […]
Pierluigi Paganini
September 07, 2022
Networking equipment vendor Zyxel addressed a critical vulnerability impacting its network-attached storage (NAS) devices. Zyxel addressed a critical vulnerability, tracked as CVE-2022-34747, impacting its network-attached storage (NAS) devices. The CVE-2022-34747 (CVSS score: 9.8) flaw is classified as a format string vulnerability that resides in Zyxel NAS326 firmware versions prior to V5.21(AAZF.12)C0. An attacker can exploit […]
Pierluigi Paganini
September 06, 2022
Researchers discovered a previously undocumented software control panel, named TeslaGun, used by a cybercrime gang known as TA505. Researchers from cybersecurity firm PRODAFT have discovered a previously undocumented software control panel, tracked as TeslaGun, used by a cybercrime group known as TA505. Russian TA505 hacking group, aka Evil Corp, has been active since 2014 focusing on Retail and banking […]
