Pierluigi Paganini
March 18, 2022
Experts spotted a new Unix rootkit, called Caketap, that was used to steal ATM banking data. Mandiant researchers discovered a new Unix rootkit named Caketap, which is used to steal ATM banking data, while investigating the activity of the LightBasin cybercrime group (aka UNC1945). The China-linked hacking group has been active since at least 2016, according […]
Pierluigi Paganini
March 18, 2022
TIM Red Team Research (RTR) researchers discovered a new flaw on Ericsson Network Manager, aka Ericsson flagship network product. TIM Red Team Research (RTR) team discovered a new vulnerability affecting Ericsson Network Manager, which is known as Ericsson flagship network product. Ericsson Network Manager and network OSS As mentioned, we’re talking about an Ericsson flagship […]
Pierluigi Paganini
March 18, 2022
Microsoft released an open-source tool to secure MikroTik routers and check for indicators of compromise for Trickbot malware infections. Microsoft has released an open-source tool, dubbed RouterOS Scanner, that can be used to secure MikroTik routers and check for indicators of compromise associated with Trickbot malware infections. “This analysis has enabled us to develop a […]
Pierluigi Paganini
March 16, 2022
The US Cybersecurity and Infrastructure Security Agency (CISA) added 15 new flaws to its Known Exploited Vulnerabilities Catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added 15 vulnerabilities to its Known Exploited Vulnerabilities Catalog. According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the […]
Pierluigi Paganini
March 16, 2022
FBI and CISA warn Russia-linked threats actors gained access to an NGO cloud after enrolling their own device in the organization’s Duo MFA. The Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA) warned that Russia-linked threat actors have gained access to a non-governmental organization (NGO) cloud by exploiting misconfigured default multifactor […]
Pierluigi Paganini
March 15, 2022
OpenSSL addressed a high-severity denial-of-service (DoS) vulnerability, tracked as CVE-2022-0778, related to certificate parsing. OpenSSL released updates to address a high-severity denial-of-service (DoS) vulnerability, tracked as CVE-2022-0778, that affects the BN_mod_sqrt() function used when certificate parsing. The flaw was discovered by the popular Google Project Zero researchers Tavis Ormandy. An attacker can trigger the vulnerability by crafting […]
Pierluigi Paganini
March 15, 2022
German Federal Office for Information Security agency, also known as BSI, recommends consumers not to use Kaspersky anti-virus software. The German Federal Office for Information Security agency, aka BSI, recommends consumers uninstall Kaspersky anti-virus software. The Agency warns the cybersecurity firm could be implicated in hacking attacks during the ongoing Russian invasion of Ukraine. According […]
Pierluigi Paganini
March 09, 2022
Samsung confirmed that threat actors had access to the source code of its Galaxy smartphones in recent security breach. Samsung this week disclosed a data breach, threat actors had access to internal company data, including the source code of Galaxy models. Last week the Lapsus$ ransomware gang claimed to have stolen a huge trove of sensitive data […]
Pierluigi Paganini
March 09, 2022
Microsoft March 2022 Patch Tuesday security updates address 89 vulnerabilities in multiple products, including 3 zero-days. Microsoft March 2022 Patch Tuesday security updates address 89 vulnerabilities in multiple products, including Microsoft Windows components, Azure and Azure DevOps, Azure Sphere, Internet Explorer and Edge (EdgeHTML), Exchange Server, Office and Office Services and Web Apps, SharePoint Server, […]
Pierluigi Paganini
March 08, 2022
Many IoT and medical devices are affected by seven serious flaws, collectively tracked as Access:7, in widely used Axeda platform. Researchers from medical device cybersecurity company CyberMDX have discovered seven serious flaws, collectively tracked as Access:7, in the widely used Axeda platform of IIoT solutions provider PTC. “Access:7 could enable hackers to remotely execute malicious […]
