Pierluigi Paganini
August 08, 2023
Experts found 43 Android apps in Google Play with 2.5 million installs that displayed advertisements while a phone’s screen was off. Recently, researchers from McAfee’s Mobile Research Team discovered 43 Android apps in Google Play with 2.5 million installs that loaded advertisements while a phone’s screen was off. The experts pointed out that this behavior […]
Pierluigi Paganini
August 07, 2023
A new campaign targets Redis servers, this time the malware employed in the attacks is a new variant of the SkidMap malware. Skidmap is a piece of crypto-miner detected by Trend Micro in September 2019 while it was targeting Linux machines. The malicious code used kernel-mode rootkits to evade detection, it differs from similar miners because […]
Pierluigi Paganini
August 06, 2023
The Colorado Department of Higher Education (CDHE) finally disclosed a data breach impacting students, past students, and teachers after the June attack. In June a ransomware attack hit the Colorado Department of Higher Education (CDHE), now the organization disclosed a data breach. CDHE did not disclose the number of impacted individuals. CDHE discovered the ransomware […]
Pierluigi Paganini
August 06, 2023
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Reptile Rootkit employed in attacks against Linux systems in South Korea New PaperCut flaw in […]
Pierluigi Paganini
August 05, 2023
Researchers observed threat actors that are using an open-source rootkit called Reptile in attacks aimed at systems in South Korea. Reptile is an open-source kernel module rootkit that was designed to target Linux systems, unlike other rootkits, it also offers a reverse shell. The malware supports port knocking, it opens a specific port on an infected system […]
Pierluigi Paganini
August 04, 2023
Researchers discovered a new set of malicious packages on the npm package manager that can exfiltrate sensitive developer data. On July 31, 2023, Phylum researchers observed the publication of ten different “test” packages on the npm package manager that were developed to exfiltrate sensitive developer source code and other confidential information. All of these packages […]
Pierluigi Paganini
August 04, 2023
Threat actors rely on the ‘versioning’ technique to evade malware detections of malicious code uploaded to the Google Play Store. Google Cybersecurity Action Team (GCAT) revealed that threat actors are using a technique called versioning to evade malware detection implemented to detect malicious code uploaded to the Google Play Store. The technique is not new […]
Pierluigi Paganini
August 02, 2023
Researchers warn that hundreds of Citrix servers have been hacked in an ongoing campaign exploiting the RCE CVE-2023-3519. Security researchers from the non-profit organization Shadowserver Foundation reported that hundreds of Citrix Netscaler ADC and Gateway servers have already been compromised as part of an ongoing campaign exploiting the critical remote code execution (RCE) vulnerability CVE-2023-3519. […]
Pierluigi Paganini
August 01, 2023
Researchers spotted a Python variant of the NodeStealer that was designed to take over Facebook business accounts and cryptocurrency wallets. Palo Alto Network Unit 42 discovered a previously unreported phishing campaign that distributed a Python variant of the NodeStealer. The malicious code was designed to take over Facebook business accounts and steal funds from cryptocurrency wallets. Since December […]
Pierluigi Paganini
August 01, 2023
The US government believes that China has deployed malware in key US power and communications networks that can be activated in case of a conflict. American intelligence officials believe China has implanted malware in key US power and communications networks that can be used in case of conflict, reported The New York Times. The US […]
