Pierluigi Paganini
April 11, 2022
Dependency Review GitHub Action scans users’ pull requests for dependency changes and will raise an error if any new dependencies have existing flaws. GitHub announced Dependency Review GitHub Action which scans users’ pull requests for dependency changes and will raise an error if any new dependencies have existing flaws that can be exploited in supply […]
Pierluigi Paganini
April 11, 2022
Easy Appointments contained a very dangerous Broken Access Control vulnerability tracked as CVE-2022-0482 that was exposing PII. Another day, another threat to your data. The recently discovered CVE-2022-0482 is a Broken Access Control vulnerability affecting Easy Appointments, a popular open-source web app written in PHP, used by thousands of sites to manage their online bookings. […]
Pierluigi Paganini
April 10, 2022
This post provides a timeline of the events related to the Russian invasion of Ukraine from the cyber security perspective. Below is the timeline of the events related to the ongoing invasion of Ukraine that occurred in the previous weeks: April 8 – Anonymous and the IT ARMY of Ukraine continue to target Russian entities […]
Pierluigi Paganini
April 05, 2022
Anonymous continues to support Ukraine against the Russian criminal invasion targeting the Russian military and propaganda. Anonymous leaked personal details of the Russian military stationed in Bucha where the Russian military carried out a massacre of civilians that are accused of having raped and shot local women and children. Leaked data include names, ranks and […]
Pierluigi Paganini
April 04, 2022
VMware released security updates to address the critical remote code execution vulnerability known as Spring4Shell. VMware has published security updates to address the critical remote code execution vulnerability known as Spring4Shell (CVE-2022-22965). According to the virtualization giant, the flaw impacts many of its cloud computing and virtualization products. The Spring4Shell issue was disclosed last week, […]
Pierluigi Paganini
April 04, 2022
Cyble researchers discovered a new remote access trojan (RAT) named Borat capable of conducting DDoS and ransomware attacks. Researchers from threat intelligence firm Cyble discovered a new RAT, named Borat, that enables operators to gain full access and remote control of an infected system. Unlike other RATs, the Borat RAT provides Ransomware and DDOS services […]
Pierluigi Paganini
April 04, 2022
SonarSource discovered a 15-year-old flaw in the PEAR PHP repository that could have enabled supply chain attacks. Researchers from SonarSource discovered two 15-year-old security flaws in the PEAR (PHP Extension and Application Repository) repository that could have enabled supply chain attacks. PEAR is a framework and distribution system for reusable PHP components. According to the expert, […]
Pierluigi Paganini
March 27, 2022
The US Cybersecurity and Infrastructure Security Agency (CISA) added 66 new flaws to its Known Exploited Vulnerabilities Catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added 15 vulnerabilities to its Known Exploited Vulnerabilities Catalog.ⓘ According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities, FCEB agencies have to address the […]
Pierluigi Paganini
March 24, 2022
A researcher discovered critical flaws that can be exploited by remote attackers to hack a building controller popular in Russia. A researcher has identified critical vulnerabilities that can allegedly be exploited to remotely hack a building controller predominantly used by organizations in Russia. Researcher Jose Bertin discovered critical flaws affecting a controller made by Russian […]
Pierluigi Paganini
March 17, 2022
The collective Anonymous and its affiliated groups continue to target the Russian government and private organizations. The collective Anonymous, and other groups in its ecosystem, continue to target the Russian government and private organizations. Let’s summarize the most interesting attacks observed in the last few days. Yesterday Anonymous announced the hack of the website of […]
