Pierluigi Paganini
January 25, 2023
Google addressed six security vulnerabilities in its web browser Chrome, none of them actively exploited in the wild. Google released Chrome version 109.0.5414.119 for Mac and Linux and 109.0.5414.119/.120 for Windows to address a total of six vulnerabilities. Four of the addressed flaws were reported by external researchers that were awarded for more than $26,500 for their […]
Pierluigi Paganini
January 25, 2023
Prestigious club Stade Français potentially endangered its fans for over a year after leaking its website’s source code. Stade Français is a professional rugby union club based in Paris. Founded in 1883 and competing in France’s premier rugby league, Top 14, it has established itself as one of the most successful teams in the country, […]
Pierluigi Paganini
January 25, 2023
Chinese threat actor tracked as DragonSpark targets organizations in East Asia with a Golang malware to evade detection. SentinelOne researchers spotted a Chinese-speaking actor, tracked as DragonSpark, that is targeting organizations in East Asia. The attackers employed an open source tool SparkRAT along with Golang malware that implements an uncommon technique to evade detection. “The threat […]
Pierluigi Paganini
January 24, 2023
A critical vulnerability in VMware vRealize Log Insight appliance can allow an unauthenticated attacker to take full control of a target system. VMware addressed multiple vulnerabilities, tracked as CVE-2022-31706, CVE-2022-31704, CVE-2022-31710, and CVE-2022-31711, in its vRealize Log Insight appliance. VRealize Log Insight is a log collection and analytics virtual appliance that enables administrators to collect, view, […]
Pierluigi Paganini
January 24, 2023
Pakistan suffered a nationwide blackout, local authorities are investigating the cause and suspect it was the result of a cyberattack. On Monday, a nationwide blackout in Pakistan left millions of people in the darkness, and the authorities are investigating if it was caused by a cyberattack. The power outage impacted all the major cities in […]
Pierluigi Paganini
January 24, 2023
GoTo is notifying customers that its development environment was breached in November 2022, attackers stole customers’ backups and encryption key. GoTo, formerly LogMeIn Inc, is a flexible-work provider of software as a service (SaaS) and cloud-based remote work tools for collaboration and IT management, The company is warning customers that threat actors breached its development environment in November 2022 and stole encrypted […]
Pierluigi Paganini
January 24, 2023
The U.S. FBI attributes the $100 million cyber heist against Harmony Horizon Bridge to North Korea-linked Lazarus APT. The U.S. Federal Bureau of Investigation (FBI) this week confirmed that in June 2022 the North Korea-linked Lazarus APT group and APT38 stole $100 million worth of cryptocurrency assets from the Blockchain company Harmony Horizon Bridge. “The FBI continues […]
Pierluigi Paganini
January 24, 2023
US CISA added the Zoho ManageEngine RCE vulnerability CVE-2022-47966 to its Known Exploited Vulnerabilities Catalog. The US CISA added the Zoho ManageEngine remote code execution flaw (CVE-2022-47966) to its Known Exploited Vulnerabilities Catalog. The CVE-2022-47966 flaw is an unauthenticated remote code execution vulnerability that impacts multiple Zoho products with SAML SSO enabled in the ManageEngine setup. The […]
Pierluigi Paganini
January 23, 2023
Researchers dismantled a sophisticated ad fraud scheme, dubbed VASTFLUX, that targeted more than 11 million devices. HUMAN’s Satori Threat Intelligence and Research Team dismantled a sophisticated ad fraud operation dubbed VASTFLUX. The name VASTFLUX comes from the evasion technique “fast flux” and VAST, the Digital Video Ad Serving Template that was abused by threat actors in this fraudulent scheme. The researchers […]
Pierluigi Paganini
January 23, 2023
Video game developer and publisher Riot Games announced that it will delay the release of game patches after a security incident. Riot Games is an American video game developer, publisher and esports tournament organizer known for the creation of the popular games League of Legends and Valorant. Last week threat actors hacked the company’s systems in its development environment, Riot Games […]
