Hacking

Pierluigi Paganini October 10, 2024
U.S. CISA adds Ivanti CSA and Fortinet bugs to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Ivanti CSA and Fortinet bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: This week, Fortinet addressed a critical flaw in FortiOS, tracked as CVE-2024-23113 (CVSS score 9.8). The issue if […]

Pierluigi Paganini October 10, 2024
Mozilla issued an urgent Firefox update to fix an actively exploited flaw

Mozilla released an urgent Firefox update to fix a critical use-after-free vulnerability actively exploited in ongoing attacks. Mozilla released an emergency security update for its Firefox browser to address a critical use-after-free vulnerability, tracked as CVE-2024-9680, that is actively exploited in attacks. The vulnerability CVE-2024-9680 resides in Animation timelines. Firefox Animation Timelines is a feature […]

Pierluigi Paganini October 10, 2024
Palo Alto fixed critical flaws in PAN-OS firewalls that allow for full compromise of the devices

Palo Alto fixed critical flaws in PAN-OS firewalls, warning that attackers could chain these vulnerabilities to hijack the devices. Palo Alto Networks addressed multiple vulnerabilities that an attacker can chain to hijack PAN-OS firewalls. The vulnerabilities reside in the Palo Alto Networks’ Expedition solution, which is a migration tool designed to help organizations move configurations […]

Pierluigi Paganini October 09, 2024
Cybercriminals Are Targeting AI Conversational Platforms

Resecurity reports a rise in attacks on AI Conversational platforms, targeting chatbots that use NLP and ML to enable automated, human-like interactions with consumers. Resecurity has observed a spike in malicious campaigns targeting AI agents and Conversational AI platforms that leverage chatbots to provide automated, human-like interactions for consumers. Conversational AI platforms are designed to […]

Pierluigi Paganini October 09, 2024
Awaken Likho APT group targets Russian government with a new implant

A threat actor tracked as Awaken Likho is targeting Russian government agencies and industrial entities, reported cybersecurity firm Kaspersky. A recent investigation by Kaspersky researchers into the APT group Awaken Likho (aka Core Werewolf and PseudoGamaredon) uncovered a new campaign from June to August 2024, showing a shift from UltraVNC to the MeshCentral platform for […]

Pierluigi Paganini October 09, 2024
U.S. CISA adds Windows and Qualcomm bugs to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Windows and Qualcomm bugs to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: Qualcomm this week addressed 20 vulnerabilities in its products, including a potential zero-day issue tracked as CVE-2024-43047 (CVSS score […]

Pierluigi Paganini October 08, 2024
Three new Ivanti CSA zero-day actively exploited in attacks

Software company Ivanti released security patches for three new CSA zero-day vulnerabilities actively exploited in attacks. Ivanti warned of three new security vulnerabilities (CVE-2024-9379, CVE-2024-9380, and CVE-2024-9381) in its Cloud Service Appliance (CSA) that are actively exploited in attacks in the wild. Below are the descriptions of the three vulnerabilities: Threat actors are chaining these […]

Pierluigi Paganini October 08, 2024
Ukrainian national pleads guilty in U.S. court for operating the Raccoon Infostealer

Ukrainian national pleads guilty in U.S. court for operating the Raccoon Infostealer, used to steal sensitive data globally. Ukrainian national Mark Sokolovsky has pleaded guilty in a US court to operating the Raccoon Infostealer. In October 2020, the US Justice Department charged Sokolovsky with computer fraud for allegedly infecting millions of computers with the Raccoon Infostealer. […]

Pierluigi Paganini October 08, 2024
Qualcomm fixed a zero-day exploited limited, targeted attacks

Qualcomm warns of 20 flaws in its products, including a potential zero-day vulnerability, in the DSP service that impacts multiple chipsets. Qualcomm addressed 20 vulnerabilities in its products, including a potential zero-day issue tracked as CVE-2024-43047 (CVSS score 7.8). The vulnerability stems from a use-after-free bug that could lead to memory corruption. The zero-day vulnerability […]

Pierluigi Paganini October 08, 2024
MoneyGram discloses data breach following September cyberattack

MoneyGram disclosed a data breach following a cyberattack in September, during which threat actors stole customer data. In September, American interstate and international peer-to-peer payments and money transfer company MoneyGram confirmed that its services are currently unavailable due to a cyberattack. On September 22, the company informed its customers that it was experiencing a network outage impacting connectivity to several […]