Pierluigi Paganini
March 29, 2020
In this post, I decided to share the details of the Coronavirus-themed attacks launched from March 22 to March 28, 2020. Threat actors exploit the interest in the COVID19 outbreak while infections increase worldwide, experts are observing new campaigns on a daily bases. Below a list of attacks detected this week. March 23 – COVID19-themed […]
Pierluigi Paganini
March 29, 2020
A new round of the weekly newsletter arrived! The best news of the week with Security Affairs Coronavirus-themed attacks March 15 – March 21, 2020 Google addresses high severity bugs in Chrome Keepnet Labs accidentally exposed an unprotected database with 5 Billion previously leaked records Security firm accidentally exposed an unprotected database with 5 Billion […]
Pierluigi Paganini
March 29, 2020
The FIN7 APT group has been targeting businesses with malicious USB drives and Teddy Bears sent to the victims, the FBI warns. The FBI is warning of a new wave of attacks carried out by the FIN7 APT group that is sending to the victims devices acting as a keyboard (HID Emulator USB) when plugged […]
Pierluigi Paganini
March 28, 2020
Experts discovered an easily exploitable heap-based buffer overflow flaw, tracked as CVE-2020-10245, that exists in the CODESYS web server. A critical heap-based buffer overflow flaw in a web server for the CODESYS automation software for engineering control systems could be exploited by a remote, unauthenticated attacker to crash a server or execute arbitrary code. CODESYS […]
Pierluigi Paganini
March 28, 2020
Experts from Qihoo 360’s NetLab recently spotted two zero-day campaigns targeting DrayTek enterprise-grade networking devices. Since December 2019, researchers from Qihoo 360 observed two different attack groups that are employing two zero-days exploits to take over DrayTek enterprise routers to eavesdrop on FTP and email traffic inside corporate networks. While Netlab360 has found about ~100,000 devices […]
Pierluigi Paganini
March 28, 2020
AMD admitted that a hacker has stolen files related to some of its graphics products, but it downplayed the potential impact of the hack. AMD admitted that a hacker that goes online with the moniker “Palesa” has stolen source code files related to some of its graphics products, but it downplayed the potential impact of […]
Pierluigi Paganini
March 27, 2020
ACROS Security’s 0patch service released unofficial patches for two Windows flaws actively exploited by attackers in the wild. ACROS Security’s 0patch service released unofficial patches for two Windows vulnerabilities actively exploited by attackers in the wild, both issues have yet to be fixed by Microsoft. A few days ago, Microsoft warned of hackers actively exploiting […]
Pierluigi Paganini
March 27, 2020
Researchers warn of a security flaw recently addressed in the WPvivid Backup Plugin that could be exploited to obtain all files of a WordPress website. WebARXÂ experts warn of a missing authorization check recently addressed in the WPvivid Backup Plugin that could be exploited to obtain all files of a WordPress website. “There is a missing […]
Pierluigi Paganini
March 27, 2020
Researchers at Group-IB observed new financially motivated attacks in Western Europe traced to Russian-speaking threat actors. Group-IB, a Singapore-based cybersecurity company that specializes in preventing cyberattacks, has detected successful attacks in Western Europe carried out in late January 2020 traced to Russian-speaking threat actors. At least two companies operating in pharmaceutical and manufacturing sectors have […]
Pierluigi Paganini
March 27, 2020
Operators behind the Ryuk Ransomware continue to target hospitals even as these organizations are involved in the fight against the Coronavirus pandemic. The threat actors behind the infamous Ryuk Ransomware continue to target hospitals, even as they are involved in containing the Coronavirus outbreak. The decision of the operators is not aligned with principal ransomware […]
