Pierluigi Paganini
June 30, 2023
A critical authentication bypass flaw in miniOrange’s WordPress Social Login and Register plugin, can allow gaining access to any account on a site. Wordfence researchers discovered an authentication bypass vulnerability in miniOrange’s WordPress Social Login and Register plugin, that can allow an unauthenticated attacker to gain access to any account on a site by knowing the associated email […]
Pierluigi Paganini
June 29, 2023
A new Windows information stealer dubbed ThirdEye appeared in the threat landscape, it has been active since April. Fortinet FortiGuard Labs discovered a previously undetected information stealer named ThirdEye. The malicious code is not sophisticated and can allow operators to steal various information from the infected machines. Fortinet started investigating the threat after the discovery of an […]
Pierluigi Paganini
June 29, 2023
The former head of network security at Group-IB has been arrested in Kazakhstan based on a request from U.S. law enforcement. Nikita Kislitsin who worked as the head of network security at Group-IB, as well as its Russian-based spinoff company (known as F.A.C.C.T.), has been arrested in Kazahstan based on a request from the U.S. […]
Pierluigi Paganini
June 28, 2023
Electromagnetic fault injection (EMFI) attacks on drones can potentially allow attackers to achieve arbitrary code execution and take over them. While the use of drones continues to grow, researchers from IOActive analyzed how to develop fault injection attacks against hardened Unmanned Aerial Vehicles (UAVs). The experts focused on achieving code execution on a commercially available […]
Pierluigi Paganini
June 28, 2023
SQL injection vulnerabilities in Gentoo Soko could lead to remote code execution (RCE) on impacted systems. SonarSource researchers discovered two SQL injection vulnerabilities in Gentoo Soko, collectively tracked as CVE-2023-28424 (CVSS score: 9.1) [1],[2], that can be exploited by a remote attacker to execute arbitrary code on vulnerable systems. “The two package search handlers, Search […]
Pierluigi Paganini
June 27, 2023
Mockingjay is a new process injection technique that can be exploited to bypass security solutions to execute malware on compromised systems. A new process injection technique dubbed Mockingjay can be exploited by attackers to bypass security controls and gain unauthorized access to compromised systems. The term process injection is used to refer to a method […]
Pierluigi Paganini
June 27, 2023
Researchers at Censys have identified hundreds of devices deployed within federal networks that have internet-exposed management interfaces. Researchers at Censys have analyzed the attack surfaces of more than 50 Federal Civilian Executive Branch (FCEB) organizations and sub-organizations and discovered more than 13,000 distinct hosts across 100 autonomous systems. The experts focused on roughly 1,300 of […]
Pierluigi Paganini
June 27, 2023
Clop ransomware group added five new victims of MOVEit attacks to its dark web leak site, including Schneider Electric and Siemens Energy. The Clop ransomware group added five new victims of MOVEit attacks to its dark web leak site, including the industrial giants Schneider Electric and Siemens Energy. Both Schneider Electric and Siemens Energy provide […]
Pierluigi Paganini
June 27, 2023
An unnamed Japanese cryptocurrency exchange was the victim of a cyber attack aimed at deploying an Apple macOS backdoor named JokerSpy. Elastic Security Labs researchers provided details about a recently discovered intrusion at an unnamed cryptocurrency exchange, aimed at deploying an Apple macOS backdoor named JokerSpy. The researchers tracked the intrusion as REF9134, the threat […]
Pierluigi Paganini
June 26, 2023
Milomir Desnica, a citizen of Croatia and Serbia, has been charged with running the Monopoly Market drug darknet marketplace. Milomir Desnica (33), a citizen of Croatia and Serbia, has been extradited from Austria to the United States to face charges of running the darknet drug marketplace Monopoly Market. According to the indictment, in late 2019, […]
