Pierluigi Paganini
April 23, 2023
Non-profit health insurer Point32Health suffered a ransomware attack and has taken systems offline in response to the incident. Non-profit health insurer Point32Health has taken systems offline in response to a ransomware attack that took place on April 17. The insurer immediately launched an investigation into the incident with the help of third-party cybersecurity experts to […]
Pierluigi Paganini
April 23, 2023
Experts warn of a large-scale cryptocurrency mining campaign exploiting Kubernetes (K8s) Role-Based Access Control (RBAC). Cloud security firm Aqua discovered a large-scale cryptocurrency mining campaign exploiting Kubernetes (K8s) Role-Based Access Control (RBAC) to create backdoors and run miners. The campaign was tracked as RBAC Buster, the experts reported that the attacks are actively targeting at […]
Pierluigi Paganini
April 23, 2023
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Abandoned Eval PHP WordPress plugin abused to backdoor websites CISA adds MinIO, PaperCut, and Chrome bugs […]
Pierluigi Paganini
April 22, 2023
Threat actors were observed installing the abandoned Eval PHP plugin on compromised WordPress sites for backdoor deployment. Researchers from Sucuri warned that threat actors are installing the abandoned Eval PHP plugin on compromised WordPress sites for backdoor deployment. The Eval PHP plugin allows PHP code to be inserted into the pages and posts of WordPress […]
Pierluigi Paganini
April 22, 2023
North Korea-linked APT group behind the 3CX supply chain attack also broke into two critical infrastructure organizations in the energy sector. Symantec researchers reported that the campaign conducted by North Korea-linked threat actors that included the 3CX supply chain attack also hit two critical infrastructure organizations in the energy sector. “The X_Trader software supply chain […]
Pierluigi Paganini
April 21, 2023
The American Bar Association (ABA) disclosed a data breach, threat actors gained access to older credentials for 1,466,000 members. The American Bar Association (ABA) is a voluntary bar association of lawyers and law students; it is not specific to any jurisdiction in the United States. The ABA has 166,000 members as of 2022. The attackers may have […]
Pierluigi Paganini
April 21, 2023
Pro-Russia hackers KillNet launched a massive DDoS attack against Europe’s air-traffic agency EUROCONTROL. Europe’s air-traffic control agency EUROCONTROL announced that it was under attack from pro-Russian hackers. The European Organisation for the Safety of Air Navigation pointed out that the attack had no impact on European air traffic control activities. “Since 19 April, the EUROCONTROL […]
Pierluigi Paganini
April 20, 2023
ICICI Bank leaked millions of records with sensitive data, including financial information and personal documents of the bank’s clients. In 2022, the ICICI Bank’s resources were named a “critical information infrastructure” by the Indian government – any harm to it can impact national security. However, despite the critical status of bank infrastructure on the national […]
Pierluigi Paganini
April 20, 2023
VMware fixed two severe flaws, tracked as CVE-2023-20864 and CVE-2023-20865, impacting the VMware Aria Operations for Logs product. The virtualization giant VMware released security updates to address two critical vulnerabilities, tracked as CVE-2023-20864 and CVE-2023-20865, impacting the VMware Aria Operations for Logs product (formerly vRealize Log Insight). The vulnerability CVE-2023-20864 (CVSSv3 base score of 9.8) […]
Pierluigi Paganini
April 20, 2023
North Korea-linked APT group Lazarus employed new Linux malware in attacks that are part of Operation Dream Job. North Korea-linked APT group Lazarus is behind a new campaign tracked as Operation DreamJob (aka DeathNote or NukeSped) that employed Linux malware. The threat actors were observed using social engineering techniques to compromise its targets, with fake job offers […]
Uncategorized / February 13, 2026
