Pierluigi Paganini
November 06, 2021
The Philips Tasy EMR comprehensive healthcare informatics solution is affected by two critical SQL injection vulnerabilities. The Philips Tasy EMR is a comprehensive healthcare informatics solution that is used by thousands of hospitals and healthcare infrastructures, mainly in South America. The product is affected by two critical SQL injection vulnerabilities, tracked as CVE-2021-39375 and CVE-2021-39376 respectively. Both issues […]
Pierluigi Paganini
November 06, 2021
The Zero Day Initiative’s Pwn2Own Austin 2021 hacking contest has ended, and participants earned $1,081,250 for 61 zero-day flaws. Trend Micro’s Zero Day Initiative’s Pwn2Own Austin 2021 hacking contest has ended, the participants earned a total of $1,081,250 for 61 zero-day exploits. The participants compromised NAS devices, mobile phones, printers, routers, and speakers from Canon, Cisco, HP, NETGEAR, […]
Pierluigi Paganini
November 06, 2021
US officials believe that a drone was employed in an attempted attack on a power substation in Pennsylvania last year. US officials believe threat actors used a drone in an attempted attack on a power substation in Pennsylvania last year. The attackers used a DJI Mavic 2 quadcopter-type drone, with a thick copper wire attached underneath it via […]
Pierluigi Paganini
November 05, 2021
US defense contractor Electronic Warfare Associates (EWA) was hit by a cyber attack, threat actors stole personal information from its email system. US defense contractor Electronic Warfare Associates (EWA) has disclosed a data breach after threat actors hacked their email system. The company confirmed that attackers exfiltrated files containing sensitive information. Electronic Warfare Associates provides electronic […]
Pierluigi Paganini
November 05, 2021
Ukraine’s premier law enforcement and counterintelligence revealed the real identities of five FSB members behind the Gamaredon cyberespionage group. Ukraine’s premier law enforcement and counterintelligence disclosed the real identities of five alleged members of the Russia-linked APT group Gamaredon (aka Primitive Bear, Armageddon, Winterflounder, or Iron Tilden) that are suspected to be components of the […]
Pierluigi Paganini
November 05, 2021
A new threat actor is exploiting ProxyShell flaws in attacks aimed at Microsoft Exchange servers to deploy the Babuk Ransomware in corporate networks. Talos researchers warn of a new threat actor that is hacking Microsoft Exchange servers by exploiting ProxyShell flaws to gain access to corporate and deploy the Babuk Ransomware. Over the past months, […]
Pierluigi Paganini
November 05, 2021
Two popular npm libraries, coa and rc., have been hijacked, threat actors replaced them with versions laced with password-stealing malware. The security team of the npm JavaScript package warns that two popular npm libraries, coa and rc., have been hijacked, threat actors replaced them versions laced with password-stealing malware. Coa is a command-line argument parser with approximately 9 million weekly downloads, while […]
Pierluigi Paganini
November 05, 2021
The US government offers up to a $10,000,000 reward for information leading to the identification or arrest of DarkSide gang members. The US government wants to dismantle the DarkSide ransomware operation and its rebrands and it is offering up to a $10,000,000 reward for information leading to the identification or arrest of members of the gang […]
Pierluigi Paganini
November 04, 2021
CISA urges vendors to address BrakTooth flaws after researchers have released public exploit code and a proof of concept tool for them. US CISA is urging vendors to address BrakTooth flaws after security researchers have released public exploit code and a proof of concept tool to test Bluetooth devices against potential Bluetooth exploits. “On November […]
Pierluigi Paganini
November 04, 2021
Cisco fixed critical flaws that could have allowed unauthenticated attackers to access its devices with hard-coded credentials or default SSH keys. Cisco has released security updates to address two critical vulnerabilities that could have allowed unauthenticated attackers to log in to affected devices using hard-coded credentials or default SSH keys. The first flaw fixed by […]
