Pierluigi Paganini
December 01, 2024
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. A Case-Control Study to Measure Behavioral Risks of Malware Encounters in Organizations PyPI Python Library “aiocpa” Found Exfiltrating Crypto Keys via Telegram Bot Bootkitty: Analyzing the first UEFI bootkit for Linux Hudson Rock Announces First Comprehensive […]
Pierluigi Paganini
December 01, 2024
Financially-motivated threat actors hacked Uganda ‘s central bank system, government officials confirmed this week. Ugandan officials confirmed on Thursday that the national central bank suffered a security breach by financially-motivated threat actors. The police’s Criminal Investigations Department and the Auditor General are investigating the incident. A senior government official at the finance ministry confirmed that […]
Pierluigi Paganini
November 30, 2024
Russian authorities arrested ransomware affiliate Mikhail Matveev, aka Wazawaka, for developing malware and ties to hacking groups. Russian authorities arrested a ransomware affiliate, Mikhail Pavlovich Matveev (also known as Wazawaka, Uhodiransomwar, m1x, and Boriselcin), and charged him for developing malware and his role in several hacking groups. The man was arrested in Kaliningrad, Russia, law […]
Pierluigi Paganini
November 29, 2024
Zello urges customers with accounts created before November 2 to reset passwords following a potential security breach. Zello is warning customers who have an account created before November 2 to reset their passwords, a circumstance that suggests that the incident took place on November 2. Zello is a tech software company in Austin, Texas, U.S., known for the […]
Pierluigi Paganini
November 27, 2024
Virtualization giant VMware addressed multiple vulnerabilities in its Aria Operations product that can led to privilege escalation and XSS attacks. VMware released security updates to address five vulnerabilities in its Aria Operations product. Aria Operations (formerly known as VMware vRealize Operations) is a comprehensive cloud management and operations platform developed by VMware. It is designed […]
Pierluigi Paganini
November 27, 2024
Data Security Posture Management (DSPM) helps monitor, secure, and ensure compliance for sensitive data, reducing risks across diverse environments. Complying with cybersecurity regulations can be a source of great pain for organizations, especially those that handle and store particularly valuable and vulnerable information. Organizations in sectors like healthcare, finance, legal, and government often process vast […]
Pierluigi Paganini
November 26, 2024
Banshee Stealer, a MacOS Malware-as-a-Service, shut down after its source code leaked online. The code is now available on GitHub. In August 2024, Russian hackers promoted BANSHEE Stealer, a macOS malware targeting x86_64 and ARM64, capable of stealing browser data, crypto wallets, and more. BANSHEE Stealer supports basic evasion techniques, relies on the sysctl API […]
Pierluigi Paganini
November 26, 2024
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Array Networks AG and vxAG ArrayOS flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the Array Networks AG and vxAG ArrayOS flaw CVE-2023-28461 (CVSS score: 9.8) to its Known Exploited Vulnerabilities (KEV) catalog. Array Networks’ AG Series and vxAG (versions 9.4.0.481 and […]
Pierluigi Paganini
November 23, 2024
A cyberattack on gambling giant IGT disrupted its systems, forcing the company to take certain services offline. International Game Technology (IGT) detected a cyberattack on November 17, the company promptly started its incident response procedures. International Game Technology PLC (IGT), formerly Gtech S.p.A. and Lottomatica S.p.A., is a multinational gambling company that produces slot machines […]
Pierluigi Paganini
November 22, 2024
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apple, Oracle Agile PLM bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: This week, Apple released security updates for two zero-day vulnerabilities, tracked as CVE-2024-44309 and CVE-2024-44308, in iOS, iPadOS, […]
APT / February 05, 2026
