Pierluigi Paganini
July 31, 2022
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs for free in your email box. If you want to also receive for free the newsletter with the international press subscribe here. Reading the âENISA THREAT LANDSCAPE FOR RANSOMWARE ATTACKSâ report CISA orders to patch an actively exploited […]
Pierluigi Paganini
July 31, 2022
North Korea-linked threat actor SharpTongue is using a malicious extension on Chromium-based web browsers to spy on victims’ email accounts. North Korea-linked actor SharpTongue has been using a malicious extension on Chromium-based web browsers to spy on victims’ Gmail and AOL email accounts. Researchers from cybersecurity firm Volexity tracked the threat actors as SharpTongue, but […]
Pierluigi Paganini
July 30, 2022
I’m proud to announce the release of the “ENISA THREAT LANDSCAPE FOR RANSOMWARE ATTACKS” report, Enjoy it! Ransomware has become one of the most dangerous threats for organizations worldwide. Cybercriminal organizations and ransomware gangs have devised new business models that are attracting a broad range of advanced threat actors. It is quite easy today for […]
Pierluigi Paganini
July 30, 2022
US Critical Infrastructure Security Agency (CISA) adds the critical Confluence flaw, tracked as CVE-2022-26138, to its Known Exploited Vulnerabilities Catalog. US CISA has added the recently disclosed Confluence vulnerability, tracked as CVE-2022-26138, to its list of bugs abused in the wild, a flaw that can provide remote attackers with hardcoded credentials following successful exploitation. According to Binding Operational Directive (BOD) […]
Pierluigi Paganini
July 29, 2022
Microsoft linked the recently discovered Raspberry Robin Windows malware to the notorious Evil Corp operation. On July 26, 2022, Microsoft researchers discovered that the FakeUpdates malware was being distributed via Raspberry Robin malware. Raspberry Robin is a Windows worm discovered by cybersecurity researchers from Red Canary, the malware propagates through removable USB devices. The malicious code […]
Pierluigi Paganini
July 29, 2022
Passwords no longer meet the demands of todayâs identity and access requirements. Therefore, strong authentication methods are needed. âUsernames and passwords are insufficient and vulnerable means of authentication on their own; therefore, it is essential to employ strong authentication techniques like multi-factor authentication (MFA) to confirm users’ identities before granting secure access to resources,â Sarah […]
Pierluigi Paganini
July 29, 2022
Threat actors are actively exploiting the recently patched critical flaw in Atlassian Confluence Server and Data Center Recenlty Atlassian released security updates to address a critical hardcoded credentials vulnerability in Confluence Server and Data Center tracked as CVE-2022-26138. A remote, unauthenticated attacker can exploit the vulnerability to log into unpatched servers. Once installed the Questions […]
Pierluigi Paganini
July 29, 2022
Threat actors used multiple npm packages to target Discord users with malware designed to steal their payment card data. A malicious campaign targeting Discord users leverages multiple npm packages to deliver malware that steals their payment card information, Kaspersky researchers warn. The malicious code hidden in the packages, and tracked as Lofy Stealer, is a […]
Pierluigi Paganini
July 28, 2022
This month Akamai blocked the largest distributed denial-of-service (DDoS) attack that hit an organization in Europe. On July 21, 2022, Akamai mitigated the largest DDoS attack that ever hit one of its European customers. The attack hit an Akamai customer in Eastern Europe that was targeted 75 times in the past 30 days with multiple […]
Pierluigi Paganini
July 28, 2022
LibreOffice maintainers addressed three security flaws in their productivity software, including an arbitrary code execution issue. LibreOffice is an open-source office productivity software suite, a project of The Document Foundation (TDF). LibreOffice maintainers addressed three security flaws in their suit, including an arbitrary code execution issue tracked as CVE-2022-26305. The CVE-2022-26305 flaw is classified as the execution of untrusted […]
