Pierluigi Paganini
October 03, 2022
Trustwave researchers discovered two XSS flaws in Canon Medical ’s Vitrea View tool that could expose patient information. During a penetration test, Trustwave Spiderlabs’ researchers discovered two reflected cross-site scripting (XSS) vulnerabilities, collectively as CVE-2022-37461, in third-party software for Canon Medical’s Vitrea View. The Vitrea View tool allows viewing and securely share medical images through […]
Pierluigi Paganini
October 02, 2022
Another US defense contractor suffered a data breach, the BlackCat ransomware gang claims to have hacked NJVC. The ALPHV/BlackCat ransomware gang claims to have breached the IT firm NJVC, which supports the federal government and the United States Department of Defense. The company supports intelligence, defense, and geospatial organizations. The company has more than 1,200 employees in locations worldwide. BlackCat added NJVC to […]
Pierluigi Paganini
October 02, 2022
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here. CISA adds Atlassian Bitbucket Server flaw to its Known Exploited Vulnerabilities Catalog Guacamaya hacktivists stole sensitive data […]
Pierluigi Paganini
October 02, 2022
German police arrested one individual suspected of having stolen €4 million from users via large-scale phishing campaigns. Germany’s Bundeskriminalamt (BKA) arrested an individual (24) suspected of having stolen €4,000,000 from internet users via phishing attacks along with a two accomplices who are suspected. The phishing campaigns were conducted between October 3, 2020, and May 29, […]
Pierluigi Paganini
October 01, 2022
CISA added a recently disclosed flaw in Atlassian Bitbucket Server, tracked as CVE-2022-36804, to its Known Exploited Vulnerabilities Catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) this week added a recently disclosed critical vulnerability in Atlassian’s Bitbucket Server and Data Center to its Known Exploited Vulnerabilities Catalog. According to Binding Operational Directive (BOD) 22-01: Reducing the Significant […]
Pierluigi Paganini
October 01, 2022
A hacker group called Guacamaya stole classified government information from multiple military and government agencies across several Latin American countries. Among the data stolen by a group of hackers called Guacamaya (macaw in Spanish) there was a huge trove of emails from Mexico’s Defense Department, which shed the light on the poor resilience of the […]
Pierluigi Paganini
October 01, 2022
The Shangri-La hotel group disclosed a data breach, a database containing the personal information of its customers was compromised. The Shangri-La hotel group disclosed a data breach, threat actors had access to a database containing the personal information of customers at eight of its Asian properties between May and July. The incident impacted hotels in […]
Pierluigi Paganini
September 30, 2022
The US Department of Defense (DoD) shared the results of the Hack US bug bounty program that took place in July. On July 4, 2022, the US Department of Defense (DoD) and HackerOne started the Hack US, a one-week bug bounty challenge, which is considered part of DoD’s vulnerability disclosure program (VDP). The challenge was launched Chief […]
Pierluigi Paganini
September 30, 2022
Security researchers are warning of a new Microsoft Exchange zero-day that are being exploited by malicious actors in the wild. Cybersecurity firm GTSC discovered two Microsoft Exchange zero-day vulnerabilities that are under active exploitation in attacks in the wild. Both flaws were discovered by the researchers as part of an incident response activity in August […]
Pierluigi Paganini
September 30, 2022
Researchers from Mandiant have discovered a novel malware persistence technique within VMware ESXi Hypervisors. Mandiant detailed a novel technique used by malware authors to achieve administrative access within VMware ESXi Hypervisors and take over vCenter servers and virtual machines for Windows and Linux to perform the following actions: The highly targeted and evasive nature of […]
