information security news Archives - Page 442 of 808

Pierluigi Paganini December 31, 2021

Multiple flaws in Netgear Nighthawk R6700v3 router are still unpatched

Researchers discovered multiple high-risk vulnerabilities affecting the latest firmware version for the Netgear Nighthawk R6700v3 router. Researchers from Tenable have discovered multiple vulnerabilities in the latest firmware version (version 1.0.4.120) of the popular Netgear Nighthawk R6700v3 WiFi router. An attacker can trigger the vulnerabilities to take full control of the vulnerable devices. Below is the […]

Pierluigi Paganini December 31, 2021

How to implant a malware in hidden area of SSDs with Flex Capacity feature

Researchers devised a series of attacks against SSDs that could allow to implant malware in a location that is not monitored by security solutions. Korean researchers devised a series of attacks against solid-state drives (SSDs) that could allow to implant malware in specific memory locations bypassing security solutions. The attacks work against drives with flex […]

Pierluigi Paganini December 30, 2021

Flaws in DataVault encryption software impact multiple storage devices

Researchers found several vulnerabilities in third-party encryption software that is used by multiple storage devices from major vendors. Researcher Sylvain Pelissier has discovered that the DataVault encryption software made by ENC Security and used by multiple vendors is affected by a couple of key derivation function issues. An attacker can exploit the flaws to obtain […]

Pierluigi Paganini December 30, 2021

New iLOBleed Rootkit, the first time ever that malware targets iLO firmware

A previously unknown rootkit, dubbed iLOBleed, was used in attacks aimed at HP Enterprise servers that wiped data off the infected systems. iLOBleed, is a previously undetected rootkit that was spotted targeting the HP Enterprise’s Integrated Lights-Out (iLO) server management technology to tamper with the firmware modules and wipe data off the infected systems. The […]

Pierluigi Paganini December 30, 2021

AvosLocker ransomware gang releases a free decryptor after an affiliate hit US gov agency

The AvosLocker ransomware operators released a free decryptor after they accidentally encrypted the system of US Government entity. The AvosLocker ransomware operation provided a free decryptor after they encrypted the systems of a US government agency. According to BleepingComputer, the gang hit a police department but fearing the reaction of US law enforcement opted to […]

Pierluigi Paganini December 30, 2021

China-linked APT group Aquatic Panda leverages Log4Shell in recent attack

China-linked APT group Aquatic Panda is exploiting the Log4Shell vulnerability to compromise a large academic institution. China-linked cyberespionage group Aquatic Panda was spotted exploiting the Log4Shell vulnerability (CVE 2021-44228) in an attack aimed at a large academic institution. According to the Crowdstrike OverWatch team, the APT group is using a modified version of the Log4j […]

Pierluigi Paganini December 29, 2021

T-Mobile suffered a new data breach

T-Mobile discloses a new data breach that impacted a “very small number of customers” who were victim of SIM swap attacks. T-Mobile has suffered another security breach, threat actors gained access to the accounts of “a small number of” customers.’ According to The T-Mo Report, which viewed T-Mobile internal documents, there was “unauthorized activity” on […]

Pierluigi Paganini December 29, 2021

Apache Log4j 2.17.1 fixes new remote code execution flaw (CVE-2021-44832)

The Apache Software Foundation released Log4j 2.17.1 version to address recently discovered arbitrary code execution flaw tracked as CVE-2021-44832. The Apache Software Foundation released Log4j 2.17.1 version to address a recently discovered arbitrary code execution flaw, tracked as CVE-2021-44832, affecting Log4j 2.17.0. CVE-2021-44832 is the fifth vulnerability discovered in the popular library in the last […]

Pierluigi Paganini December 29, 2021

A cyber attack against Norwegian Media firm Amedia blocked newspaper publishing

A cyber attack hit Norwegian media company Amedia on Tuesday and forced it to shut down multiple systems. Amedia, one of the largest media companies in Norway, was hit by a “serious” cyber attack and was forced to shut down its computer systems. The company is whole or partial owner of 50 local and regional newspaper with online […]

Pierluigi Paganini December 29, 2021

China-linked BlackTech APT uses new Flagpro malware in recent attacks

China-linked BlackTech cyberespionage group was targeting Japanese companies using new malware tracked as ‘Flagpro’. Researchers from NTT Security reported that China-linked BlackTech cyberespionage group targeted Japanese companies using new malware tracked as ‘Flagpro’. Attacks using Flagpro targeted multiple companies in Defense, Media, and Communications industries several times. According to a report by NTT Security, Flagpro has […]