Pierluigi Paganini
January 30, 2022
A new hacking campaign, tracked as ‘OiVaVoii’, is targeting company executives with malicious OAuth apps. Researchers from Proofpoint have uncovered a new campaign named ‘OiVaVoii’ that is targeting company executives, former board members, Presidents and managers with bogus OAuth apps and cleverly-crafted lures sent from compromised Office 365 accounts. Microsoft has blocked many of the […]
Pierluigi Paganini
January 30, 2022
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the newsletter with the international press subscribe here. QNAP force-installs update against the recent wave of DeadBolt ransomware infections US FCC bans […]
Pierluigi Paganini
January 30, 2022
Microsoft has disclosed details of a large-scale phishing campaign using a novel device registration technique to target other enterprises. Microsoft has shared details of a large-scale phishing campaign that leverages stolen credentials to register devices on a target’s network to extend the attack to other enterprises. The attack exploits the concept of bring-your-own-device (BYOD) by […]
Pierluigi Paganini
January 28, 2022
The UK’s National Cyber Security Centre (NCSC) urges organizations to improve cybersecurity due to the risk of imminent destructive cyberattacks from Russia-linked APT groups. The UK’s National Cyber Security Centre (NCSC) is urging organizations to improve their cybersecurity posture due to the imminent risk of destructive cyber-attacks from Russian state-sponsored threat actors after recent attacks […]
Pierluigi Paganini
January 28, 2022
Finland Ministry for Foreign Affairs revealed that devices of Finnish diplomats have been infected with NSO Group’s Pegasus spyware. Finland’s Ministry for Foreign Affairs revealed that the devices of some Finnish diplomats have been compromised with the infamous NSO Group’s Pegasus spyware. The diplomats were targeted with the popular surveillance software as part of a […]
Pierluigi Paganini
January 28, 2022
Zero-day exploit broker Zerodium announced it will pay $400,000 for zero-day RCE in Microsoft Outlook email client. The zero-day exploit broker Zerodium has announced it will pay $400,000 for zero-day remote code execution (RCE) vulnerabilities in the Microsoft Outlook email client. The company pointed out that the increased payout for this specific vulnerability exploit is […]
Pierluigi Paganini
January 28, 2022
A researcher devised a technique to bypass a security feature of Microsoft Outlook and deliver a malicious link to the recipient. Reegun Richard Jayapaul, SpiderLabs lead threat architect at Trustwave, has devised a technique to bypass a security feature of Microsoft Outlook and deliver a malicious link to the recipient. While investigating a malware campaign, […]
Pierluigi Paganini
January 27, 2022
North Korea-linked Lazarus APT group uses Windows Update client to deliver malware on Windows systems. North Korea-linked Lazarus APT started using Windows Update to execute the malicious payload and GitHub as a command and control server in recent attacks, Malwarebytes researchers reported. The activity of the Lazarus APT group surged in 2014 and 2015, its members used […]
Pierluigi Paganini
January 27, 2022
Microsoft announced to have mitigated a record 3.47 Tbps distributed denial of service (DDoS) attack targeting an Azure customer. Microsoft announced that its Azure DDoS protection platform has mitigated a record 3.47 Tbps attack that targeted one of its customers with a packet rate of 340 million packets per second (pps). The news of the attack was reported in […]
Pierluigi Paganini
January 27, 2022
LockBit expands its operations by implementing a Linux version of LockBit ransomware that targets VMware ESXi servers. LockBit is the latest ransomware operation to add the support for Linux systems, experts spotted a new version that targets VMware ESXi virtual machines. The move aims at expanding the audience of potential targets, including all the organizations […]
