MUST READ

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 76

 | 

Security Affairs newsletter Round 555 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

ATM Jackpotting ring busted: 54 indicted by DoJ

 | 

U.S. CISA adds a flaw in WatchGuard Fireware OS to its Known Exploited Vulnerabilities catalog

 | 

Russia was behind a destructive cyber attack on a water utility in 2024, Denmark says

 | 

CLOP targets Gladinet CentreStack servers in large-scale extortion campaign

 | 

ASRock, ASUS, GIGABYTE, MSI Boards vulnerable to pre-boot memory attacks

 | 

China-linked APT UAT-9686 is targeting Cisco Secure Email Gateway and Secure Email and Web Manager

 | 

Hewlett Packard Enterprise (HPE) fixed maximum severity OneView flaw

 | 

DIG AI: Uncensored Darknet AI Assistant at the Service of Criminals and Terrorists

 | 

U.S. CISA adds Cisco, SonicWall, and ASUS flaws to its Known Exploited Vulnerabilities catalog

 | 

GhostPairing campaign abuses WhatsApp device linking to hijack accounts

 | 

SonicWall warns of actively exploited flaw in SMA 100 AMC

 | 

GNV ferry Fantastic under cyberattack probe amid remote hijack fears

 | 

Askul data breach exposed over 700,000 records after ransomware attack

 | 

Russian state hackers targeted Western critical infrastructure for years, Amazon says

 | 

U.S. CISA adds a flaw in multiple Fortinet products to its Known Exploited Vulnerabilities catalog

 | 

A cyber attack hit Petróleos de Venezuela (PDVSA) disrupting export operations

 | 

Hackers are exploiting critical Fortinet flaws days after patch release

 | 

Pornhub targeted in extortion attempt following Mixpanel breach exposing user activity

 | 

Pierluigi Paganini

Pierluigi Paganini June 09, 2018
Cisco removed hardcoded credentials in WAAS software. Undocumented accounts are a frequent issue

Cisco has removed hardcoded credentials that were in Cisco Wide Area Application Services (WAAS), which is a software designed to optimize WAN traffic management. The hardcoded credentials (CVE-2018-0329) resides in the read-only SNMP community string in the configuration file of the SNMP daemon, they could be exploited by attackers to read any data that is accessible via […]

Pierluigi Paganini June 09, 2018
Trend Micro spotted a new variant of KillDisk wiper in Latin America

In May, experts at Trend Micro observed a new sample of KillDisk in Latin America, the malware infected the systems of a bank. A new piece of the KillDisk wiper was observed spotted earlier this year targeting financial organizations in Latin America, Trend Micro reports. The destructive malware was involved in the attacks against Ukraine’s […]

Pierluigi Paganini June 08, 2018
Cisco patches a critical vulnerability in Prime Collaboration Provisioning solution

Cisco fixed several flaws in the Prime Collaboration Provisioning product that allows customers to manage their communications services. Cisco released security patches to address severe vulnerabilities in Prime Collaboration Provisioning (PCP) solution, one of the issues was rated as critical. The vulnerabilities have been found by Cisco during internal security testing and there is no […]

Pierluigi Paganini June 08, 2018
DMOSK Malware Targeting Italian Companies

The security expert and malware researcher Marco Ramilli published a detailed analysis on a new strain of malware dubbed DMOSK that targets Italian firms, Today I’d like to share another interesting analysis made by my colleagues and I. It would be a nice and interesting analysis since it targeted many Italian and European companies. Fortunately, the […]

Pierluigi Paganini June 08, 2018
Multiple models of IP-based cameras from Chinese firm Foscam could be easily hacked. Update the firmware now!

A security vulnerability was discovered in webcams, IP surveillance cameras and also baby monitors manufactured by the Chinese firm Foscam. The Chinese firm Foscam has released firmware updates to address three vulnerabilities in multiple models of IP-based cameras that could be exploited to take control of vulnerable cameras exposed online. The following flaws were reported by the […]

Pierluigi Paganini June 08, 2018
Facebook confirms privacy settings glitch in a new feature exposed private posts of 14 Million users

Facebook admitted that a bug affecting its platform caused the change of the settings of some 14 million users, potentially exposing their private posts to the public. This is the worst period in the history of the social network giant that was involved in the Cambridge Analytica privacy scandal that affected at least 87 Million users. “We […]

Pierluigi Paganini June 07, 2018
Russia-linked Sofacy APT group adopts new tactics and tools in last campaign

Sofacy APT group (APT28, Pawn Storm, Fancy Bear, Sednit, Tsar Team, and Strontium) continues to operate and thanks to rapid and continuously changes of tactics the hackers are able to remain under the radar. According to experts from Palo Alto Networks, the hackers also used new tools in recent attacks, recently the APT group has shifted focus in their interest, from NATO member […]

Pierluigi Paganini June 07, 2018
Adobe fixed the CVE-2018-5002 Flash Zero-Day exploited in targeted attacks in the Middle East

Adobe has recently fixed several vulnerabilities, including the CVE-2018-5002 Flash Zero-Day exploited in targeted attacks in the Middle East Adobe has released security updates for Flash Player that address four vulnerabilities, including a critical issue (CVE-2018-5002) that has been exploited in targeted attacks mainly aimed at entities in the Middle East. The CVE-2018-5002 vulnerability, reported by researchers at […]

Pierluigi Paganini June 07, 2018
VPNFilter malware now targets new devices, even behind a firewall

The VPNFilter botnet now targeting new devices from other vendors, including ASUS, D-Link, Huawei, Ubiquiti, UPVEL, and ZTE. The VPNFilter botnet is worse than initially thought, according to a new report published by Cisco Talos Intelligence group, the malicious code is now targeting ASUS, D-Link, Huawei, Ubiquiti, UPVEL, and ZTE “First, we have determined that additional devices are […]

Pierluigi Paganini June 07, 2018
Prowli Operation – Crooks already compromised over 40,000 servers and IoT Devices

Crooks have infected over 40,000 web servers, modems, and other IoT devices with the Prowli malware as part of a cryptocurrency mining campaign and to redirect victims to malicious sites. The Prowli malware was spotted by researchers at GuardiCore, attackers composed the huge botnet by exploiting known vulnerabilities and brute-force attacks. This campaign, dubbed Operation Prowli, […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 76

Malware / December 21, 2025

Security Affairs newsletter Round 555 by Pierluigi Paganini – INTERNATIONAL EDITION

Breaking News / December 21, 2025

Massive Android botnet Kimwolf infects millions, strikes with DDoS

Malware / December 21, 2025

ATM Jackpotting ring busted: 54 indicted by DoJ

Cyber Crime / December 20, 2025

U.S. CISA adds a flaw in WatchGuard Fireware OS to its Known Exploited Vulnerabilities catalog

Hacking / December 20, 2025