Pierluigi Paganini
November 12, 2020
Google has released Chrome version 86.0.4240.198 that addresses two additional zero-day vulnerabilities that were exploited in the wild. Google has addressed two zero-day vulnerabilities, actively exploited in the wild, with the release of Chrome version 86.0.4240.198. The IT giant has fixed a total of five Chrome zero-day vulnerabilities in only three weeks. Both zero-day flaws, […]
Pierluigi Paganini
November 11, 2020
The alleged decompiled source code for the Cobalt Strike post-exploitation toolkit has been leaked online in a GitHub repository. The decompiled source code for the Cobalt Strike post-exploitation toolkit has allegedly been leaked online in a GitHub repository. Cobalt Strike is a legitimate penetration testing toolkit and threat emulation software that allows attackers to deploy […]
Pierluigi Paganini
November 11, 2020
A former Microsoft worker was sentenced to nine years in prison for a scheme to steal $10 million in digital currency. Volodymyr Kvashuk (26), a former Microsoft software engineer, was sentenced this week to nine years in prison for a scheme to steal $10 million in digital currency. Kvashuk is a Ukrainian citizen living in […]
Pierluigi Paganini
November 11, 2020
Mozilla and Google have already fixed the critical flaws in Firefox and Chrome exploited by bug bounty hunters at 2020 Tianfu Cup hacking contest. Mozilla and Google have already addressed the critical Firefox and Chrome vulnerabilities that were recently exploited by white hat hackers at the 2020 Tianfu Cup hacking contest. The vulnerability in Chrome exploited […]
Pierluigi Paganini
November 11, 2020
Muhstik botnet leverages known web application exploits to compromise IoT devices, now it targeting Oracle WebLogic, Drupal. Muhstik is a botnet that is known to use web application exploits to compromise IoT devices, it has been around for at least 2018. Botnet operators monetize their efforts via XMRig, combined with DDoS-for-hire services. The botnet leverages IRC servers for command-and-control […]
Pierluigi Paganini
November 11, 2020
Ragnar Locker Ransomware operators have started to run Facebook advertisements to force their victims into paying the ransom. In November 2019, ransomware operators have started adopting a new double-extortion strategy first used by the Maze gang that sees threat actors also stealing unencrypted files before encrypting infected systems. Then the attackers threaten to release the stolen […]
Pierluigi Paganini
November 11, 2020
Microsoft Patch Tuesday updates for November 2020 address 112 flaws, including a Windows bug that was chained with Chrome issues in attacks. Microsoft Patch Tuesday updates for November 2020 address 112 vulnerabilities in multiple products, including Microsoft Windows, Office and Office Services and Web Apps, Internet Explorer (IE), Edge (EdgeHTML-based and Chromium-based), ChakraCore, Exchange Server, […]
Pierluigi Paganini
November 10, 2020
Adobe addressed vulnerabilities in its Reader Mobile and Connect products, none of them is rated as critical severity. Adobe has released security patches to address vulnerabilities in its Reader Mobile and Connect products. “Adobe has published security bulletins for Adobe Connect (APSB20-69) and Adobe Reader Mobile (APSB20-71). Adobe recommends users update their product installations to […]
Pierluigi Paganini
November 10, 2020
Multiple critical vulnerabilities affecting the Ultimate Member plugin could be easily exploited to potentially takeover up to 25K websites. Multiple critical vulnerabilities in the Ultimate Member plugin could be easily exploited to take over websites, the issue potentially impact up to 100K installs. The Ultimate Member WordPress plugin allows admins to easily manage membership to […]
Pierluigi Paganini
November 10, 2020
Ransomware operators use fake Microsoft Teams updates to deploy Cobalt Strike and compromise the target networks. Ransomware operators are using malicious fake Microsoft Teams updates to deliver backdoors that lead the installation of the Cobalt Strike post-exploitation tool and compromise the target network. The ongoing COVID-19 pandemic is forcing a growing number of organizations and […]
