Cybersecurity

Pierluigi Paganini January 13, 2022
Mozilla addresses High-Risk Firefox, Thunderbird vulnerabilities

Mozilla addressed18 security vulnerabilities affecting the popular Firefox web browser and the Thunderbird mail program. Mozilla released Firefox 96 that addressed 18 security vulnerabilities in its web browser and the Thunderbird mail program. Nine vulnerabilities addressed by the new release are rated high-severity, the most severe one is a race condition issue tracked as CVE-2022-22746. […]

Pierluigi Paganini January 10, 2022
New ZLoader malware campaign hit more than 2000 victims across 111 countries

A malware campaign spreads ZLoader malware by exploiting a Windows vulnerability that was fixed in 2013 but in 2014 Microsoft revised the fix. Experts from Check Point Research uncovered a new ZLoader malware campaign in early November 2021. The malware campaign is still active and threat actors have already stolen data and credentials of more […]

Pierluigi Paganini January 07, 2022
FIN7 group continues to target US companies with BadUSB devices

The Federal Bureau of Investigation (FBI) warns US companies that the FIN7 cybercriminals group is targeting the US defense industry with BadUSB devices. The US Federal Bureau of Investigation issued a flash alert to warn that the financially motivated group FIN7 has sent malicious USB devices, BadUSB devices, to US companies over the past few […]

Pierluigi Paganini January 07, 2022
How to secure QNAP NAS devices? The vendor’s instructions

QNAP is warning customers of ransomware attacks targeting network-attached storage (NAS) devices exposed online. Taiwanese vendor QNAP has warned customers to secure network-attached storage (NAS) exposed online from ransomware and brute-force attacks. “Ransomware and brute-force attacks have been widely targeting all networking devices, and the most vulnerable victims will be those devices exposed to the […]

Pierluigi Paganini January 07, 2022
Threat actor targets VMware Horizon servers using Log4Shell exploits, UK NHS warns

A threat actor attempted to exploit the Log4Shell vulnerability to hack VMWare Horizon servers at UK NHS and deploy web shells. The security team at the UK National Health Service (NHS) announced to have spotted threat actors exploiting the Log4Shell vulnerability to hack VMWare Horizon servers and install web shells. “An unknown threat group has […]

Pierluigi Paganini January 06, 2022
Threat actors stole 1.1 million customer accounts from 17 well-known companies

NY OAG warned 17 companies that roughly 1.1 million of their customers have had their user accounts compromised in credential stuffing attacks. The New York State Office of the Attorney General (NY OAG) has warned 17 companies that roughly 1.1 million accounts of their customers were compromised in credential stuffing attacks. Credential stuffing attacks involve […]

Pierluigi Paganini January 04, 2022
Hospitality Chain McMenamins discloses data breach after ransomware attack

Hospitality chain McMenamins disclosed a data breach after a recent ransomware attack. Hospitality chain McMenamins discloses a data breach after a ransomware attack that took place on December 12. McMenamins is a family-owned chain of brewpubs, breweries, music venues, historic hotels, and theater pubs in Oregon and Washington.  According to the company, threat actors have stolen data of individuals […]

Pierluigi Paganini January 03, 2022
Israeli Media Outlets hacked on the anniversary of Soleimani killing

Threat actors hacked the website of Jerusalem Post and the Twitter account of Maariv outlet on Soleimani killing anniversary. Threat actors have taken over the website of the English-language Jerusalem Post and the Twitter account of Maariv daily newspaper publishing a picture of a fist firing a shell out of a ring with a red stone on a finger toward an […]

Pierluigi Paganini January 03, 2022
The worst cyber attacks of 2021

Which are the cyber attacks of 2021 that had the major impact on organizations worldwide in terms of financial losses and disruption of the operations? CNA Financial (March 2021) – CNA Financial, one of the largest insurance companies in the US, reportedly paid a $40 million ransom to restore access to its files following a […]

Pierluigi Paganini January 02, 2022
Security Affairs newsletter Round 347

A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here. Y2k22 bug in Microsoft Exchange causes failure in email delivery Security Affairs most-read cyber […]