Pierluigi Paganini Archives - Page 410 of 1046

Pierluigi Paganini April 02, 2022

UK Police charges two teenagers for their alleged role in the Lapsus$ extortion group

The City of London Police charged two of the seven teenagers who were arrested for their alleged role in the LAPSUS$ data extortion gang. The duo has been released on bail after appearing in the Highbury Corner Magistrates Court court on Friday. The City of London Police charged two of the seven teenagers recently arrested […]

Pierluigi Paganini April 02, 2022

Beastmode Mirai botnet now includes exploits for Totolink routers

Operators behind the Mirai-based distributed denial-of-service (DDoS) botnet Beastmode (aka B3astmode) added exploits for Totolink routers. The Mirai-based distributed denial-of-service (DDoS) botnet Beastmode (aka B3astmode) now includes exploits for Totolink routers. Like most DDOS botnets, Beastmode attempt to infect other devices by launching brute-forcing attacks or exploiting multiple vulnerabilities. Between February and March 2022, researchers from the FortiGuard Labs […]

Pierluigi Paganini April 02, 2022

Critical CVE-2022-1162 flaw in GitLab allowed threat actors to take over accounts

GitLab has addressed a critical vulnerability, tracked as CVE-2022-1162 (CVSS score of 9.1), that could allow remote attackers to take over user accounts. The CVE-2022-1162 vulnerability is related to the set of hardcoded static passwords during OmniAuth-based registration in GitLab CE/EE. “A hardcoded password was set for accounts registered using an OmniAuth provider (e.g. OAuth, LDAP, […]

Pierluigi Paganini April 02, 2022

Trend Micro fixed high severity flaw in Apex Central product management console

Trend Micro has fixed a high severity arbitrary file upload flaw, tracked as CVE-2022-26871, in the Apex Central product management console. Cybersecurity firm Trend Micro has addressed a high severity security flaw, tracked as CVE-2022-26871, in the Apex Central product management console. The CVE-2022-26871 vulnerability is an arbitrary file upload issue, its exploitation could lead […]

Pierluigi Paganini April 01, 2022

Anonymous targets oligarchs’ Russian businesses: Marathon Group hacked

Anonymous continues its operations against Russia, the group announced the hack of the Russian investment firm Marathon Group. Anonymous continues to target Russian firms owned by oligarchs, yesterday the collective announced the hack of the Thozis Corp, while today the group claimed the hack of Marathon Group. The Marathon Group is a Russian investment firm […]

Pierluigi Paganini April 01, 2022

AcidRain, a wiper that crippled routers and modems in Europe

Researchers spotted a new destructive wiper, tracked as AcidRain, that is likely linked to the recent attack against Viasat. Security researchers at SentinelLabs have spotted a previously undetected destructive wiper, tracked as AcidRain, that hit routers and modems and that was suspected to be linked to the Viasat KA-SAT attack that took place on February […]

Pierluigi Paganini April 01, 2022

CISA adds Sophos firewall bug to Known Exploited Vulnerabilities Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical Sophos firewall flaw and seven other issues to its Known Exploited Vulnerabilities Catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the recently disclosed CVE-2022-1040 flaw in the Sophos firewall, along with seven other issues, to its Known Exploited Vulnerabilities Catalog. According to Binding Operational […]

Pierluigi Paganini April 01, 2022

Flaws in Wyze cam devices allow their complete takeover

Wyze Cam devices are affected by three security vulnerabilities that can allow attackers to takeover them and access camera feeds. Bitdefender researchers discovered three security vulnerabilities in the popular Wyze Cam devices that can be exploited by threat actors to execute arbitrary code and access camera feeds. The three flaws reported by the cybersecurity firm […]

Pierluigi Paganini March 31, 2022

Apple issues emergency patches to fix actively exploited zero-days

Apple released emergency patches to address two zero-day vulnerabilities actively exploited to compromise iPhones, iPads, and Macs. Apple has released emergency security patches to address two zero-day vulnerabilities actively exploited to hack iPhones, iPads, and Macs. The first zero-day, tracked as CVE-2022-22674, is an out-of-bounds read issue that resides in the Intel Graphics Driver that could […]

Pierluigi Paganini March 31, 2022

Google TAG details cyber activity with regard to the invasion of Ukraine

The Google TAG uses uncovered phishing attacks targeting Eastern European and NATO countries, including Ukraine. The Google Threat Analysis Group (TAG) provided an update about nation-state attacks related ongoing Russian invasion of Ukraine, the experts spotted phishing and malware attacks targeting Eastern European and NATO countries, including Ukraine The researchers uncovered a phishing campaign conducted by a […]