Pierluigi Paganini
March 09, 2025
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Akira ransomware gang used an unsecured webcam to bypass EDR Japanese telecom giant NTT suffered a data breach […]
Pierluigi Paganini
March 07, 2025
Mirai-based botnets are exploiting a zero-day flaw, tracked as CVE-2025-1316, in Edimax IP cameras, to achieve remote command execution. US CISA warns that multiple botnets are exploiting a recently disclosed vulnerability, tracked as CVE-2025-1316 (CVSS score of 9.8), in Edimax IC-7100 IP cameras. The issue is an Improper Neutralization of Special Elements used in an […]
Pierluigi Paganini
March 07, 2025
Differential privacy (DP) protects data by adding noise to queries, preventing re-identification while maintaining utility, addressing Artificial Intelligence -era privacy challenges. In the era of Artificial Intelligence, confidentiality and security are becoming significant challenges. Traditional anonymization techniques, such as pseudonymization and k-anonymity, have proven inadequate against sophisticated re-identification attacks. A robust privacy-preserving mechanism called differential […]
Pierluigi Paganini
March 07, 2025
The U.S. Secret Service and global law enforcement seized the domain of sanctioned Russian crypto exchange Garantex. An international law enforcement operation led by U.S. Secret Service seized the website (“garantex[.]org”) of the sanctioned Russian crypto exchange Garantex. In April 2022, the US Treasury Department sanctioned the virtual currency exchange. Garantex has been active since 2019, […]
Pierluigi Paganini
March 06, 2025
Elastic fixed a critical flaw in the Kibana data visualization dashboard software for Elasticsearch that could lead to arbitrary code execution. Elastic released security updates to address a critical vulnerability, tracked as CVE-2025-25012 (CVSS score of 9.9), impacting the Kibana data visualization dashboard software for Elasticsearch. Kibana provides visualization capabilities on top of the content indexed on an Elasticsearch cluster. Users can create bar, line […]
Pierluigi Paganini
March 06, 2025
China-linked Lotus Blossom APT targets governments and industries in Asian countries with new Sagerunex backdoor variants. Talos researchers linked China-backed Lotus Blossom APT (also known as Elise and Esile) to multiple campaigns targeting organizations in sectors such as government, manufacturing, telecommunications and media with the Sagerunex backdoor. The victims of the attacks are in the […]
Pierluigi Paganini
March 05, 2025
Microsoft warns that China-backed APT Silk Typhoon linked to US Treasury hack, is now targeting global IT supply chains, using IT firms to spy and move laterally. Microsoft reported that China-linked APT group Silk Typhoon has shifted tactics to target IT solutions like remote management tools and cloud apps for initial access. Silk Typhoon is […]
Pierluigi Paganini
March 05, 2025
The Eleven11bot botnet has infected over 86,000 IoT devices, mainly security cameras and network video recorders (NVRs). Researchers from Nokia Deepfield Emergency Response Team (ERT) discovered a new botnet named Eleven11bot that has already infected over 86,000 IoT devices. Most infected devices are security cameras and network video recorders (NVRs), which are used to launch […]
Pierluigi Paganini
March 05, 2025
The Polish space agency POLSA announced it has disconnected its network from the internet following a cyberattack. The Polish space agency POLSA was forced to disconnect its network from the internet in response to a cyberattack. The agency revealed that it has disconnected its infrastructure to contain the attack and secure data, a circumstance that […]
Pierluigi Paganini
March 05, 2025
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Linux kernel and VMware ESXi and Workstation flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: The first issue, tracked as CVE-2024-50302, was addressed by Google with the release of the Android […]
