Pierluigi Paganini
December 15, 2021
While investigating a data breach suffered by a healthcare organization, FBI accidentally revealed that it believes that the HelloKitty ransomware gang operates out of Ukraine. The investigation conducted by FBI on a recent data breach suffered by an Oregon healthcare organization lead to the accidental revelation that the FBI believes that the HelloKitty ransomware gang […]
Pierluigi Paganini
December 15, 2021
Microsoft December 2021 Patch Tuesday addresses 67 vulnerabilities, including an actively exploited Windows Installer vulnerability. Microsoft December 2021 Patch Tuesday addressed 67 vulnerabilities in Microsoft Windows and Windows Components, ASP.NET Core and Visual Studio, Azure Bot Framework SDK, Internet Storage Name Service, Defender for IoT, Edge (Chromium-based), Microsoft Office and Office Components, SharePoint Server, PowerShell, […]
Pierluigi Paganini
December 15, 2021
Researchers uncovered a new Seedworm campaign targeting telecommunication and IT service providers in the Middle East and Asia. Iran-linked APT group Seedworm (aka MERCURY, MuddyWater, TEMP.Zagros, or Static Kitten) is behind a new cyberespionage campaign targeting telecommunication and IT service providers in the Middle East and Asia, Symantec warns. The Seedworm has been active since at least […]
Pierluigi Paganini
December 15, 2021
The DHS has launched a new bug bounty program dubbed ‘Hack DHS’ to discover security vulnerabilities in external DHS systems. The Department of Homeland Security (DHS) has launched a new bug bounty program dubbed ‘Hack DHS’ that allows vetted white hat hackers to discover and report security vulnerabilities in external DHS systems. “As the federal […]
Pierluigi Paganini
December 14, 2021
Adobe warns of threat actors that could exploit critical vulnerabilities in multiple products running on Windows and macOS systems. Adobe has issued critical warnings for more than 60 vulnerabilities in multiple products running on Windows and macOS machines. The vulnerabilities can be exploited by threat actors for code execution, privilege escalation and denial-of-service attacks. The […]
Pierluigi Paganini
December 14, 2021
Bitdefender researchers discovered that threat actors are attempting to exploit the Log4Shell flaw to deliver the new Khonsari ransomware on Windows machines. Bitdefender researchers discovered that threat actors are attempting to exploit the Log4Shell vulnerability (CVE-2021-44228) to deliver the new Khonsari ransomware on Windows machines. Experts warn that threat actors are attempting to exploit the Log4Shell flaw […]
Pierluigi Paganini
December 14, 2021
US CISA ordered federal agencies to address the critical Log4Shell vulnerability in the Log4j library by December 24th, 2021. US CISA ordered federal agencies to address the critical Log4Shell vulnerability in the Log4j library by December 24th, 2021. The order aims at preventing threat actors could exploit the vulnerability in attacks against government systems. The CVE-2021-44228 flaw […]
Pierluigi Paganini
December 14, 2021
Google has released Chrome 96.0.4664.110 to address a high-severity zero-day vulnerability, tracked as CVE-2021-4102, exploited in the wild. Google released security updates to address five vulnerabilities in the Chrome web browser, including a high-severity zero-day flaw, tracked as CVE-2021-4102, exploited in the wild. The CVE-2021-4102 flaw is a use-after-free issue in the V8 JavaScript and WebAssembly engine, its exploitation could lead to the execution […]
Pierluigi Paganini
December 14, 2021
The TinyNuke malware is back and now was used in attacks aimed at French users working in manufacturing, technology, construction, and business services. Proofpoint researchers uncovered a campaign exclusively targeting French entities and organizations with operations in France with the banking malware TinyNuke. The attackers used invoice-themed lures targeting entities in manufacturing, industry, technology, finance, and […]
Pierluigi Paganini
December 13, 2021
Boffins discovered bugs in WiFi chips that can be exploited to extract passwords and manipulate traffic by targeting a device’s Bluetooth component. A group of researchers from the University of Darmstadt, University of Brescia, CNIT, and the Secure Mobile Networking Lab, have discovered security vulnerabilities in WiFi chips that can be exploited to extract passwords […]
