18096 results
Pierluigi Paganini
July 05, 2022
AstraLocker ransomware operators told BleepingComputer they’re shutting down their operations and are releasing decryptors. AstraLocker ransomware operators told BleepingComputer they’re shutting down the operation and provided decryptors to the VirusTotal malware analysis platform. AstraLocker is based on the source code of the Babuk Locker (Babyk) ransomware that was leaked online on June 2021. BleepingComputer tested the […]
Pierluigi Paganini
July 04, 2022
Google addressed a high-severity zero-day Chrome vulnerability actively exploited in the wild, it is the fourth zero-day patched in 2022. Google has released Chrome 103.0.5060.114 for Windows to fix a high-severity zero-day Chrome vulnerability, tracked as CVE-2022-2294, which is actively exploited in the wild. The flaw is a heap buffer overflow that resides in the […]
Pierluigi Paganini
July 04, 2022
Threat actors claim to have breached a database belonging to Shanghai police and stole the data of a billion Chinese residents. Unknown threat actors claimed to have obtained data of a billion Chinese residents after breaching a database of the Shanghai police. If the incident will be confirmed, this data breach is the largest one […]
Pierluigi Paganini
July 04, 2022
The development team behind the Django Project has addressed a high-severity SQL Injection flaw in its framework. Django is a free and open-source, Python-based web framework that follows the model–template–views (MTV) architectural pattern. Django is maintained by the independent organization Django Software Foundation. The latest releases of the framework, Django 4.0.6 and 3.2.14, addressed a high-severity SQL […]
Pierluigi Paganini
July 04, 2022
Bug bounty platform HackerOne disclosed that a former employee improperly accessed security reports submitted to claim additional bounties The vulnerability coordination and bug bounty platform HackerOne disclosed that a former employee improperly accessed security reports submitted by white-hat hackers to claim additional bounties. The investigation started on June 22nd, 2022, when a customer asked the […]
Pierluigi Paganini
July 04, 2022
The Threat Report Portugal: Q2 2022 compiles data collected on the malicious campaigns that occurred from March to June, Q2, 2022. The Portuguese Abuse Open Feed 0xSI_f33d is an open sharing database with the ability to collect indicators from multiple sources, developed and maintained by Segurança-Informática. This feed is based on automatic searches and is supported by a […]
Pierluigi Paganini
July 04, 2022
US Critical Infrastructure Security Agency (CISA) adds CVE-2022-26925 Windows LSA flaw to its Known Exploited Vulnerabilities Catalog. In May the US CISA removed the CVE-2022-26925 Windows LSA vulnerability from its Known Exploited Vulnerabilities Catalog due to Active Directory (AD) certificate authentication problems observed after the installation of Microsoft’s May 2022 Patch Tuesday security updates. “CISA […]
Pierluigi Paganini
July 03, 2022
Jenkins security team disclosed tens of flaws affecting 29 plugins for the Jenkins automation server, most of them are yet to be patched. Jenkins is the most popular open-source automation server, it is maintained by CloudBees and the Jenkins community. The automation server supports developers build, test and deploy their applications, it has hundreds of thousands […]
Pierluigi Paganini
July 03, 2022
Microsoft announced that the Windows worm Raspberry Robin has already infected the networks of hundreds of organizations. Raspberry Robin is a Windows worm discovered by cybersecurity researchers from Red Canary, the malware propagates through removable USB devices. The malicious code uses Windows Installer to reach out to QNAP-associated domains and download a malicious DLL. The […]
Pierluigi Paganini
July 03, 2022
Google Project Zero states that in H1 2022 at least half of zero-day issues exploited in attacks were related to not properly fixed old flaws. Google Project Zero researcher Maddie Stone published a blog post that resumes her speech at the FIRST conference in June 2022, the presentation is titled “0-day In-the-Wild Exploitation in 2022…so […]
