Pierluigi Paganini
July 30, 2022
US Critical Infrastructure Security Agency (CISA) adds the critical Confluence flaw, tracked as CVE-2022-26138, to its Known Exploited Vulnerabilities Catalog. US CISA has added the recently disclosed Confluence vulnerability, tracked as CVE-2022-26138, to its list of bugs abused in the wild, a flaw that can provide remote attackers with hardcoded credentials following successful exploitation. According to Binding Operational Directive (BOD) […]
Pierluigi Paganini
July 29, 2022
Microsoft linked the recently discovered Raspberry Robin Windows malware to the notorious Evil Corp operation. On July 26, 2022, Microsoft researchers discovered that the FakeUpdates malware was being distributed via Raspberry Robin malware. Raspberry Robin is a Windows worm discovered by cybersecurity researchers from Red Canary, the malware propagates through removable USB devices. The malicious code […]
Pierluigi Paganini
July 29, 2022
Threat actors are actively exploiting the recently patched critical flaw in Atlassian Confluence Server and Data Center Recenlty Atlassian released security updates to address a critical hardcoded credentials vulnerability in Confluence Server and Data Center tracked as CVE-2022-26138. A remote, unauthenticated attacker can exploit the vulnerability to log into unpatched servers. Once installed the Questions […]
Pierluigi Paganini
July 28, 2022
This month Akamai blocked the largest distributed denial-of-service (DDoS) attack that hit an organization in Europe. On July 21, 2022, Akamai mitigated the largest DDoS attack that ever hit one of its European customers. The attack hit an Akamai customer in Eastern Europe that was targeted 75 times in the past 30 days with multiple […]
Pierluigi Paganini
July 28, 2022
Threat actors are devising new attack tactics in response to Microsoft’s decision to block Macros by default. In response to Microsoft’s decision steps to block Excel 4.0 (XLM or XL4) and Visual Basic for Applications (VBA) macros by default in Microsoft Office applications, threat actors are adopting new attack techniques. Researchers from Proofpoint reported that […]
Pierluigi Paganini
July 28, 2022
ENISA published a report that includes anonymised and aggregated information about major telecom security incidents in 2021. ENISA published a report that provides anonymized and aggregated information about major telecom security incidents in 2021. Every European telecom operator that suffers a security incident, notifies its national authorities which share a summary of these reports to […]
Pierluigi Paganini
July 28, 2022
Microsoft linked a private-sector offensive actor (PSOA) to attacks using multiple zero-day exploits for its Subzero malware. The Microsoft Threat Intelligence Center (MSTIC) and the Microsoft Security Response Center (MSRC) researchers linked a threat group known as Knotweed to an Austrian surveillance firm named DSIRF, known for using multiple Windows and Adobe zero-day exploits. The […]
Pierluigi Paganini
July 27, 2022
Threat actors are increasingly abusing Internet Information Services (IIS) extensions to maintain persistence on target servers. Microsoft warns of threat actors that are increasingly abusing Internet Information Services (IIS) extensions to establish covert backdoors into servers and maintain persistence in the target networks. IIS backdoors are also hard to detect because they follow the same […]
Pierluigi Paganini
July 27, 2022
Researchers uncovered an ongoing operation, codenamed DUCKTAIL that targets Facebook Business and Ad Accounts. Researchers from WithSecure (formerly F-Secure Business) have discovered an ongoing operation, named DUCKTAIL, that targets individuals and organizations that operate on Facebook’s Business and Ads platform. Experts attribute the campaign to a Vietnamese financially motivated threat actor which is suspected to […]
Pierluigi Paganini
July 27, 2022
Researchers found similarities between LockBit 3.0 ransomware and BlackMatter, which is a rebranded variant of the DarkSide ransomware. Cybersecurity researchers have found similarities between the latest version of the LockBit ransomware, LockBit 3.0, and the BlackMatter ransomware. The Lockbit 3.0 ransomware was released in June with important novelties such as a bug bounty program, Zcash payment, and new extortion […]
