Pierluigi Paganini
July 03, 2022
Jenkins security team disclosed tens of flaws affecting 29 plugins for the Jenkins automation server, most of them are yet to be patched. Jenkins is the most popular open-source automation server, it is maintained by CloudBees and the Jenkins community. The automation server supports developers build, test and deploy their applications, it has hundreds of thousands […]
Pierluigi Paganini
July 03, 2022
Microsoft announced that the Windows worm Raspberry Robin has already infected the networks of hundreds of organizations. Raspberry Robin is a Windows worm discovered by cybersecurity researchers from Red Canary, the malware propagates through removable USB devices. The malicious code uses Windows Installer to reach out to QNAP-associated domains and download a malicious DLL. The […]
Pierluigi Paganini
July 03, 2022
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs for free in your email box. The role of Social Media in modern society – Social Media Day 22 interview Experts shared PoC exploit code for RCE in Zoho ManageEngine ADAudit Plus tool A ransomware attack […]
Pierluigi Paganini
July 03, 2022
Google Project Zero states that in H1 2022 at least half of zero-day issues exploited in attacks were related to not properly fixed old flaws. Google Project Zero researcher Maddie Stone published a blog post that resumes her speech at the FIRST conference in June 2022, the presentation is titled “0-day In-the-Wild Exploitation in 2022…so […]
Pierluigi Paganini
July 02, 2022
This is a transcription of an interview I had at Iran International broadcaster, I discussed about the role of social media in modern society. What’s the Middle East government’s role on Cyber bullying towards opposition activists? Middle East governments play a crucial role in cyberbullying against the opposition. Several independent organizations for the protection of […]
Pierluigi Paganini
July 02, 2022
Researchers shared technical details and proof-of-concept exploit code for the CVE-2022-28219 flaw in Zoho ManageEngine ADAudit Plus tool. Security researchers from Horizon3.ai have published technical details and proof-of-concept exploit code for a critical vulnerability, tracked as CVE-2022-28219 (CVSS 9.8 out of 10), in the Zoho ManageEngine ADAudit Plus tool. The tool allows monitoring activities of […]
Pierluigi Paganini
July 02, 2022
A cyber attack forced the American publishing giant Macmillan to shut down its IT systems. The publishing giant Macmillan has been hit by a cyberattack that forced the company to shut down its IT infrastructure to prevent the threat from spreading within its network. The company spokesman Erin Coffey told different media outlets that attackers have encrypted […]
Pierluigi Paganini
July 01, 2022
Researchers warn of a new ‘SessionManager’ Backdoor that was employed in attacks targeting Microsoft IIS Servers since March 2021. Researchers from Kaspersky Lab have discovered a new ‘SessionManager’ Backdoor that was employed in attacks targeting Microsoft IIS Servers since March 2021. “In early 2022, we investigated one such IIS backdoor: SessionManager. In late April 2022, […]
Pierluigi Paganini
July 01, 2022
Norway’s National Security Authority (NSM) confirmed that a DDoS attack took down some of the country’s most important websites. Norway’s National Security Authority (NSM) confirmed that some of the country’s most important websites and online services were taken down by a massive DDoS attack conducted by a pro-Russian group. NSM did not explicitly attribute the […]
Pierluigi Paganini
June 30, 2022
Good news for the victims of the Hive ransomware, Korean security researchers have released a free decryptor for some versions. Good news for the victims of the Hive ransomware, the South Korean cybersecurity agency KISA has released a free decryptor for versions from v1 till v4. “The Korea Internet & Security Agency (KISA) is distributing […]
