Pierluigi Paganini
October 09, 2019
NSA is warning of multiple state-sponsored cyberespionage groups exploiting enterprise VPN Flaws Last week, the UK’s National Cyber Security Centre (NCSC) reported that advanced persistent threat (APT) groups have been exploiting recently disclosed VPN vulnerabilities in enterprise VPN products in attacks in the wild. Threat actors leverage VPN vulnerabilities in Fortinet, Palo Alto Networks and Pulse Secure, to […]
Pierluigi Paganini
October 09, 2019
vBulletin has recently published a new security patch update that addresses three high-severity vulnerabilities in the popular forum software. vBulletin has recently published a new security patch update that addresses three high-severity flaws in vBulletin 5.5.4 and prior versions. The vulnerabilities could be exploited by remote attackers to take complete control over targeted web servers […]
Pierluigi Paganini
October 09, 2019
Hackers have compromised the infrastructure of Volusion and are distributing malicious software skimmers to steal payment card data provided by users. Volusion is a privately-held technology company that provides ecommerce software and marketing and web design services for small and medium sized businesses. The company has over 250 employees and has served more than 180,000 customers since its founding in 1999. […]
Pierluigi Paganini
October 09, 2019
Twitter admitted having “inadvertently” used phone numbers and email addresses, collected for security purposes, for advertising. Twitter apologized to have used phone numbers and email addresses, privided by the users for security purposes, for advertising. According to the social media company, data used for account authentication were also matched with advertisers’ database to improve the […]
Pierluigi Paganini
October 09, 2019
Security researchers discovered a code-execution vulnerability that affects versions through 9.0.4 of the Ghidra software reverse engineering (SRE) framework. GHIDRA is a multi-platform reverse engineering framework that runs on major OSs (Windows, macOS, and Linux). The framework was first mentioned in the CIA Vault 7 dump that was leaked in 2017. WikiLeaks obtained thousands of files allegedly originating from […]
Pierluigi Paganini
October 08, 2019
Microsoft October 2019Â Patch Tuesday addressed a total of 59 vulnerabilities. 9 of which are rated as critical and 49 as important. The tech giant released its October 2019 Patch Tuesday security updates to address a total of 59 vulnerabilities in Windows operating systems and other software, 9 of which are rated as ‘critical’, 49 are […]
Pierluigi Paganini
October 08, 2019
Researchers from MalwareBytes and HYAS Threat Intelligence linked one of the hacking groups under the Magecart umbrella to the notorious Cobalt cybercrime Group. Hacker groups under the Magecart umbrella continue to target organizations worldwide to steal payment card data with so-called software skimmers. Security firms have monitored the activities of a dozen groups at least since 2010. According to […]
Pierluigi Paganini
October 08, 2019
One of the victims of the Muhstik ransomware gang who initially paid the ransomware, decided to hack back the crooks and released their decryption keys. Tobias Frömel, is a German software developer, who was a victim of the Muhstik ransomware. Frömel initially paid the ransom to decrypt his files, but later decided to get his […]
Pierluigi Paganini
October 08, 2019
Patches for Internet Explorer Zero-Day Causing Problems for Many Users Microsoft released a new set of patches for a zero-day flaw in Internet Explorer recently fixed due to problems reported by users with the previous patch. On September 23, Microsoft released an out-of-band patch to address a zero-day memory corruption flaw in Internet Explorer (CVE-2019-1367) that […]
Pierluigi Paganini
October 08, 2019
Researchers from Akamai uncovered a new campaign targeting the Drupalgeddon2 vulnerability to deliver malware. The popular security expert Larry W. Cashdollar from Akamai has uncovered a new campaign targeting the popular Drupalgeddon2 vulnerability (CVE-2018-7600) to deliver malware. Drupalgeddon2 is a “highly critical” vulnerability that affects Drupal 7 and 8 core, it could be exploited by an attacker […]
