cybersecurity news

Pierluigi Paganini April 04, 2022
VMware released updates to fix the Spring4Shell vulnerability in multiple products

VMware released security updates to address the critical remote code execution vulnerability known as Spring4Shell. VMware has published security updates to address the critical remote code execution vulnerability known as Spring4Shell (CVE-2022-22965). According to the virtualization giant, the flaw impacts many of its cloud computing and virtualization products. The Spring4Shell issue was disclosed last week, […]

Pierluigi Paganini April 04, 2022
Borat RAT, a new RAT that performs ransomware and DDoS attacks

Cyble researchers discovered a new remote access trojan (RAT) named Borat capable of conducting DDoS and ransomware attacks. Researchers from threat intelligence firm Cyble discovered a new RAT, named Borat, that enables operators to gain full access and remote control of an infected system. Unlike other RATs, the Borat RAT provides Ransomware and DDOS services […]

Pierluigi Paganini April 04, 2022
Experts discovered 15-Year-Old vulnerabilities in the PEAR PHP repository

SonarSource discovered a 15-year-old flaw in the PEAR PHP repository that could have enabled supply chain attacks. Researchers from SonarSource discovered two 15-year-old security flaws in the PEAR (PHP Extension and Application Repository) repository that could have enabled supply chain attacks. PEAR is a framework and distribution system for reusable PHP components.  According to the expert, […]

Pierluigi Paganini March 27, 2022
CISA adds 66 new flaws to the Known Exploited Vulnerabilities Catalog

The US Cybersecurity and Infrastructure Security Agency (CISA) added 66 new flaws to its Known Exploited Vulnerabilities Catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added 15 vulnerabilities to its Known Exploited Vulnerabilities Catalog.ⓘ According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the […]

Pierluigi Paganini March 24, 2022
Experts explained how to hack a building controller widely adopted in Russia

A researcher discovered critical flaws that can be exploited by remote attackers to hack a building controller popular in Russia. A researcher has identified critical vulnerabilities that can allegedly be exploited to remotely hack a building controller predominantly used by organizations in Russia. Researcher Jose Bertin discovered critical flaws affecting a controller made by Russian […]

Pierluigi Paganini March 17, 2022
Anonymous continues to support Ukraine against Russia

The collective Anonymous and its affiliated groups continue to target the Russian government and private organizations. The collective Anonymous, and other groups in its ecosystem, continue to target the Russian government and private organizations. Let’s summarize the most interesting attacks observed in the last few days. Yesterday Anonymous announced the hack of the website of […]

Pierluigi Paganini March 16, 2022
Russia-linked threats actors exploited default MFA protocol and PrintNightmare bug to compromise NGO cloud

FBI and CISA warn Russia-linked threats actors gained access to an NGO cloud after enrolling their own device in the organization’s Duo MFA. The Federal Bureau of Investigation (FBI) and Cybersecurity and Infrastructure Security Agency (CISA)  warned that Russia-linked threat actors have gained access to a non-governmental organization (NGO) cloud by exploiting misconfigured default multifactor […]

Pierluigi Paganini March 15, 2022
Critical flaws affect Veeam Data Backup software

Veeam addressed two critical vulnerabilities impacting the Backup & Replication product for virtual environments. Veeam has released security patches to fix two critical vulnerabilities, tracked as CVE-2022-26500 and CVE-2022-26501 (CVSS score of 9.8), impacting the Backup & Replication solution for virtual environments. The solution implements data backup and restore capabilities for virtual machines running on […]

Pierluigi Paganini March 15, 2022
The German BSI agency recommends replacing Kaspersky antivirus software

German Federal Office for Information Security agency, also known as BSI, recommends consumers not to use Kaspersky anti-virus software. The German Federal Office for Information Security agency, aka BSI, recommends consumers uninstall Kaspersky anti-virus software. The Agency warns the cybersecurity firm could be implicated in hacking attacks during the ongoing Russian invasion of Ukraine. According […]

Pierluigi Paganini March 01, 2022
CISA and FBI warn of potential data wiping attacks spillover

US CISA and the FBI warned US organizations that data wiping attacks targeting Ukraine entities could spill over to targets worldwide. The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) published a joint cybersecurity advisory to warn US organizations of data wiping attacks targeting Ukraine that could hit targets worldwide. […]