Pierluigi Paganini
May 06, 2022
Experts investigate how stolen Facebook accounts are used as part of a well-established fraud industry inside Facebook. No eyebrows were raised in Quriums security operation center when the independent Philippine media outlet Bulatlat once again got DDoSed, as they are a frequent target of such digital attacks. However, when we noticed that the attack traffic came from […]
Pierluigi Paganini
May 06, 2022
QNAP addressed multiple vulnerabilities, including a critical remote execution flaw affecting the QVR video surveillance solution. QNAP has addressed multiple vulnerabilities, including a critical security issue, tracked as CVE-2022-27588 (CVSS score of 9.8), that could be exploited by a remote attacker to execute arbitrary commands on vulnerable QVR systems. QNAP QVR is a video surveillance […]
Pierluigi Paganini
May 06, 2022
The Anonymous collective and the volunteer group Ukraine IT Army continues to launch cyber attacks on Russian entities. The Anonymous collective continues its cyber war on Russian businesses and government organizations. Below is the list of the most recent organizations targeted by the collective that also leaked stolen data through the DDoSecrets platform: CorpMSP is […]
Pierluigi Paganini
May 06, 2022
Researchers discovered a sophisticated malware framework, dubbed NetDooka, distributed via a pay-per-install (PPI) malware service known as PrivateLoader. Trend Micro researchers uncovered a sophisticated malware framework dubbed NetDooka that is distributed via a pay-per-install (PPI) service known as PrivateLoader and includes multiple components, including a loader, a dropper, a protection driver, and a full-featured remote […]
Pierluigi Paganini
May 06, 2022
Uptycs researchers identified ongoing malicious campaigns through our Docker honeypot targeting exposed Docker API. The Uptycs Threat Research team has identified ongoing malicious campaigns through our Docker honeypot targeting exposed Docker API port 2375. The attacks are related to crypto miners and reverse shells on the vulnerable servers using base64-encoded commands in the cmdline, built […]
Pierluigi Paganini
May 05, 2022
Google released the May security bulletin for Android, 2022-05-05 security patch level, which fixed an actively exploited Linux kernel flaw. Google has released the second part of the May Security Bulletin for Android, which includes a fix for an actively exploited Linux kernel vulnerability tracked as CVE-2021-22600. The CVE-2021-22600 is a privilege escalation issue that […]
Pierluigi Paganini
May 05, 2022
Cisco addresses three flaws impacting its Enterprise NFV Infrastructure Software (NFVIS) that could allow the compromise of the hosts. Cisco addressed three vulnerabilities, tracked as CVE-2022-20777, CVE-2022-20779, and CVE-2022-20780, affecting the Enterprise NFV Infrastructure Software (NFVIS) that could be exploited by attackers to take control over the hosts. “Multiple vulnerabilities in Cisco Enterprise NFV Infrastructure […]
Pierluigi Paganini
May 05, 2022
Researcher discovered a couple of high-severity security flaws that affect a driver used by Avast and AVG antivirus solutions. SentinelOne researcher Kasif Dekel discovered two high-severity security vulnerabilities, tracked as CVE-2022-26522 and CVE-2022-26523, that affect a driver used by Avast and AVG antivirus solutions. The bugs reside in the anti-rootkit kernel driver named aswArPot.sys which […]
Pierluigi Paganini
May 05, 2022
Cybersecurity provider F5 released security patches to address tens of vulnerabilities affecting its products. Security and application delivery solutions provider F5 released its security notification to inform customers that it has released security updates from tens of vulnerabilities in its products. The company addressed a total of 43 vulnerabilities, the most severe one is a critical […]
Pierluigi Paganini
May 04, 2022
A sophisticated cyberespionage campaign, dubbed Operation CuckooBees, conducted by the China-linked Winnti group remained undetected since at least 2019. Researchers from Cybereason uncovered a sophisticated cyberespionage campaign, dubbed Operation CuckooBees, aimed at stealing intellectual property from the victims. The campaign flew under the radar since at least 2019, it was attributed by the experts to […]
