Pierluigi Paganini
July 15, 2021
Experts said that Israeli surveillance firm Candiru, tracked as Sourgum, exploited zero-days to deliver a new Windows spyware. Microsoft and Citizen Lab believe that the secretive Israel-based Israeli surveillance firm Candiru, tracked as Sourgum, used Windows zero-day exploits to deliver a new Windows spyware dubbed DevilsTongue. According to the experts, at least 100 activists, journalists […]
Pierluigi Paganini
July 15, 2021
Zero-day exploit broker Zerodium is looking for 0day exploits for the VMware vCenter Server Zero-day exploit broker Zerodium announced it is looking for zero-day exploits for VMware vCenter Server. vCenter Server is the centralized management utility for VMware, and is used to manage virtual machines, multiple ESXi hosts, and all dependent components from a single centralized location. The company will […]
Pierluigi Paganini
July 15, 2021
SonicWall has issued an urgent security alert to warn customers of “an imminent ransomware campaing” targeting EOL equipment. SonicWall has issued an urgent security alert to warn companies of “an imminent ransomware campaing” targeting some of its equipment that reached end-of-life (EoL). Threat actors could target unpatched devices belonging to Secure Mobile Access (SMA) 100 series […]
Pierluigi Paganini
July 13, 2021
Adobe addressed multiple critical vulnerabilities in several products, including Adobe Acrobat and Reader application. Adobe addressed multiple critical remote code execution and privilege escalation vulnerabilities in multiple products running on both Windows and macOS systems. The flaws fixed by Adobe affect Acrobat and Reader, Illustrator, Framemaker, Dimension and Bridge products. Below the list of advisories […]
Pierluigi Paganini
July 13, 2021
ModiPwn flaw (CVE-2021-22779) in some of Schneider Electric’s Modicon PLCs can allow attackers to bypass authentication mechanisms and take over the device. Researchers at IoT security firm Armis discovered an authentication bypass vulnerability, tracked as CVE-2021-22779 and dubbed ModiPwn, that affects some of Schneider Electric ’s Modicon PLCs. The flaw can be exploited by an unauthenticated attacker […]
Pierluigi Paganini
July 13, 2021
NetBlocks reported partial disruption to social media and messaging platforms in Cuba from 12 July 2021 shortly after Cubans went to the streets to protest the government. Security experts from NetBlocks are observing partial disruption to social media and messaging platforms in Cuba from 12 July 2021 shortly after Cubans went to the streets to […]
Pierluigi Paganini
July 12, 2021
SolarWinds confirmed that a threat actor is actively exploiting a new zero-day vulnerability in Serv-U products and urges customers to fix it. SolarWinds addressed a zero-day remote code execution flaw in Serv-U products which is actively exploited in the wild by a single threat actor. SolarWinds was informed of the zero-day by Microsoft, the issue affects Serv-U Managed File Transfer […]
Pierluigi Paganini
July 12, 2021
Kaseya has released a security update to address the VSA zero-day vulnerabilities exploited by REvil gang in the massive ransomware supply chain attack. Software vendor Kaseya has released a security update to fix the zero-day vulnerabilities in its VSA software that were exploited by the REvil ransomware gang in the massive ransomware supply chain attack. […]
Pierluigi Paganini
July 11, 2021
President Joe Biden expressed concerns about ransomware attacks carried out by Russian gangs during a phone call with President Vladimir Putin. The recent wave of ransomware attacks carried out by Russian gangs like REvil and Darkside worries US authorities and was discussed by Presidents Biden and Putin during a phone call. The ransomware attacks against […]
Pierluigi Paganini
July 09, 2021
Microsoft confirmed that the emergency security updates (KB5005010) correctly address the PrintNightmare Print Spooler vulnerability (CVE-2021-34527). Microsoft says that the emergency security patches released early this week correctly address the PrintNightmare Print Spooler vulnerability (CVE-2021-34527) for all supported Windows versions. Immediately after the release of the updates (KB5004945) multiple researchers questioned its efficiency and explained […]
