Pierluigi Paganini
October 11, 2021
The NSA issued a technical advisory to warn organizations against the use of wildcard TLS certificates and the new ALPACA TLS attack. The National Security Agency (NSA) is warning organizations against the use of wildcard TLS certificates and the new ALPACA TLS attack. A wildcard certificate is a public key certificate that can be used […]
Pierluigi Paganini
October 10, 2021
Medical device maker Medtronic recalled the remote controllers used with some of its insulin pumps because of dangerous vulnerabilities. Medical device maker Medtronic has recalled the remote controllers used with some of its insulin pumps because of they are affected by severe vulnerabilities that could lead to injury or death of the patients. An attacker can exploit the vulnerabilities […]
Pierluigi Paganini
October 09, 2021
Google has addressed a total of four high-severity vulnerabilities in the Chrome version for Windows, Mac, and Linux. Google released security updates to address a total of four high-severity vulnerabilities in the Chrome version for Windows, Mac, and Linux. The most severe vulnerability, tracked as CVE-2021-37977, is an after-free issue in Garbage Collection that could […]
Pierluigi Paganini
October 09, 2021
CyberNews researchers found an exposed configuration file hosted on a Sky.com subdomain containing production data. Original post @ https://cybernews.com/news/sky-com-servers-exposed-via-misconfiguration/ CyberNews researchers found an exposed configuration file hosted on a Sky.com subdomain, containing what appear to be production-level database access credentials, as well as addresses to development endpoints. Sky, a subsidiary of Comcast, is Europe’s largest […]
Pierluigi Paganini
October 08, 2021
The Dutch government will not tolerate ransomware attacks that could threaten national security, it will use intelligence or military services to curb them. The Dutch government announced that it will not tolerate cyberattacks that pose a risk to its national security and will employ intelligence or military services to counter them. Cyberespionage and sabotage attacks, […]
Pierluigi Paganini
October 08, 2021
Apache Software Foundation has released HTTP Web Server 2.4.51 to completely address a vulnerability that has been actively exploited in the wild. Apache Software Foundation has released HTTP Web Server 2.4.51 to address an actively exploited path traversal vulnerability (CVE-2021-41773) that was only partially addressed with a previous release. An attacker can trigger the flaw […]
Pierluigi Paganini
October 06, 2021
The governor of Arizona, Doug Ducey, has announced the launch of a Cyber Command Center to address the thousands of attacks that daily target government computers. The governor of Arizona, Doug Ducey, has launched a Cyber Command Center to repel the huge amount of attacks that every day hit the computer systems of the state. […]
Pierluigi Paganini
October 05, 2021
Apache has addressed two vulnerabilities, one of which is a path traversal and file disclosure flaw in its HTTP server actively exploited in the wild. Apache has rolled out security patches to address two flaws, including a path traversal and file disclosure issue in its HTTP server that is actively exploited in the wild. The […]
Pierluigi Paganini
October 05, 2021
Experts discovered many misconfigured Apache Airflow servers exposed online that were leaking sensitive information from prominent tech firms. Apache Airflow is an open-source workflow management platform used by many organizations worldwide for automating business and IT tasks. Researchers from security firm Intezer have discovered many misconfigured Apache Airflow servers exposed online that were leaking sensitive information, including […]
Pierluigi Paganini
October 03, 2021
Experts warn that CVE-2021-38647 OMIGOD flaws affect IBM QRadar Azure and can be exploited by remote attackers to execute arbitrary code. The Open Management Infrastructure RPM package in the IBM QRadar Azure marketplace images is affected by a remote code execution vulnerability tracked as CVE-2021-38647. CVE-2021-38647 is one of the four vulnerabilities in the Open […]
