Pierluigi Paganini
December 15, 2020
Apple addressed this week serious code execution vulnerabilities that affect its iOS and iPadOS mobile operating systems. Apple released security updates to fix multiple severe code execution vulnerabilities in its iOS and iPadOS mobile operating systems. The IT giant released iOS 14.3 and iPadOS 14.3 version to address eleven security vulnerabilities, including code execution flaws. […]
Pierluigi Paganini
December 12, 2020
A serious flaw in National Instruments CompactRIO controllers could allow remote attackers to disrupt production processes in an organization. A high-severity vulnerability affecting CompactRIO controllers manufactured by the vendor National Instruments (NI) could allow remote attackers to disrupt production processes in an organization. The National Instruments CompactRIO product, a rugged, real-time controller that provides high-performance […]
Pierluigi Paganini
December 11, 2020
Facebook has suspended some accounts linked to APT32 that were involved in cyber espionage campaigns to spread malware. Facebook has suspended several accounts linked to the APT32 cyberespionage that abused the platform to spread malware. Vietnam-linked APT group APT32, also known as OceanLotus and APT-C-00, carried out cyber espionage campaigns against Chinese entities to gather intelligence on […]
Pierluigi Paganini
December 11, 2020
Interview with Massimiliano Brolli, Head of TIM Red Team Research, which is a team of experts that focus on zero-day hunting. For some time now we have been witnessing a series of undocumented vulnerabilities issued by a TIM IT Security laboratory called Red Team Research RTR, which already has 31 new CVEs to date in […]
Pierluigi Paganini
December 09, 2020
Microsoft December 2020 Patch Tuesday security update address 58 vulnerabilities, 22 of them are remote code execution vulnerabilities. Microsoft December 2020 Patch Tuesday security update address 58 vulnerabilities, 22 of them are remote code issues. The flaws impact multiple products including Microsoft Windows, Edge (EdgeHTML-based), ChakraCore, Microsoft Office and Office Services and Web Apps, Exchange […]
Pierluigi Paganini
December 09, 2020
The Apache Software Foundation addressed a possible remote code execution vulnerability in Struts 2 related to the OGNL technology. The Apache Software Foundation has released a security update to address a “possible remote code execution” flaw in Struts 2 that is related to the OGNL technology. The remote code execution flaw, tracked as CVE-2020-17530, resides in […]
Pierluigi Paganini
December 08, 2020
The OpenSSL Project disclosed a serious security vulnerability in TLS/SSL toolkit that exposes users to denial-of-service (DoS) attacks. The OpenSSL Project warned of a ‘high-severity’ security vulnerability in the TLS/SSL toolkit that exposes users to denial-of-service (DoS) attacks. The flaw is a null pointer dereference, successful exploitation could trigger denial-of-service conditions. The vulnerability was reported […]
Pierluigi Paganini
December 08, 2020
Network-attached storage (NAS) vendor QNAP addressed vulnerabilities that could enable attackers to take over unpatched NAS devices. The Taiwanese vendor QNAP has released security updates to fix eight vulnerabilities that could be exploited by attackers to over unpatched NAS devices. The list of vulnerabilities addressed by QNAP is available here, it includes XSS and command injection issues. […]
Pierluigi Paganini
December 07, 2020
Cisco released security updates to fix multiple pre-authentication RCE flaws with public exploits affecting Cisco Security Manager. Cisco has released security updates to address multiple pre-authentication remote code execution vulnerabilities with public exploits affecting Cisco Security Manager (CSM). CSM provides a comprehensive management solution for CISCO devices, including intrusion prevention systems and firewalls (i.e. Cisco ASA appliances, Cisco […]
Pierluigi Paganini
December 06, 2020
Italian police arrested two people that have stolen 10 GB of confidental and alleged secret data from the defense company Leonardo S.p.A. Italian police have arrested two people that have been accused of stealing 10 GB of confidental data and military secrets from defense company Leonardo S.p.A. Leonardo is a state-owned multinational company and one […]
APT / February 05, 2026
