Pierluigi Paganini
January 15, 2024
Apple addressed a recently disclosed Bluetooth keyboard injection vulnerability with the release of Magic Keyboard firmware. Apple released Magic Keyboard Firmware Update 2.0.6 to address a recently disclosed Bluetooth keyboard injection issue tracked as CVE-2024-0230. The flaw is a session management issue that can be exploited by an attacker with physical access to the accessory […]
Pierluigi Paganini
January 14, 2024
Forescout experts questioned the attribution of cyber attacks that targeted the energy sector in Denmark in 2023 to the Russia-linked Sandworm. Forescout experts shared findings from their analysis of the cyber attacks that targeted the energy sector in Denmark in 2023, attributing them to the Russia-linked Sandworm. In May, Danish critical infrastructure faced the biggest […]
Pierluigi Paganini
January 14, 2024
The National Police of Ukraine, with the support of Europol, arrested the alleged mastermind behind a sophisticated cryptojacking scheme. The National Police of Ukraine, with the support of Europol, arrested an individual in Mykolaiv, Ukraine, on 9 January. The man is suspected to be the mastermind behind a sophisticated cryptojacking scheme that generated over USD […]
Pierluigi Paganini
January 13, 2024
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Akira ransomware targets Finnish organizations GitLab fixed a critical zero-click account hijacking flaw Juniper Networks fixed […]
Pierluigi Paganini
January 13, 2024
The Finish National Cybersecurity Center (NCSC-FI) warns of increased Akira ransomware attacks targeting NAS and tape backup devices of organizations in the country. The Finish National Cybersecurity Center (NCSC-FI) reported an increase in Akira ransomware attacks, targeting organizations in the country. Threat actors are wiping NAS and backup devices. Akira ransomware infections were first reported in Finland […]
Pierluigi Paganini
January 13, 2024
GitLab addressed two critical flaws impacting both the Community and Enterprise Edition, including a critical zero-click account hijacking vulnerability GitLab has released security updates to address two critical vulnerabilities impacting both the Community and Enterprise Edition. The most critical vulnerability, tracked as CVE-2023-7028 (CVSS score 10), is an account takeover via Password Reset. The flaw […]
Pierluigi Paganini
January 12, 2024
Juniper Networks fixed a critical pre-auth remote code execution (RCE) flaw, tracked as CVE-2024-21591, in its SRX Series firewalls and EX Series switches. Juniper Networks released security updates to address a critical pre-auth remote code execution (RCE) vulnerability, tracked as CVE-2024-21591, that resides in SRX Series firewalls and EX Series switches. The vulnerability resides in […]
Pierluigi Paganini
January 12, 2024
Investigators from Resecurity’s HUNTER (HUMINT) warn that Indonesia is increasingly being targeted by cyber-threat actors. Investigators from Resecurity’s HUNTER (HUMINT) have found that Indonesia is increasingly being targeted by cyber-threat actors who have staged attacks that pose significant long-term risks to the integrity of the country’s elections. These findings coincide with the critical and fast-approaching […]
Pierluigi Paganini
January 12, 2024
Researchers published a proof-of-concept (PoC) code for the recently disclosed critical flaw CVE-2023-51467 in the Apache OfBiz. Researchers from cybersecurity firm VulnCheck have created a proof-of-concept (PoC) exploit code for the recently disclosed critical flaw CVE-2023-51467 (CVSS score: 9.8) in the Apache OfBiz. In December, experts warned of an authentication bypass zero-day flaw that affects Apache OfBiz, an open-source Enterprise Resource Planning (ERP) […]
Pierluigi Paganini
January 12, 2024
Liquipedia, an online e-sports platform run by Team Liquid, exposed a database revealing its users’ email addresses and other details. Users of the e-sports knowledge base were exposed via a publicly accessible and passwordless MongoDB database, the Cybernews research team has discovered. The database was closed after researchers informed Liquipedia’s admins about the issue. Liquipedia […]
