Cybersecurity Archives - Page 4 of 75

Pierluigi Paganini April 15, 2022

Ways to Develop a Cybersecurity Training Program for Employees

Cybersecurity experts would have you believe that your organization’s employees have a crucial role in bolstering or damaging your company’s security initiatives. While you may disagree, data breach studies show that employees and negligence are the most typical causes of security breaches, yet these prevalent issues are least discussed. According to a recent industry report […]

Pierluigi Paganini April 15, 2022

Analysis of the SunnyDay ransomware

The analysis of a recent sample SunnyDay ransomware revealed some similarities with other ransomware, such as Ever101, Medusa Locker, Curator, and Payment45. Segurança-Informatica published an analysis of a recent sample of SunnyDay ransomware. As a result of the work, some similarities between other ransomware samples such as Ever101, Medusa Locker, Curator, and Payment45 were found. […]

Pierluigi Paganini April 14, 2022

CISA adds Windows CLFS Driver Privilege Escalation flaw to its Known Exploited Vulnerabilities Catalog

The U.S. CISA added the CVE-2022-24521 Microsoft Windows CLFS Driver Privilege Escalation Vulnerability to its Known Exploited Vulnerabilities Catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the CVE-2022-24521 privilege escalation vulnerability in Microsoft Windows Common Log File System (CLFS) Driver. According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB […]

Pierluigi Paganini April 13, 2022

China-linked Hafnium APT leverages Tarrask malware to gain persistence

China-linked Hafnium APT group started using a new piece of new malware to gain persistence on compromised Windows systems. The China-backed Hafnium cyberespionage group is likely behind a piece of a new malware, dubbed Tarrask, that’s used to maintain persistence on compromised Windows systems, reported Microsoft Threat Intelligence Center (MSTIC) experts. HAFNIUM primarily targets entities […]

Pierluigi Paganini April 13, 2022

EU officials were targeted with Israeli surveillance software

According to a report published by Reuters, an Israeli surveillance software was used to spy on senior officials in the European Commission. One of the officials targeted with the infamous spyware there is Didier Reynders, a senior Belgian statesman who has served as the European Justice Commissioner since 2019. The report did not attribute the […]

Pierluigi Paganini April 12, 2022

Microsoft Partch Tuesday for April 2022 fixed 10 critical vulnerabilities

Microsoft Partch Tuesday security updates for April 2022 fixed 128 vulnerabilities, including an actively exploited zero-day reported by NSA. Microsoft Partch Tuesday security updates for April 2022 fixed 128 vulnerabilities in multiple products, including Microsoft Windows and Windows Components, Microsoft Defender and Defender for Endpoint, Microsoft Dynamics, Microsoft Edge (Chromium-based), Exchange Server, Office and Office […]

Pierluigi Paganini April 12, 2022

CISA adds WatchGuard flaw to its Known Exploited Vulnerabilities Catalog

The U.S. CISA added the CVE-2022-23176 flaw in WatchGuard Firebox and XTM appliances to its Known Exploited Vulnerabilities Catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the CVE-2022-23176 flaw in WatchGuard Firebox and XTM appliances to its Known Exploited Vulnerabilities Catalog. According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, […]

Pierluigi Paganini April 11, 2022

Anonymous hacked Russia’s Ministry of Culture and leaked 446 GB

The Anonymous collective has hacked Russia’s Ministry of Culture and leaked 446 GB of data through the DDoSecrets platform. Data leak service DDoSecrets has published over 700 GB of data allegedly stolen from the Russian government, including over 500,000 emails. The dump includes three datasets, the largest one is related to the Ministry of Culture […]

Pierluigi Paganini April 11, 2022

Dependency Review GitHub Action prevents adding known flaws in the code

Dependency Review GitHub Action scans users’ pull requests for dependency changes and will raise an error if any new dependencies have existing flaws. GitHub announced Dependency Review GitHub Action which scans users’ pull requests for dependency changes and will raise an error if any new dependencies have existing flaws that can be exploited in supply […]

Pierluigi Paganini April 11, 2022

Securing Easy Appointments and earning CVE-2022-0482

Easy Appointments contained a very dangerous Broken Access Control vulnerability tracked as CVE-2022-0482 that was exposing PII. Another day, another threat to your data. The recently discovered CVE-2022-0482 is a Broken Access Control vulnerability affecting Easy Appointments, a popular open-source web app written in PHP, used by thousands of sites to manage their online bookings. […]

Cybersecurity

Ways to Develop a Cybersecurity Training Program for Employees

Analysis of the SunnyDay ransomware

CISA adds Windows CLFS Driver Privilege Escalation flaw to its Known Exploited Vulnerabilities Catalog

China-linked Hafnium APT leverages Tarrask malware to gain persistence

EU officials were targeted with Israeli surveillance software

Microsoft Partch Tuesday for April 2022 fixed 10 critical vulnerabilities

CISA adds WatchGuard flaw to its Known Exploited Vulnerabilities Catalog

Anonymous hacked Russia’s Ministry of Culture and leaked 446 GB

Dependency Review GitHub Action prevents adding known flaws in the code

Securing Easy Appointments and earning CVE-2022-0482

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

New Batavia spyware targets Russian industrial enterprises

Taiwan flags security risks in popular Chinese apps after official probe

U.S. CISA adds Google Chromium V8 flaw to its Known Exploited Vulnerabilities catalog

Hunters International ransomware gang shuts down and offers free decryption keys to all victims

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 52

QUICK LINKS

Cybersecurity

newsletter

Subscribe to my email list and stay up-to-date!

recent articles

Subscribe to my email list and stay
up-to-date!