Reports

Pierluigi Paganini December 19, 2020
NSA warns of cloud attacks on authentication mechanisms

The US National Security Agency (NSA) warns of two techniques abused by threat actors for escalating attacks from local networks to cloud infrastructure. The US National Security Agency has published a security advisory that describes two techniques abused in recent attacks against cloud infrastructure. The attack techniques are abused by hackers are using to escalate […]

Pierluigi Paganini November 23, 2020
FBI issued an alert on Ragnar Locker ransomware activity

The U.S. FBI is warning private industry partners of a surge in Ragnar Locker ransomware activity following a confirmed attack from April 2020. The U.S. Federal Bureau of Investigation (FBI) issued a flash alert (MU-000140-MW) to warn private industry partners of an increase of the Ragnar Locker ransomware activity following a confirmed attack from April […]

Pierluigi Paganini October 31, 2020
Companies paid $4.2M bug bounties for XSS flaws in 2020

Cross-Site Scripting (XSS) issues are the most common vulnerabilities that received the highest amount of rewards on the HackerOne vulnerability reporting platform. Cross-Site Scripting (XSS) is the most common vulnerability type and received the highest amount of rewards on the HackerOne vulnerability reporting platform. XSS vulnerabilities accounted for 18% of all flaws reported by bug […]

Pierluigi Paganini October 22, 2020
ENISA Threat Landscape Report 2020

According to the ENISA Threat Landscape Report 2020, cyberattacks are becoming more sophisticated, targeted, and in many cases undetected. I’m proud to present the ENISA Threat Landscape Report 2020, the annual report published by the ENISA that provides insights on the evolution of cyber threats for the period January 2019-April 2020. The 8th annual ENISA Threat Landscape […]

Pierluigi Paganini October 11, 2020
Hackers targeted the US Census Bureau network, DHS report warns

The US DHS’s Homeland Threat Assessment (HTA) report revealed that threat actors have targeted the US Census network during the last year. The US Department of Homeland Security revealed that unknown threat actors have targeted the network of the US Census Bureau during the last year. The attacks were reported in the first Homeland Threat Assessment (HTA) report released earlier […]

Pierluigi Paganini October 05, 2020
SLOTHFULMEDIA RAT, a new weapon in the arsenal of a sophisticated threat actor

U.S. DoD and the DHS CISA agency published a malware analysis report for a new malware variant tracked as SLOTHFULMEDIA The U.S. Department of Defense’s Cyber National Mission Force (CNMF) and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) have published a malware analysis report that provides technical details of a new […]

Pierluigi Paganini September 18, 2020
Ransomware en masse on the wane: top threats inside web-phishing in H1 2020

Web-phishing targeting various online services almost doubled during the COVID-19 pandemic, it accounted for 46 percent of the total number of fake web pages. Singapore, 09/18/2020 — Group-IB, a global threat hunting and intelligence company headquartered in Singapore, evidenced the transformation of the threat portfolio over the first half of 2020. It came as no […]

Pierluigi Paganini August 03, 2020
Reading the 2020 Cost of a Data Breach Report

2020 Cost of a Data Breach Report: the global total cost of a data breach averaged $3.86 million in 2020, down about 1.5% from the 2019 study. Every year, I write about the annual report published by the Ponemon Institute on the cost of a data breach, it is a very interesting study that explores the […]

Pierluigi Paganini June 22, 2020
Moroccan journalist targeted with network injection attacks using NSO Group ‘s spyware

Researchers at Amnesty International collected evidence that a Moroccan journalist was targeted with network injection attacks using NSO Group ‘s spyware. In October 2019, security experts at Amnesty International’s Security Lab have uncovered targeted attacks against Moroccan human rights defenders Maati Monjib and Abdessadak El Bouchattaoui that employed NSO Group surveillance tools. The researchers are […]

Pierluigi Paganini June 17, 2020
AWS mitigated largest DDoS attack ever of 2.3 Tbps

AWS announced it has mitigated a 2.3 Tbps DDoS attack, the largest ever, which surpassed the previous record of 1.7 Tbps that took place in March 2018. Amazon announced it has mitigated the largest ever DDoS attack of 2.3 Tbps, the news is surprising if we consider that the previous record was of 1.7 Tbps […]