Pierluigi Paganini
January 23, 2023
Researchers found two flaws in Samsung Galaxy Store that could be exploited to install applications or achieve code execution on the devices. Researchers from cybersecurity firm NCC Group published technical details on two vulnerabilities, tracked as CVE-2023-21433 and CVE-2023-21434, in Samsung Galaxy Store that could be exploited to install applications or execute malicious JavaScript code. […]
Pierluigi Paganini
January 23, 2023
The recent Mailchimp data breach has impacted multiple organizations, some of them are already notifying their customers. The popular email marketing and newsletter platform Mailchimp recently disclosed a news data breach, the incident exposed the data of 133 customers. Threat actors targeted the company’s employees and contractors to gain access to an internal support and […]
Pierluigi Paganini
January 23, 2023
Video game developer and publisher Riot Games announced that it will delay the release of game patches after a security incident. Riot Games is an American video game developer, publisher and esports tournament organizer known for the creation of the popular games League of Legends and Valorant. Last week threat actors hacked the company’s systems in its development environment, Riot Games […]
Pierluigi Paganini
January 22, 2023
The OpenText enterprise content management (ECM) system is affected by multiple vulnerabilities, including a critical RCE. Armin Stock (Atos), researcher at cybersecurity firm Sec Consult, discovered multiple vulnerabilities in the OpenText enterprise content management (ECM) product. OpenText Extended ECM is an enterprise CMS platform that manages the information lifecycle by integrating with leading enterprise applications, […]
Pierluigi Paganini
January 22, 2023
Roaming Mantis threat actors were observed using a new variant of their mobile malware Wroba to hijack DNS settings of Wi-Fi routers. Researchers from Kaspersky observed Roaming Mantis threat actors using an updated variant of their mobile malware Wroba to compromise Wi-Fi routers and hijack DNS settings. Roaming Mantis surfaced in March 2018 when hacked routers in Japan to […]
Pierluigi Paganini
January 21, 2023
The Irish Data Protection Commission (DPC) fined Meta’s WhatsApp €5.5 million for violating data protection laws. The popular messaging app WhatsApp has been fined €5.5m by the Irish Data Protection Commission (DPC) for violating the General Data Protection Regulation (GDPR). The DPC has given six months to the Meta-owned company to bring its data processing […]
Pierluigi Paganini
January 21, 2023
Researchers warn of about 19,500 end-of-life Cisco VPN routers on the Internet that are exposed to the recently disclosed RCE exploit chain. Cisco recently warned of a critical vulnerability, tracked as CVE-2023-20025 (CVSS score of 9.0), that impacts small business RV016, RV042, RV042G, and RV082 routers. The IT giant announced that these devices will receive no security […]
Pierluigi Paganini
January 20, 2023
PayPal is sending out data breach notifications to thousands of users because their accounts were compromised through credential stuffing attacks. PayPal announced that 34942 customers’ accounts have been compromised between December 6 and December 8. The company added that the unauthorized accessed were the result of credential stuffing attacks and that its systems were not […]
Pierluigi Paganini
January 20, 2023
An alleged Chinese threat actor was observed exploiting the recently patched CVE-2022-42475 vulnerability in FortiOS SSL-VPN. Researchers from Mandiant reported that suspected Chinese threat actors exploited the recently patched CVE-2022-42475 vulnerability in FortiOS SSL-VPN as a zero-day. According to the security firm, the vulnerability was exploited in attacks against a series of targets, including a […]
Pierluigi Paganini
January 20, 2023
A high-severity flaw (CVE-2023-20010) was found in Cisco Unified Communications Manager and Unified Communications Manager Session Management Edition. Cisco fixed a high-severity SQL injection flaw, tracked as CVE-2023-20010 (CVSS score of 8.1), in Unified Communications Manager and Unified Communications Manager Session Management Edition. Unified Communications Manager solutions provide reliable, secure, scalable, and manageable call control […]
