Hacking

Pierluigi Paganini June 21, 2020
COVID-19 themed attacks are just a small percentage of the overall threats

Threat actors adapted their tactics to exploit the interest in the ongoing COVID-19 pandemic, Microsoft says. Since the beginning of the COVID-19 pandemic, threat actors started to actively deploy opportunistic campaigns using Coronavirus lures. Anyway, Microsoft says that malware attacks that abused the COVID-19 theme only had a temporary effect on the total volume of […]

Pierluigi Paganini June 20, 2020
Hundreds of malicious Chrome browser extensions used to spy on you!

Malicious Chrome browser extensions were employed in a surveillance campaign on a large scale, millions of users potentially impacted. Malicious Chrome browser extensions were used in a massive surveillance campaign aimed at users working in the financial services, oil and gas, media and entertainment, healthcare, government organizations, and pharmaceuticals. The malicious Chrome browser extensions were […]

Pierluigi Paganini June 20, 2020
Australian beverages firm Lion hit for the second time in a few days by a cyber attack

The Australian brewery and dairy conglomerate Lion was hit for the second time by a cyber attack, media reported. The Australian beverages company and dairy conglomerate Lion was the victim of a new cyberattack, Sydney Morning Herald reported. Lion is a beverage and food company that operates in Australia and New Zealand, and a subsidiary of Japanese […]

Pierluigi Paganini June 19, 2020
An SSRF flaw in Maximo Asset Management could be used to target corporate networks

IBM recently fixed a high-severity issue in its Maximo asset management solution that could facilitate attacks on corporate networks. IBM recently addressed a high-severity issue, tracked as CVE-2020-4529, in its Maximo asset management solution that could facilitate attacks on making lateral movements within corporate networks. Maximo is designed to assist an organisation in managing its assets […]

Pierluigi Paganini June 19, 2020
AcidBox, a malware that borrows Turla APT exploit, hit Russian organizations

New AcidBox Malware employed in targeted attacks leverages an exploit previously associated with the Russian-linked Turla APT group. Palo Alto Networks researchers analyzed a new malware, dubbed AcidBox, that was employed in targeted attacks and that leverages an exploit previously associated with the Russian-linked Turla APT group. The Turla APT group (aka Snake, Uroburos, Waterbug, Venomous Bear and KRYPTON) has been active since at […]

Pierluigi Paganini June 19, 2020
New Cisco Webex Meetings flaw allows attackers to impersonate users

A flaw in Cisco Webex Meetings client for Windows could allow local authenticated attackers to gain access to sensitive information. A vulnerability in Cisco Webex Meetings client for Windows, tracked as CVE-2020-3347, could be exploited by local authenticated attackers to gain access to sensitive information. “A vulnerability in Cisco Webex Meetings Desktop App for Windows could […]

Pierluigi Paganini June 18, 2020
Cognizant admitted data breach in April Ransomware Attack

In April the information technologies services giant Cognizant Technology suffered a ransomware attack, now it has confirmed also a data breach. In April the information technologies services giant Cognizant Technology was hit by Maze Ransomware operators. Cognizant is an American multinational corporation that provides IT services, it is one of the largest IT managed services company in the […]

Pierluigi Paganini June 18, 2020
InvisiMole group targets military sector and diplomatic missions in Eastern Europe

Researchers uncovered a recent campaign carried out by the InvisiMole group that has been targeting a small number of high-profile organizations. Security researchers at ESET recently uncovered a campaign carried out by the InvisiMole group that has been targeting a small number of high-profile organizations in the military sector and diplomatic missions in Eastern Europe. […]

Pierluigi Paganini June 18, 2020
79 Netgear router models affected by a dangerous Zero-day

79 Netgear router models are vulnerable to a severe unpatched security vulnerability that can be exploited by remote attackers to take over devices. Security experts Adam Nichols from GRIMM and d4rkn3ss from the Vietnamese internet service provider VNPT have independently reported a severe unpatched security vulnerability that affects 79 Netgear router models. The flaw could […]

Pierluigi Paganini June 18, 2020
Drupal addresses critical code execution vulnerability

Drupal released security updates to patch several security issues, including a flaw that could allow an attacker to execute arbitrary PHP code. Drupal released security updates to address multiple security vulnerabilities, including a “critical” flaw tracked as CVE-2020-13664 that could be exploited by an attacker to execute arbitrary PHP code. The CVE-2020-13664 flaw affects both […]