Pierluigi Paganini
November 03, 2022
TikTok updated its privacy policy for European Economic Area (“EEA”) and confirmed that its Chinese staff can access their users’ data. The short-form video-sharing service TikTok updated its privacy policy for European Economic Area (“EEA”), the UK, and Switzerland and confirmed that its users’ data can be accessed by its personnel, including Chinese employees. European user data […]
Pierluigi Paganini
November 03, 2022
Fortinet addressed 16 vulnerabilities in some of the company’s products, six flaws received a ‘high’ severity rate. One of the high-severity issues is a persistent XSS, tracked as CVE-2022-38374, in Log pages of FortiADC. The root cause of the issue is an improper neutralization of input during web page generation vulnerability [CWE-79] in FortiADC. A […]
Pierluigi Paganini
November 02, 2022
I’m deeply saddened by the absurd death of Vitali Kremez, he died during a scuba diving off the coast of Hollywood Beach in Florida Vitali Kremez (36), founder and CEO of AdvIntel, has been found dead after scuba diving off the coast of Hollywood Beach in Florida. Vitali Kremez had entered the water on October 30 […]
Pierluigi Paganini
November 02, 2022
Threat actors are using previously undocumented Android spyware, dubbed SandStrike, to spy on a Persian-speaking religion minority. In Q3 2022, Kaspersky researchers uncovered a previously undocumented Android spyware, dubbed SandStrike, employed in an espionage campaign targeting the Persian-speaking religion minority, Baháʼí. The threat actors were distributing a VPN app embedding a highly sophisticated spyware. The […]
Pierluigi Paganini
November 02, 2022
Dropbox disclosed a security breach, threat actors gained unauthorized access to 130 of its source code repositories on GitHub. File hosting service Dropbox announced that threat actors gained unauthorized access to 130 of its source code repositories on GitHub. According to the advisory published by Dropbox, the company was the target of a phishing campaign […]
Pierluigi Paganini
November 02, 2022
The OpenSSL project fixed two high-severity flaws in its cryptography library that can trigger a DoS condition or achieve remote code execution. The OpenSSL project has issued security updates to address a couple of high-severity vulnerabilities, tracked as CVE-2022-3602 and CVE-2022-3786, in its cryptography library. The flaws impact versions 3.0.0 through 3.0.6 of the library. The OpenSSL software […]
Pierluigi Paganini
November 01, 2022
The ransomware group LockBit 3.0 claimed to have stolen data from the French defence and technology group Thales. Thales is a global high-tech leader with more than 81,000 employees worldwide. The Group invests in digital and deep tech innovations – big data, artificial intelligence, connectivity, cybersecurity and quantum – to build a future of trust, […]
Pierluigi Paganini
November 01, 2022
Ransomware activity report: Threat actors are selling access to hundreds of organizations, with a cumulative requested price of around $4M. Research published by threat intelligence firm KELA related to ransomware activity in Q3 reveals a stable activity in the sector of initial access sales, but experts observed a rise in the value of the offerings. […]
Pierluigi Paganini
November 01, 2022
A security flaw in the Galaxy Store app for Samsung devices could have potentially allowed remote command execution on affected phones. A now-patched vulnerability in the Galaxy Store app for Samsung devices could have potentially triggered remote command execution on affected phones. The flaw is a cross-site scripting (XSS) bug that can be triggered when […]
Pierluigi Paganini
October 31, 2022
VMware warned of the availability of a public exploit for a recently addressed critical remote code execution flaw in NSX Data Center for vSphere (NSX-V). VMware warned of the existence of a public exploit targeting a recently addressed critical remote code execution (RCE) vulnerability, tracked as CVE-2021-39144 (CVSS score of 9.8), in NSX Data Center for […]
