Pierluigi Paganini
February 18, 2022
Researchers developed an exploit code for CVE-2022-24086 vulnerability affecting Adobe Commerce and Magento Open Source. Positive Technologies researchers have created a working PoC exploit for the recently patched CVE-2022-24086 vulnerability affecting its Commerce and Magento Open Source products. An attacker could use the exploit to achieve remote code execution from an unauthenticated user. This week, Adobe rolled […]
Pierluigi Paganini
February 17, 2022
Cisco warns of a DoS issue affecting its Email Security Appliance (ESA) product that could be exploited using specially crafted emails. Cisco ESA products are affected by a DoS vulnerability, tracked as CVE-2022-20653, that resides in the DNS-based Authentication of Named Entities (DANE) email verification component of Cisco AsyncOS Software for ESA. A remote, unauthenticated attacker […]
Pierluigi Paganini
February 17, 2022
The European Data Protection Supervisor authority called for a ban on the development and the use of Pegasus-like commercial spyware. The European Data Protection Supervisor (EDPS) authority this week called for a ban on the development and the use of surveillance software like the Pegasus spyware in the EU. Pegasus is a surveillance malware developed by […]
Pierluigi Paganini
February 16, 2022
Russia-linked threat actors have breached the network of U.S. cleared defense contractors (CDCs) since at least January 2020. According to a joint alert published by the FBI, NSA, and CISA, Russia-linked threat actors conducted a cyber espionage campaign aimed at US cleared defense contractors to steal sensitive info related to intelligence programs and capabilities. CDCs […]
Pierluigi Paganini
February 16, 2022
Researchers disclose a now-patched remote code execution (RCE) vulnerability in the Apache Cassandra database software. JFrog researchers publicly disclosed details of a now-patched high-severity security vulnerability (CVE-2021-44521) in Apache Cassandra database software that could be exploited by remote attackers to achieve code execution on affected installations. Apache Cassandra is an open-source NoSQL distributed database used […]
Pierluigi Paganini
February 16, 2022
The U.S. CISA added to the Known Exploited Vulnerabilities Catalog another 9 security flaws actively exploited in the wild. US Cybersecurity and Infrastructure Security Agency (CISA) added nine new vulnerabilities to its Known Exploited Vulnerabilities Catalog, including two recently patched zero-day issues affecting Adobe Commerce/Magento Open Source and Google Chrome. CISA orders all Federal Civilian Executive […]
Pierluigi Paganini
February 16, 2022
VMware addressed several high-severity flaws that were disclosed during China’s Tianfu Cup hacking contest. VMware addressed several high-severity vulnerabilities that were demonstrated by Kunlun Lab team during China’s Tianfu Cup 2021 hacking contest. The vulnerabilities impact VMware ESXi, Workstation, and Fusion. Below is the list published by the virtualization giant: CVE-2021-22040 – VMware ESXi, Workstation, and […]
Pierluigi Paganini
February 15, 2022
Google fixed a high-severity zero-day flaw actively exploited with the release of Chrome emergency update for Windows, Mac, and Linux. Google fixed a high-severity zero-day flaw, tracked as CVE-2022-0609, actively exploited with the release of Chrome emergency update for Windows, Mac, and Linux. This is the first Chome zero-day fixed this year by Google. The zero-day […]
Pierluigi Paganini
February 14, 2022
The US Federal Bureau of Investigation (FBI) said that the BlackByte ransomware gang has breached at least three organizations from US critical infrastructure sectors. The US Federal Bureau of Investigation (FBI) published a joint cybersecurity advisory with the US Secret Services which revealed that the BlackByte ransomware group has breached at least three organizations from US critical […]
Pierluigi Paganini
February 12, 2022
Organizations are addressing zero-day vulnerabilities more quickly, compared to last year, Google’s Project Zero reported. According to Google’s Project Zero researchers, organizations are addressing zero-day vulnerabilities more quickly, compared to last year. Software vendors took an average of 52 days to address vulnerabilities reported from Project Zero while 3 years ago the average was of […]
