MUST READ

Cisco became aware of a new attack variant against Secure Firewall ASA and FTD devices

 | 

Google sounds alarm on self-modifying AI malware

 | 

Alleged Russia-linked Curly COMrades exploit Windows Hyper-V to evade EDRs

 | 

SonicWall blames state-sponsored hackers for September security breach

 | 

U.S. sanctioned North Korea bankers for laundering funds linked to cyberattacks and peapons program

 | 

Former cybersecurity employees attempted to extort five U.S. companies in 2023 using BlackCat ransomware attacks

 | 

U.S. CISA adds Gladinet CentreStack, and CWP Control Web Panel flaws to its Known Exploited Vulnerabilities catalog

 | 

Nine arrested in €600M crypto laundering bust across Europe

 | 

Google fixed a critical remote code execution in Android

 | 

SesameOp: New backdoor exploits OpenAI API for covert C2

 | 

Google Big Sleep found five vulnerabilities in Safari

 | 

Jabber Zeus developer ‘MrICQ’ extradited to US from Italy

 | 

Chrome 142 Released: Two high-severity V8 flaws fixed, $100K in rewards paid

 | 

Android Apps misusing NFC and HCE to steal payment data on the rise

 | 

Conduent January 2025 breach impacts 10M+ people

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 69

 | 

Security Affairs newsletter Round 548 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Ukrainian extradited to US over Conti ransomware involvement

 | 

BadCandy Webshell threatens unpatched Cisco IOS XE devices, warns Australian government

 | 

China-linked UNC6384 exploits Windows zero-day to spy on European diplomats

 | 

Hacking

Pierluigi Paganini December 15, 2017
Lazarus APT Group targets a London cryptocurrency company

Security experts from Secureworks revealed the Lazarus APT group launched a spearphishing campaign against a London cryptocurrency company. The dreaded Lazarus APT group is back and launched a spearphishing campaign against a London cryptocurrency company to steal employee credentials. The activity of the Lazarus Group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks […]

Pierluigi Paganini December 15, 2017
The cybersecurity firm Fox-IT disclosed a security breach that affected its infrastructure

For Fox-IT disclosed a security breach that affected its infrastructure and demonstrated how to manage it in an outstanding way. The cybersecurity firm Fox-IT, one of the top security companies currently owned by the UK giant NCC Group, disclosed a security breach that affected its infrastructure. According to the firm, on September 19 an unknown attacker carried […]

Pierluigi Paganini December 14, 2017
New Triton malware detected in attacks against a Critical Infrastructure operator

Triton malware – A new strain of malware specifically designed to target industrial control systems (ICS) system has been spotted by researchers at FireEye A new strain of malware dubbed Triton specifically designed to target industrial control systems (ICS) has been spotted by researchers at FireEye. The Triton malware has been used in attacks aimed at an unnamed critical […]

Pierluigi Paganini December 14, 2017
FortiClient improper access control exposes users’ VPN credentials

FortiClient for Linux, Mac OSX and Windows stores encrypted VPN authentication credentials in improperly secured locations. Fortinet provided security updates for its next-generation endpoint protection FortiClient product that address a serious information disclosure vulnerability. The flaw, tracked as CVE-2017-14184, could be exploited by an attacker to obtain VPN authentication credentials. FortiClient is a powerful product that includes […]

Pierluigi Paganini December 14, 2017
Trump signed a bill prohibiting the use of Kaspersky Lab product and services

The US President Donald Trump signed a bill that bans the use of Kaspersky Lab products and services in federal agencies. Section 1634 of the bill prohibits the use of security software and services provided by security giant Kaspersky Lab, the ban will start from October 1, 2018. Below the details of the ban included in the section […]

Pierluigi Paganini December 14, 2017
Experts disclosed an unpatched zero-day vulnerability in the firmware of AT&T DirecTV WVB kit

Security researchers at Trend Micro have publicly disclosed an unpatched zero-day flaw in the firmware of AT&T DirecTV WVB kit after manufactured failed to patch it Security researchers at Trend Micro have discovered an unpatched zero-day vulnerability in the firmware of AT&T DirecTV WVB kit after the manufacturer failed to patch this flaw over the past few months. […]

Pierluigi Paganini December 14, 2017
US DoJ charges 3 Men with developing and running the Mirai Botnet

The US DoJ announced plea agreements for Paras Jha, Josiah White, and Dalton Norman, 21 for creating and operating the dreaded Mirai botnet. US authorities charge three men with developing and running the dreaded Mirai botnet that was involved in several massive DDoS attacks. According to documents released by the US Department of Justice (DOJ), the […]

Pierluigi Paganini December 13, 2017
ROBOT Attack: RSA TLS crypto attack worked against Facebook, PayPal, and tens of 100 top domains

ROBOT ATTACK – Security experts have discovered a 19-year-old flaw in the TLS network security protocol that affects many software worldwide. The security researchers Hanno Böck and Juraj Somorovsky of Ruhr-UniversitĂ€t Bochum/Hackmanit, and Craig Young of Tripwire VERT, have discovered a 19-year-old vulnerability in the TLS network security protocol in the software several tech giants […]

Pierluigi Paganini December 13, 2017
December Microsoft Patch Tuesday addresses 19 Critical browser issues

Microsoft released Patch Tuesday updates for December 2017 that address more than 30 vulnerabilities, including 19 Critical browser issues. Microsoft has released its Patch Tuesday updates for December 2017 that address more than 30 vulnerabilities, including 19 critical flaws affecting the Internet Explorer and Edge web browsers. Microsoft addressed several memory corruption flaws that can be exploited […]

Pierluigi Paganini December 12, 2017
Smart Shield Detector allows thieves to discover if the ATM is protected by anti-skimming technology

Crooks are now involving a small, battery-powered device dubbed Smart Shield Detector that is able to detect digital anti-skimming technology used by ATMs. ATM skimmers are widely adopted by crooks to steal payment card data, in the last months, experts observed an increase in the number of cyber attacks against ATM involving so-called ‘insert skimmers.’ In response, […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Cisco became aware of a new attack variant against Secure Firewall ASA and FTD devices

Security / November 06, 2025

Google sounds alarm on self-modifying AI malware

Malware / November 06, 2025

Alleged Russia-linked Curly COMrades exploit Windows Hyper-V to evade EDRs

Hacking / November 06, 2025

SonicWall blames state-sponsored hackers for September security breach

Security / November 05, 2025

U.S. sanctioned North Korea bankers for laundering funds linked to cyberattacks and peapons program

Laws and regulations / November 05, 2025