Pierluigi Paganini
November 02, 2021
Google is going to increase the bounty for finding and exploiting privilege escalation vulnerabilities in the Linux kernel. Good news for white hat hackers, Google is going to increase the bounty for demonstrating privilege escalation vulnerabilities in the Linux kernel. The payouts for privilege escalation exploits using a known vulnerability will be up to US$31,337, […]
Pierluigi Paganini
November 02, 2021
Researchers warn of a now-fixed critical remote code execution (RCE) vulnerability in GitLab ‘s web interface actively exploited in the wild. Cybersecurity researchers warn of a now-patched critical remote code execution (RCE) vulnerability, tracked as CVE-2021-22205, in GitLab’s web interface that has been actively exploited in the wild. The vulnerability is an improper validation issue of […]
Pierluigi Paganini
November 02, 2021
Researchers devised a new attack method called ‘Trojan Source’ that allows hide vulnerabilities into the source code of a software project. Trojan Source is a new attack technique demonstrated by a group of Cambridge researchers that can allow threat actors to hide vulnerabilities in the source code of a software project. The technique could be […]
Pierluigi Paganini
November 02, 2021
A ransomware attack hit the systems at the Toronto Transit Commission public transportation agency and disrupted its operations. The Toronto Transit Commission announced on Friday that its systems have been infected with ransomware, the attack began on Thursday night and disrupted its activities. At this time, no ransomware gang has taken responsibility for the attack. TTC […]
Pierluigi Paganini
November 01, 2021
The US FBI has published a flash alert warning private organizations of the evolution of the HelloKitty ransomware (aka FiveHands). The U.S. Federal Bureau of Investigation (FBI) has sent out a flash alert warning private industry of a new feature of the HelloKitty ransomware gang (aka FiveHands). According to the alert, the ransomware gang is […]
Pierluigi Paganini
November 01, 2021
Operators behind the Squid Game cryptocurrency have exit scam making off with an estimated $2.1 million. Operators behind the Squid Game cryptocurrency have exit scam making off with an estimated $2.1 million just after a week from its launch. Gizmodo, which first reported the news, initially warned of a potential scam because investors were not allowed to sell the […]
Pierluigi Paganini
November 01, 2021
Researchers demonstrated how crooks could hack Diebold Nixdorf’s Wincor Cineo ATMs to bypass black-box attack protections and withdraw cash. Positive Technologies researchers Vladimir Kononovich and Alexey Stennikov have discovered security flaws Wincor Cineo ATMs that could be exploited to bypass Black-Box attack protections and withdraw cash. “According to Vladimir Kononovich, some manufacturers rely on security through […]
Pierluigi Paganini
November 01, 2021
Cybersecurity researchers uncovered a huge botnet, tracked as Pink, that already infected over 1.6 million devices most of them located in China. Qihoo 360’s Netlab Cybersecurity researchers discovered a huge botnet, tracked as Pink, that already infected over 1.6 million devices. The botnet was created to launch DDoS attacks and to insert advertisements in the […]
Pierluigi Paganini
November 01, 2021
Meet Balikbayan Foxes: a threat group impersonating the Philippine gov’t Experts uncovered a new threat actor, tracked as Balikbayan Foxes, that is impersonating the Philippine government to spread malware. Researchers from Proofpoint have uncovered a new threat actor, dubbed Balikbayan Foxes (TA2722) that is impersonating the Philippine health, labor, and customs organizations as well as […]
Pierluigi Paganini
November 01, 2021
The Microsoft Detection and Response Team (DART) warns of a rise in password spray attacks targeting valuable cloud accounts. The Microsoft Detection and Response Team (DART) observed a worrisome rise in password spray attacks targeting privileged cloud accounts. Password spraying is a type of brute force attack where the attackers carry out brute force logins based […]
