Pierluigi Paganini
February 18, 2022
Researchers developed an exploit code for CVE-2022-24086 vulnerability affecting Adobe Commerce and Magento Open Source. Positive Technologies researchers have created a working PoC exploit for the recently patched CVE-2022-24086 vulnerability affecting its Commerce and Magento Open Source products. An attacker could use the exploit to achieve remote code execution from an unauthenticated user. This week, Adobe rolled […]
Pierluigi Paganini
February 17, 2022
Attackers compromise Microsoft Teams accounts to attach malicious executables to chat and spread them to participants in the conversation. While the popularity of Microsoft Teams continues to grow, with roughly 270 million monthly active users, threat actors started using it as an attack vector. Starting in January 2022, security researchers from Avanan observed attackers compromising […]
Pierluigi Paganini
February 17, 2022
Cisco warns of a DoS issue affecting its Email Security Appliance (ESA) product that could be exploited using specially crafted emails. Cisco ESA products are affected by a DoS vulnerability, tracked as CVE-2022-20653, that resides in the DNS-based Authentication of Named Entities (DANE) email verification component of Cisco AsyncOS Software for ESA. A remote, unauthenticated attacker […]
Pierluigi Paganini
February 17, 2022
Researchers spotted a new Golang-based botnet called Kraken that is under active development and supports a lot of backdoor capabilities. Kraken is a new Golang-based botnet discovered in late October 2021 by researchers from threat intelligence firm ZeroFox Intelligence. Experts pointed out that despite having the same name, this botnet should not be confused with the Kraken […]
Pierluigi Paganini
February 17, 2022
The International Committee of the Red Cross (ICRC) said attackers that breached its network last month exploited a Zoho bug. The International Committee of the Red Cross (ICRC) revealed that the attack that breached its network in January was conducted by a nation-state actor that exploited a Zoho vulnerability. In January, a cyberattack on a […]
Pierluigi Paganini
February 16, 2022
Russia-linked threat actors have breached the network of U.S. cleared defense contractors (CDCs) since at least January 2020. According to a joint alert published by the FBI, NSA, and CISA, Russia-linked threat actors conducted a cyber espionage campaign aimed at US cleared defense contractors to steal sensitive info related to intelligence programs and capabilities. CDCs […]
Pierluigi Paganini
February 16, 2022
TrickBot malware is targeting customers of 60 financial and technology companies with new anti-analysis features. The infamous TrickBot malware was employed in attacks against customers of 60 financial and technology companies with new anti-analysis features. The news wave of attacks aimed at cryptocurrency firms, most of them located in the U.S.. Trickbot is a sophisticated, […]
Pierluigi Paganini
February 16, 2022
Researchers disclose a now-patched remote code execution (RCE) vulnerability in the Apache Cassandra database software. JFrog researchers publicly disclosed details of a now-patched high-severity security vulnerability (CVE-2021-44521) in Apache Cassandra database software that could be exploited by remote attackers to achieve code execution on affected installations. Apache Cassandra is an open-source NoSQL distributed database used […]
Pierluigi Paganini
February 16, 2022
VMware addressed several high-severity flaws that were disclosed during China’s Tianfu Cup hacking contest. VMware addressed several high-severity vulnerabilities that were demonstrated by Kunlun Lab team during China’s Tianfu Cup 2021 hacking contest. The vulnerabilities impact VMware ESXi, Workstation, and Fusion. Below is the list published by the virtualization giant: CVE-2021-22040 – VMware ESXi, Workstation, and […]
Pierluigi Paganini
February 15, 2022
Ukraine ‘s defense agencies and two state-owned banks were hit by Distributed Denial-of-Service (DDoS) attacks. The Ministry of Defense and the Armed Forces of Ukraine and state-owned banks, Privatbank (Ukraine’s largest bank) and Oschadbank were hit by Distributed Denial-of-Service (DDoS) attacks. The website of the Ukrainian Ministry of Defense has been taken down by the wave of […]
