Cybersecurity

Pierluigi Paganini November 30, 2021
New EwDoor Botnet is targeting AT&T customers

360 Netlab experts spotted a new botnet dubbed EwDoor that infects unpatched AT&T enterprise network edge devices. Experts from Qihoo 360’s Network Security Research Lab discovered a new botnet, dubbed EwDoor, that targets AT&T customers using EdgeMarc Enterprise Session Border Controller (ESBC) edge devices that are publicly exposed to the Internet. The attackers are targeting Edgewater Networks’ […]

Pierluigi Paganini November 30, 2021
Critical Printing Shellz flaws impact 150 HP multifunction printer models

Researchers discovered a critical wormable buffer overflow vulnerability that affects 150 different HP multifunction printer models (MFPs). Cybersecurity researchers from F-Secure have discovered two critical vulnerabilities, collectively tracked as Printing Shellz, that impact approximately 150 multifunction printer models. The vulnerabilities can be exploited by attackers to take control of vulnerable devices and steal sensitive information, […]

Pierluigi Paganini November 29, 2021
Panasonic confirmed that its network was illegally accessed by attackers

Panasonic disclosed a security breach after threat actors gained access to its servers storing potentially sensitive information. Japanese electronics giant Panasonic disclosed a security breach after threat actors gained access to some servers of the company containing sensitive data. The company discovered the intrusion on November 11 and immediately launched an investigation, which is still […]

Pierluigi Paganini November 29, 2021
Israel cut cyber export list, excluding totalitarian regimes

Israel’s Ministry of Defense bans the sale of surveillance software and offensive hacking tools to tens of countries. Israel’s Ministry of Defense has cut the list of countries to which Israeli surveillance and cybersecurity firms could sell their products and services. 65 countries have been excluded from the export list, which now includes only 37 […]

Pierluigi Paganini November 28, 2021
French court indicted Nexa Technologies for complicity in acts of torture

Nexa Technologies was indicted for complicity in acts of torture, the French firm is accused of having sold surveillance equipment to the Egypt. Nexa Technologies offers a range of solutions for homeland security, including surveillance solutions. Now the French company was accused of having sold surveillance software to the Egyptian regime. The cybersurveillance equipment was […]

Pierluigi Paganini November 28, 2021
0patch releases unofficial patches for CVE-2021-24084 Windows 10 zero-day

0patch released free unofficial patches for Windows local privilege escalation zero-day (CVE-2021-24084) in Windows 10, version 1809 and later. 0patch released free unofficial patches for Windows local privilege escalation zero-day (CVE-2021-24084) in Windows 10, version 1809 and later. The issue doesn’t impact Windows Servers because the vulnerable functionality in not implemented in these OSs. The […]

Pierluigi Paganini November 28, 2021
Security Affairs newsletter Round 342

A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here. Italy’s Antitrust Agency fines Apple and Google for aggressive practices of data acquisition HAEICHI-II: […]

Pierluigi Paganini November 27, 2021
Italy’s Antitrust Agency fines Apple and Google for aggressive practices of data acquisition

Italy’s antitrust regulator, AutoritĂ  Garante della Concorrenza e del Mercato (AGCM), has fined Apple and Google €10 million each their “aggressive” data practices. Italy’s antitrust regulator, AutoritĂ  Garante della Concorrenza e del Mercato (AGCM), has fined Apple and Google €10 million each their “aggressive” data practices and the lack of transparency on the use of […]

Pierluigi Paganini November 23, 2021
Malware are already attempting to exploit new Windows Installer zero-day

Vxers are already attempting to use the proof-of-concept exploit code targeting a new Microsoft Windows Installer zero-day publicly disclosed on Sunday. Malware authors are already attempting to use the proof-of-concept exploit code targeting a new Microsoft Windows Installer zero-day publicly disclosed on Sunday. The security researcher Abdelhamid Naceri has publicly disclosed the exploit for a […]

Pierluigi Paganini November 17, 2021
The rise of millionaire zero-day exploit markets

Researchers detailed the multi-millionaire market of zero-day exploits, a parallel economy that is fueling the threat landscape. Zero-day exploits are essential weapons in the arsenal of nation-state actors and cybercrime groups. The increased demand for exploits is fueling a millionaire market where these malicious codes are incredibly expensive. Researchers from Digital Shadows published an interesting […]