Cybersecurity

Pierluigi Paganini December 30, 2021
China-linked APT group Aquatic Panda leverages Log4Shell in recent attack

China-linked APT group Aquatic Panda is exploiting the Log4Shell vulnerability to compromise a large academic institution. China-linked cyberespionage group Aquatic Panda was spotted exploiting the Log4Shell vulnerability (CVE 2021-44228) in an attack aimed at a large academic institution. According to the Crowdstrike OverWatch team, the APT group is using a modified version of the Log4j […]

Pierluigi Paganini December 29, 2021
China-linked BlackTech APT uses new Flagpro malware in recent attacks

China-linked BlackTech cyberespionage group was targeting Japanese companies using new malware tracked as ‘Flagpro’. Researchers from NTT Security reported that China-linked BlackTech cyberespionage group targeted Japanese companies using new malware tracked as ‘Flagpro’. Attacks using Flagpro targeted multiple companies in Defense, Media, and Communications industries several times.  According to a report by NTT Security, Flagpro has […]

Pierluigi Paganini December 28, 2021
LastPass investigated recent reports of blocked login attempts

Password manager app LastPass confirmed that threat actors have launched a credential stuffing attack against its users. While LastPass says that it is not aware that some of its accounts were compromised in the recent credential stuffing attacks that started on Monday, numerous LastPass users claim that their master passwords have been compromised after receiving […]

Pierluigi Paganini December 28, 2021
Threat actors are abusing MSBuild to implant Cobalt Strike Beacons

Experts warn of malicious campaigns abusing Microsoft Build Engine (MSBuild) to execute a Cobalt Strike payload on compromised systems. Security expert from Morphus Labs recently observed several malicious campaigns abusing Microsoft Build Engine (MSBuild) to execute a Cobalt Strike payload on compromised machines. MSBuild is a free and open-source build toolset for managed code as well […]

Pierluigi Paganini December 28, 2021
Shutterfly hit by a Conti ransomware attack

Shutterfly, an online platform for photography and personalized products, has been affected by a ransomware attack. Shutterfly, is American photography, photography products, and image sharing company that owns multiple brands such as BorrowLenses, GrooveBook, Lifetouch, Shutterfly, Snapfish, Spoonflower, and Tiny Prints. The service allows users to create personalized photo gifts such as smartphone cases, photo books, wall art, and […]

Pierluigi Paganini December 27, 2021
Apache addressed a couple of severe vulnerabilities in Apache HTTP Server

The Apache Software Foundation released Apache HTTP Server 2.4.52 to address a couple of security flaws that can lead to remote code execution. The Apache Software Foundation has released the Apache HTTP Server 2.4.52 to address a couple of vulnerabilities, tracked as CVE-2021-44790 and CVE-2021-44224, that can lead to remote code execution attacks. The CVE-2021-44790 […]

Pierluigi Paganini December 27, 2021
Experts found backdoors in a popular Auerswald VoIP appliance

Researchers found multiple backdoors in popular VoIP (voice over Internet protocol) appliance made by the German manufacturer Auerswald. Researchers from RedTeam Pentesting discovered multiple backdoors in a popular VoIP (voice over Internet protocol) appliance made by the German manufacturer Auerswald. The backdoors were discovered as part of penetration testing, they allow attackers to gain full […]

Pierluigi Paganini December 27, 2021
Albania Prime Minister apologizes over the recent massive leak of government data

Albania’s prime minister Edi Rama apologized for the massive leak of personal records from a government database of state. Albania’s prime minister this week apologized for the massive leak of personal records from a government database of state. Exposed records include the personal identity card numbers, employment and salary data of some 637,000 people. The […]

Pierluigi Paganini December 27, 2021
New Android banking Malware targets Brazil’s ItaĂș Unibanco Bank

Researchers analyzed a new Android banking malware that targets Brazil’s ItaĂș Unibanco that spreads through fake Google Play Store pages. Researchers from threat intelligence firm Cyble analyzed a new Android banking malware that targets Brazil’s ItaĂș Unibanco trying to perform fraudulent financial transactions on the legitimate ItaĂș Unibanco applications without the victim’s knowledge. Threat actors spread the malware using fake Google Play Store […]

Pierluigi Paganini December 27, 2021
Critical flaws in myPRO HMI/SCADA product could allow takeover vulnerable systems

A researcher found a dozen vulnerabilities in mySCADA myPRO product, some of which have been rated as critical. mySCADA myPRO is a multiplatform, human-machine interface (HMI) and supervisory control and data acquisition (SCADA) system that allows to visualize and control industrial processes. The security researcher Michael Heinzl discovered multiple vulnerabilities in the myPRO product, some […]