Cybersecurity

Pierluigi Paganini December 27, 2021
New Android banking Malware targets Brazil’s Itaú Unibanco Bank

Researchers analyzed a new Android banking malware that targets Brazil’s Itaú Unibanco that spreads through fake Google Play Store pages. Researchers from threat intelligence firm Cyble analyzed a new Android banking malware that targets Brazil’s Itaú Unibanco trying to perform fraudulent financial transactions on the legitimate Itaú Unibanco applications without the victim’s knowledge. Threat actors spread the malware using fake Google Play Store […]

Pierluigi Paganini December 27, 2021
Critical flaws in myPRO HMI/SCADA product could allow takeover vulnerable systems

A researcher found a dozen vulnerabilities in mySCADA myPRO product, some of which have been rated as critical. mySCADA myPRO is a multiplatform, human-machine interface (HMI) and supervisory control and data acquisition (SCADA) system that allows to visualize and control industrial processes. The security researcher Michael Heinzl discovered multiple vulnerabilities in the myPRO product, some […]

Pierluigi Paganini December 26, 2021
Security Affairs newsletter Round 346

A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here. New Rook Ransomware borrows code from Babuk Omicron-themed phishing attacks spread Dridex and taunt […]

Pierluigi Paganini December 26, 2021
‘Spider-Man: No Way Home’ used to spread a cryptominer

Threat actors attempted to take advantage of the interest in the new ‘ Spider-Man: No Way Home’ movie to spread a Monero Cryptominer. Threat actors are attempting to capitalize the interest in the release of Spider-Man: No Way Home movie and use it as bait to spread a Monero cryptominer. ReasonLabs researchers spotted a Russian torrent website […]

Pierluigi Paganini December 25, 2021
New Rook Ransomware borrows code from Babuk

Recently launched ransomware operation, named Rook, made headlines for its announcement claiming a desperate need a lot of money. A new ransomware operation named Rook appeared in the threat landscape, it was first reported by researcher Zach Allen and caught the attention of the experts for its blatant announcement that claims a desperate need to […]

Pierluigi Paganini December 24, 2021
Fisher Price Chatter Bluetooth Telephone 60G LTE has serious privacy issues

Experts found serious privacy issues affecting Fisher Price Chatter Bluetooth Telephone, a Bluetooth headset that appears like a classic kids toy. Fisher Price Chatter Bluetooth Telephone has the appearance of a classic kids toy, but it was designed for adults and allows to make and receive calls over Bluetooth using a nearby smartphone. The device […]

Pierluigi Paganini December 24, 2021
NVIDIA informs customers of its products affected by Log4j flaws

NVIDIA released a security advisory to inform customers what products are affected by the recently disclosed Log4Shell vulnerability. NVIDIA has assessed its products to determine if they are vulnerable to the Log4shell vulnerability in Log4J library. The company states that the following products are not impacted by the Log4j vulnerabilities: GeForce Experience client software GeForceNOW […]

Pierluigi Paganini December 22, 2021
CISA releases a scanner to identify web services affected by Apache Log4j flaws

US CISA release of a scanner for identifying web services affected by two Apache Log4j remote code execution vulnerabilities. The Cybersecurity and Infrastructure Security Agency (CISA) has announced the release of an open-source scanner for identifying web services impacted by Apache Log4j remote code execution vulnerabilities, tracked as CVE-2021-44228 and CVE-2021-45046. “This repository provides a scanning solution […]

Pierluigi Paganini December 22, 2021
PYSA ransomware gang is the most active group in November

PYSA and Lockbit were the most active ransomware gangs in the threat landscape in November 2021, researchers from NCC Group report. Security researchers from NCC Group reported an increase in ransomware attacks in November 2021 over the past month, and PYSA (aka Mespinoza) and Lockbit were the most active ransomware gangs. Experts observed a 400% […]

Pierluigi Paganini December 21, 2021
More than 35,000 Java packages impacted by Log4j flaw, Google warns

Google found more than 35,000 Java packages in the Maven Central repository that are impacted by flaws in the Apache Log4j library. The Google Open Source Team scanned the Maven Central Java package repository and found that 35,863 packages (8% of the total) were using versions of the Apache Log4j library vulnerable to Log4Shell exploit and […]