Pierluigi Paganini
August 20, 2021
Unauthenticated attackers could bypass TLS inspection filtering solution in multiple products to exfiltrate data from previously compromised servers, Cisco warns. Cisco warns of a vulnerability in Server Name Identification (SNI) request filtering that affects multiple products (Cisco Web Security Appliance (WSA), Cisco Firepower Threat Defense (FTD), and the Snort detection engine) that could be exploited […]
Pierluigi Paganini
August 20, 2021
During the first half of 2021, 637 vulnerabilities affecting industrial control system (ICS) products were published, affecting products from 76 vendors. Industrial cybersecurity firm Claroty published its third Biannual ICS Risk & Vulnerability Report that analyzes the vulnerability landscape relevant to leading automation products used across the ICS domain. The company reported that during the […]
Pierluigi Paganini
August 19, 2021
Japanese cryptocurrency exchange Liquid was hit by a cyber attack, threat actors stole $97 Million worth of crypto-currency assets from the company. Japan-based cryptocurrency exchange Liquid was hit by a cyber attack that resulted in the theft of $97 Million worth of crypto-currency assets from its warm wallets. Liquid confirmed that crooks stole various crypto-currency […]
Pierluigi Paganini
August 19, 2021
Cisco has no plan to fix a critical code execution flaw (CVE-2021-34730) in small business RV110W, RV130, RV130W, and RV215W routers Cisco has no plan to address a critical code execution vulnerability, tracked as CVE-2021-34730, that affects small business RV110W, RV130, RV130W, and RV215W routers. The CVE-2021-34730 flaw resides in the Universal Plug-and-Play (UPnP) service […]
Pierluigi Paganini
August 19, 2021
Threat actors breached the servers of US Census Bureau on January 11, 2020, exploiting an unpatched Citrix ADC zero-day vulnerability, OIG revealed. A report published by the US Office of Inspector General (OIG) revealed that threat actors breached the servers of US Census Bureau on January 11, 2020, exploiting an unpatched Citrix ADC zero-day flaw. […]
Pierluigi Paganini
August 19, 2021
North Korea-linked InkySquid group leverages two Internet Explorer exploits to deliver a custom implant in attacks aimed at a South Korean online newspaper. Experts from cybersecurity firm Volexity reported that North Korea-linked InkySquid group (aka ScarCruft, APT37, Group123, and Reaper) leverages two Internet Explorer exploits to deliver a custom backdoor in watering hole attacks aimed at the […]
Pierluigi Paganini
August 18, 2021
Researchers conducted a new analysis of the Diavol ransomware and found new evidence of the link with the gang behind the TrickBot botnet. In July, researchers from Fortinet reported that a new ransomware family, tracked as Diavol, might have been developed by Wizard Spider, the cybercrime gang behind the TrickBot botnet. The Trickbot botnet was used by […]
Pierluigi Paganini
August 18, 2021
T-Mobile has confirmed that hackers have stolen records belonging to 48.6 million of current and former customers. Recently T-Mobile has launched an investigation into a possible security breach after a threat actor started offering for sale 100 million T-Mobile customer records on the dark web. Bleeping Computer reported that the seller was asking for 6 […]
Pierluigi Paganini
August 18, 2021
Adobe has addressed two critical security vulnerabilities affecting its Photoshop image manipulation software. Adobe released security updates to address two critical security vulnerabilities, tracked as CVE-2021-36065 and CVE-2021-36066, affecting the popular image manipulation software Photoshop. The flaws affect versions of the software for both Windows and macOS, their exploitation could lead to arbitrary code execution in the […]
Pierluigi Paganini
August 18, 2021
The German state’s data protection agency (DPA) warns that the use of the videoconferencing platform Zoom violates the European Union’s GDPR. The German state’s data protection agency (DPA) warns that the Senate Chancellory’s use of the popular videoconferencing tool violates the European Union’s General Data Protection Regulation (GDPR). The DPA is concerned by the transfer of […]
