Breaking News

Pierluigi Paganini March 31, 2021
North Korea-linked hackers target security experts again

Researchers from Google’s Threat Analysis Group (TAG) reported that North Korea-linked hackers are targeting security researchers via social media. The cyberspies used fake Twitter and LinkedIn social media accounts to get in contact with the victims. Experts identified two accounts impersonating recruiters for antivirus and security companies. Social media profiles were quickly removed after Google […]

Pierluigi Paganini March 31, 2021
President Biden extended Executive Order 13694 regarding cyberattack sanctions

President Joe Biden has extended Executive Order 13694, issued in 2015 by President Obama, regarding sanctions issued in response to cyberattacks. President Joe Biden this week has extended Executive Order 13694 regarding sanctions issued in response to cyberattacks. Executive Order 13694 was issued by President Barack Obama in 2015, it allows the government to block […]

Pierluigi Paganini March 31, 2021
5-star customer service: fraudsters launch massive campaign against Indonesia’s major banks on Twitter

Experts warn that cybercriminals are targeting Indonesia’s major banks posing as bank representatives or customer support team members on Twitter. Group-IB, a global threat hunting and adversary-centric cyber intelligence company, warns of an ongoing fraudulent campaign targeting Indonesia’s largest banks that cybercriminals run on social media with the ultimate goal of stealing bank customers’ money. […]

Pierluigi Paganini March 31, 2021
Chinese experts earned $20,000 for reporting a Chrome Sandbox Escape

Researchers have reported to Google a sandbox escape vulnerability in the Chrome web browser to Google that awarded them $20,000. Experts from the Chinese cybersecurity company Qihoo 360 have reported to Google another sandbox escape vulnerability (CVE-2021-21194) affecting the Chrome web browser. The tech giant awarded the researchers Leecraso and Guang Gong from the 360 Alpha […]

Pierluigi Paganini March 31, 2021
Email accounts of DHS members were compromised in the SolarWinds hack

Russian hackers accessed the email accounts of US Department of Homeland Security (DHS) officials as a result of the SolarWinds hack. Russia-linked hackers were able to access email accounts belonging to US Department of Homeland Security (DHS) officials during the SolarWinds supply chain attack.  “Suspected Russian hackers gained access to email accounts belonging to the […]

Pierluigi Paganini March 31, 2021
IETF deprecates TLS 1.0 and TLS 1.1, update to latest versions

IETF has formally deprecated the TLS 1.0 and TLS 1.1 cryptographic protocols because they lack support for recommended cryptographic algorithms and mechanisms The Internet Engineering Task Force (IETF) formally deprecates Transport Layer Security (TLS) versions 1.0 (RFC 2246) and 1.1 (RFC 4346). Both versions lack support for current and recommended cryptographic algorithms and mechanisms. TLS […]

Pierluigi Paganini March 30, 2021
VMware addresses SSRF flaw in vRealize Operations that allows stealing admin credentials

VMware addressed a high severity vulnerability in vRealize Operations that could allow stealing admin credentials from vulnerable servers. VMware has published security updates to address multiple vulnerabilities in VMware vRealize Operations that could allow threat actors to steal admin credentials from vulnerable installs. VMware vRealize Operations is a self-driving and AI-powered platform for the management of IT operations […]

Pierluigi Paganini March 30, 2021
Reflected XSS Vulnerability In “Ivory Search” WP Plugin Impact Over 60K sites

Researchers discovered a reflected XSS vulnerability in the Ivory Search WordPress Plugin installed on over 60,000 sites. On March 28, 2021, Astra Security Threat Intelligence Team responsibly disclosed a vulnerability in Ivory Search, a WordPress Search Plugin installed on over 60,000 sites. This security vulnerability could be exploited by an attacker to perform malicious actions […]

Pierluigi Paganini March 30, 2021
Experts found 2 Linux Kernel flaws that can allow bypassing Spectre mitigations

Linux kernel recently fixed a couple of vulnerabilities that could allow an attacker to bypass mitigations designed to protect devices against Spectre attacks. Kernel updates released in March have addressed a couple of vulnerabilities that could be exploited by an attacker to bypass mitigations designed to protect devices against Spectre attacks. In January 2018, White […]

Pierluigi Paganini March 30, 2021
Hundreds of thousands of projects affected by a flaw in netmask npm package

A vulnerability in the netmask npm package, tracked as CVE-2021-28918, could be exploited by attackers to conduct a variety of attacks. A vulnerability in the netmask npm package, tracked as CVE-2021-28918, could expose private networks to multiple attacks. The flaw is caused by the improper input validation of octal strings in netmask npm package, it […]