Securtiy Affairs Archives - Security Affairs

Pierluigi Paganini April 17, 2020

Experts shed the light on the mysterious critical VMware vCenter Server issue

Security firm Guardicore released technical information on a critical VMware vCenter Server vulnerability recently disclosed by VMware. Earlier this month, VMware has addressed a critical information disclosure flaw, tracked as CVE-2020-3952, that could be exploited by attackers to compromise vCenter Server or other services that use the Directory Service (vmdir) for authentication. The CVE-2020-3952 vulnerability […]

Pierluigi Paganini February 13, 2020

600+ installs of WordPress Cookie Consent Plugin vulnerable to hack. Fix it now!

Developers of the popular WordPress GDPR Cookie Consent plugin have addressed a critical bug that could potentially impact 700K users. Critical vulnerabilities in the WordPress GDPR Cookie Consent plugin could be exploited by potential attackers to delete and change the content of the sites and inject malicious JavaScript code due to improper access controls. The GDPR Cookie Consent plugin assists users […]

Pierluigi Paganini February 08, 2020

RobbinHood ransomware exploit GIGABYTE driver flaw to kill security software

The operators behind the infamous RobbinHood ransomware are exploiting a vulnerable GIGABYTE driver to kill antivirus products. Cybercriminals behind the RobbinHood Ransomware are exploiting a vulnerable GIGABYTE driver to install a malicious and unsigned driver into Windows with the intent of disabling security products. Ransomware operators leverage a custom antivirus killing package that is delivered to workstations […]

Pierluigi Paganini August 26, 2019

Apple released an emergency patch to address CVE-2019-8605 iOS flaw

Apple has released an emergency patch in iOS 12.4.1 that addresses the CVE-2019-8605 use-after-free vulnerability that allowed iPhone jailbreak. Recently, Apple accidentally unpatched a vulnerability it had already fixed, making current versions of iOS vulnerable to hackers and allowing the jailbreak of the devices. Experts discovered that the iOS version 12.4 released in June has reintroduced a security […]

Pierluigi Paganini August 22, 2019

Cisco addressed several vulnerabilities in UCS products

Cisco released security patches to address 17 critical and high-severity vulnerabilities affecting some Cisco Unified Computing products (UCS and IMC). Cisco has released security fixes to address 17 critical and high-severity vulnerabilities affecting some Cisco Unified Computing products. Most of the flaws affect the Integrated Management Controller (IMC) that is a baseboard management controller that […]

Pierluigi Paganini June 24, 2019

WeTransfer incident: file transfer emails were sent to unintended email addresses

Problems for the popular file transfer service WeTransfer, its staff discovered that some file transfer emails were sent to the wrong people. WeTransfer, the popular file transfer service, issued a security notice to inform users that file transfer emails were sent to unintended email addresses on June 16 and 17. In response to the incident, […]

Pierluigi Paganini June 23, 2019

NASA hacked! An unauthorized Raspberry Pi connected to its network was the entry point

NASA Office of Inspector General revealed that the Agency’s network was hacked in April 2018, intruders exfiltrated roughly 500 MB of data related to Mars missions. According to a report published by the NASA Office of Inspector General, hackers breached the Agency’s network in April 2018 and remained undetected for nearly a year. The report […]

Pierluigi Paganini June 17, 2019

New phishing campaign targets bank customers with WSH RAT

Security researchers at Cofense have spotted a phishing campaign aimed at commercial banking customers distributing a new remote access trojan (RAT) tracked as WSH RAT. Security experts at Cofense Phishing Defence Center have spotted a phishing campaign aimed at commercial banking customers that is distributing a new remote access trojan tracked as WSH RAT. The […]

Pierluigi Paganini May 30, 2019

Nansh0u campaign already infected 50,000 MS-SQL and PHPMyAdmin Servers

Guardicore Labs uncovered a widespread cryptojacking campaign tracked as Nansh0u and aimed at Windows MS-SQL and PHPMyAdmin servers. Security experts at Guardicore Labs uncovered a widespread cryptojacking campaign leveraging a malware dubbed Nansh0u. The malicious code aimed at Windows MS-SQL and PHPMyAdmin servers worldwide. According to the experts, the malicious campaign is being carried out […]

Pierluigi Paganini February 16, 2019

A new batch of 127 million records appears in the dark web

A new batch of 127 million records appears in the dark web, this time the huge trove of data appears to be originated from eight companies. A hacker that goes online with the moniker ‘gnosticplayers‘ is offering for sale the data on the Dream Market marketplace asking $14,500 worth of Bitcoin. Early this week, the […]