Hacking

Pierluigi Paganini February 25, 2021
Google discloses technical details of Windows CVE-2021-24093 RCE flaw

Google Project Zero team disclosed the details of a recently patched remote code execution vulnerability (CVE-2021-24093) in Windows Operating system. White hat hacker at Google Project Zero disclosed the details of a recently patched Windows vulnerability, tracked as CVE-2021-24093, that can be exploited for remote code execution in the context of the DirectWrite client. DirectWrite […]

Pierluigi Paganini February 25, 2021
Thousands of VMware Center servers exposed online and potentially vulnerable to CVE-2021-21972 flaw

A Chinese security researcher published a PoC code for the CVE-2021-21972 vulnerability in VMware Center, thousands of vulnerable servers are exposed online. A Chinese security researcher published the Proof-of-concept exploit code for the CVE-2021-21972 RCE vulnerability affecting VMware vCenter servers. vCenter Server is the centralized management utility for VMware, and is used to manage virtual machines, multiple ESXi […]

Pierluigi Paganini February 24, 2021
APT32 state hackers target human rights defenders with spyware

Vietnam-linked APT32 group targeted Vietnamese human rights defenders (HRDs) between February 2018 and November 2020. Vietnam-linked APT32 (aka Ocean Lotus) group has conducted a cyberespionage campaign targeting Vietnamese human rights defenders (HRDs) and a nonprofit (NPO) human rights organization from Vietnam between February 2018 and November 2020. The threat actors used by spyware to take […]

Pierluigi Paganini February 23, 2021
FIN11 cybercrime group is behind recent wave of attacks on FTA servers

FireEye experts linked a series of attacks targeting Accellion File Transfer Appliance (FTA) servers to the cybercrime group UNC2546, aka FIN11. Security experts from FireEye linked a series of cyber attacks against organizations running Accellion File Transfer Appliance (FTA) servers to the cybercrime group UNC2546, aka FIN11. “Starting in mid-December 2020, malicious actors that Mandiant […]

Pierluigi Paganini February 23, 2021
NurseryCam daycare cam service shut down after security breach

Daycare camera product NurseryCam was hacked last week, the company was forced to shut down its IoT camera service. On Friday, The Register become aware of the compromise of the NurseryCam network. NurseryCam is produced by the companies FootfallCam Ltd and Meta Technologies Ltd. In response to the incident, the company shut down its IoT […]

Pierluigi Paganini February 22, 2021
Ukraine sites suffered massive attacks launched from Russian networks

Ukraine ‘s government accused unnamed Russian traffic networks as the source of massive attacks on Ukrainian security and defense websites. Today Ukraine accused unnamed Russian internet networks of massive attacks that targeted Ukrainian security and defense websites. The Ukrainian officials did not provide details about the attacks either the damage they have caused. “It was […]

Pierluigi Paganini February 22, 2021
Georgetown County has yet to recover from a sophisticated cyber attack

The systems of Georgetown County have been hacked at the end of January, and the county staff is still working to rebuild its computer network. The systems of Georgetown County have been hit with a sophisticated cyber attack at the end of January, and the county staff is still working to recover from the incident. […]

Pierluigi Paganini February 22, 2021
NSA Equation Group tool was used by Chinese hackers years before it was leaked online

The Chinese APT group had access to an NSA Equation Group, NSA hacking tool and used it years before it was leaked online by Shadow Brokers group. Check Point Research team discovered that China-linked APT31 group (aka Zirconium.) used a tool dubbed Jian, which is a clone of NSA Equation Group ‘s “EpMe” hacking tool years […]

Pierluigi Paganini February 21, 2021
Bug bounty hacker earned $5,000 reporting a Stored XSS flaw in iCloud.com

A white hat hacker has earned a $5,000 reward from Apple for reporting a stored cross-site scripting (XSS) vulnerability on iCloud.com. The bug bounty hunter Vishal Bharad has earned a $5,000 reward from Apple for reporting a stored cross-site scripting (XSS) vulnerability on iCloud.com. Bharad was searching for cross-site request forgery (CSRF), insecure direct object […]

Pierluigi Paganini February 20, 2021
The US Government is going to respond to the SolarWinds hack very soon

The US is going to respond to the SolarWinds supply chain attack within weeks, national security adviser Jake Sullivan told CNN. The US will respond within weeks to the devastating SolarWinds supply cyber attack, national security adviser Jake Sullivan told CNN. “We are in the process now of working through, with the intelligence community and [President […]