Pierluigi Paganini
January 31, 2022
Samba fixes a critical flaw, tracked as CVE-2021-44142, that can allow remote attackers to execute code with root privileges. Samba has addressed a critical vulnerability, tracked as CVE-2021-44142, that can be exploited by remote attackers to gain code execution with root privileges on servers running vulnerable software. Samba is a free software re-implementation of the SMB networking […]
Pierluigi Paganini
January 31, 2022
The US CISA added eight more flaws to its Known Exploited Vulnerabilities Catalog that are known to be used in attacks in the wild. The US Cybersecurity & Infrastructure Security Agency (CISA) has added eight more flaws to the Known Exploited Vulnerabilities Catalog. The ‘Known Exploited Vulnerabilities Catalog‘ is a list of known vulnerabilities that […]
Pierluigi Paganini
January 31, 2022
A hacking campaign, tracked as Eternal Silence, is abusing UPnP to compromise routers and use them to carry out malicious activities. Researchers from Akamai have spotted a malicious campaign, tracked as ‘Eternal Silence,’ that is abusing Universal Plug and Play (UPnP) to turn routers into a proxy server used to carry out a broad range […]
Pierluigi Paganini
January 31, 2022
Threat actors stole $80M worth of cryptocurrency from the Qubit DeFi platform by exploiting a flaw in the smart contract code used in an Ethereum bridge. The DeFi platform Qubit Finance was victim of a cyber heist, threat actors stole around $80 million in cryptocurrency last week. The hack took place at around 5PM ET […]
Pierluigi Paganini
January 31, 2022
The administrator of the DeepDotWeb (DDW) has received a sentence of 97 months in prison for money laundering. Tal Prihar (37), an Israeli national who operated DeepDotWeb (DDW), was sentenced to 97 months in prison and was ordered to forfeit $8,414,173. DeepDotWeb (DDW) was a website that connected internet users with Darknet marketplaces, where they […]
Pierluigi Paganini
January 31, 2022
Apple paid +$100K bounty for a macOS series of flaws that can allow threat actors to take over the microphone and camera. Apple last year addressed multiple macOS vulnerabilities discovered by the security researcher Ryan Pickren in the Safari browser that could allow threat actors to access users’ online accounts, microphone, and webcam. Pickren received […]
Pierluigi Paganini
January 30, 2022
A new hacking campaign, tracked as ‘OiVaVoii’, is targeting company executives with malicious OAuth apps. Researchers from Proofpoint have uncovered a new campaign named ‘OiVaVoii’ that is targeting company executives, former board members, Presidents and managers with bogus OAuth apps and cleverly-crafted lures sent from compromised Office 365 accounts. Microsoft has blocked many of the […]
Pierluigi Paganini
January 30, 2022
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here. QNAP force-installs update against the recent wave of DeadBolt ransomware infections US FCC bans […]
Pierluigi Paganini
January 30, 2022
Microsoft has disclosed details of a large-scale phishing campaign using a novel device registration technique to target other enterprises. Microsoft has shared details of a large-scale phishing campaign that leverages stolen credentials to register devices on a target’s network to extend the attack to other enterprises. The attack exploits the concept of bring-your-own-device (BYOD) by […]
Pierluigi Paganini
January 28, 2022
The UK’s National Cyber Security Centre (NCSC) urges organizations to improve cybersecurity due to the risk of imminent destructive cyberattacks from Russia-linked APT groups. The UK’s National Cyber Security Centre (NCSC) is urging organizations to improve their cybersecurity posture due to the imminent risk of destructive cyber-attacks from Russian state-sponsored threat actors after recent attacks […]
