Pierluigi Paganini
April 21, 2022
A critical RCE flaw in Android devices running on Qualcomm and MediaTek chipsets could allow access to users’ media files. Security researchers at Check Point Research have discovered a critical remote code execution that affects the implementation of the Apple Lossless Audio Codec (ALAC) in Android devices running on Qualcomm and MediaTek chipsets. The ALAC […]
Pierluigi Paganini
April 21, 2022
Threat intelligence firm Resecurity details how crooks are delivering IRS tax scams and phishing attacks posing as government vendors. Cybercriminals are leveraging advanced tactics in their phishing-kits granting them a high delivery success rate of spoofed e-mails which contain malicious attachments right before the end of the 2021 IRS income tax return deadline in the […]
Pierluigi Paganini
April 21, 2022
Cisco addressed a high severity vulnerability in the Cisco Umbrella Virtual Appliance (VA) that could allow stealing admin credentials. Cisco addressed a high severity vulnerability in the Cisco Umbrella Virtual Appliance (VA), tracked as CVE-2022-20773, that could be exploited by an unauthenticated attacker to steal admin credentials remotely. Umbrella is Cisco’s cloud-based Secure Internet Gateway (SIG) […]
Pierluigi Paganini
April 21, 2022
CVE-2022-20685 flaw in the Modbus preprocessor of the Snort detection engine could trigger a DoS condition and make it ineffective against malicious traffic. Snort is a free open source network intrusion detection system (IDS) and intrusion prevention system (IPS) which is currently developed by Cisco. The software performs real-time traffic analysis and packet logging on Internet Protocol (IP) networks, protocol analysis, content searching and […]
Pierluigi Paganini
April 21, 2022
Cybersecurity agencies of the Five Eyes intelligence alliance warn of cyberattacks conducted by Russia-linked threat actors on critical infrastructure. Cybersecurity agencies of the Five Eyes intelligence alliance (United States, Australia, Canada, New Zealand, and the United Kingdom) issued a joint advisory warning of cyber attacks on critical infrastructure conducted by Russia-linked threat actors and criminal cyber threats. […]
Pierluigi Paganini
April 20, 2022
The Anonymous collective and affiliate groups intensify their attacks and claimed to have breached multiple organizations. Anonymous and groups linked to the famous collective continues to target Russian organizations, the hacktivist are breaching their systems and leak stolen data online. Below the organizations breached in the last three days, since my previous update: Tendertech is […]
Pierluigi Paganini
April 20, 2022
US Critical Infrastructure Security Agency (CISA) adds a Windows Print Spooler vulnerability to its Known Exploited Vulnerabilities Catalog. The Cybersecurity and Infrastructure Security Agency (CISA) added the Windows Print Spooler, tracked as CVE-2022-22718, to its Known Exploited Vulnerabilities Catalog. According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have […]
Pierluigi Paganini
April 20, 2022
QNAP urges customers to disable Universal Plug and Play (UPnP) port forwarding on their routers to secure their NAS devices. Taiwanese vendor QNAP urges customers to disable Universal Plug and Play (UPnP) port forwarding on their routers to protect their network-attached storage (NAS) devices from attacks. UPnP is an insecure protocol, it uses network UDP […]
Pierluigi Paganini
April 19, 2022
Lenovo warns of vulnerabilities in its Unified Extensible Firmware Interface (UEFI) shipped with at least 100 notebook models. Lenovo has published a security advisory to warn customers of vulnerabilities that affect its Unified Extensible Firmware Interface (UEFI) loaded on at least 100 of its notebook models, including IdeaPad 3, Legion 5 Pro-16ACH6 H, and Yoga […]
Pierluigi Paganini
April 18, 2022
US CISA adds a VMware privilege escalation flaw and a Google Chrome type confusion issue to its Known Exploited Vulnerabilities Catalog. The Cybersecurity and Infrastructure Security Agency (CISA) added a VMware privilege escalation flaw (CVE-2022-22960) and a Google Chrome type confusion issue (CVE-2022-1364) to its Known Exploited Vulnerabilities Catalog. According to Binding Operational Directive (BOD) 22-01: […]
