Reports

Pierluigi Paganini April 13, 2022
JekyllBot:5 flaws allow hacking TUG autonomous mobile robots in hospitals

Researchers discovered five vulnerabilities that can be exploited to remotely hack hospital Aethon’s TUG autonomous mobile robots. Researchers at healthcare IoT security firm Cynerio discovered a collection of five vulnerabilities impacting TUG autonomous mobile robots, collectively named JekyllBot:5, that could be exploited by remote attackers to hack the devices. According to a US CISA advisory, the […]

Pierluigi Paganini March 19, 2022
Avoslocker ransomware gang targets US critical infrastructure

The Federal Bureau of Investigation (FBI) reported that AvosLocker ransomware is being used in attacks targeting US critical infrastructure. The Federal Bureau of Investigation (FBI) published a joint cybersecurity advisory warning of AvosLocker ransomware attacks targeting multiple US critical infrastructure. The advisory was published in coordination with the US Treasury Department and the Financial Crimes Enforcement Network […]

Pierluigi Paganini March 08, 2022
Access:7 flaws impact +150 device models from over 100 manufacturers

Many IoT and medical devices are affected by seven serious flaws, collectively tracked as Access:7, in widely used Axeda platform. Researchers from medical device cybersecurity company CyberMDX have discovered seven serious flaws, collectively tracked as Access:7, in the widely used Axeda platform of IIoT solutions provider PTC. “Access:7 could enable hackers to remotely execute malicious […]

Pierluigi Paganini February 23, 2022
Researchers shared technical details of NSA Equation Group’s Bvp47 backdoor

Pangu Lab researchers disclosed details of the Bvp47 backdoor that was used by the US NSA Equation Group. Researchers from The China’s Pangu Lab have disclosed details of a Linux top-tier APT backdoor, tracked as Bvp47, which is associated with the U.S. National Security Agency (NSA) Equation Group. The name “Bvp47” comes form numerous references to […]

Pierluigi Paganini February 21, 2022
Threat Report Portugal: Q4 2021

The Threat Report Portugal: Q4 2021 compiles data collected on the malicious campaigns that occurred from October to December, Q4, of 2021. The Portuguese Abuse Open Feed 0xSI_f33d is an open sharing database with the ability to collect indicators from multiple sources, developed and maintained by Segurança-InformĂĄtica. This feed is based on automatic searches and is also supported […]

Pierluigi Paganini February 14, 2022
BlackByte ransomware breached at least 3 US critical infrastructure organizations

The US Federal Bureau of Investigation (FBI) said that the BlackByte ransomware gang has breached at least three organizations from US critical infrastructure sectors. The US Federal Bureau of Investigation (FBI) published a joint cybersecurity advisory with the US Secret Services which revealed that the BlackByte ransomware group has breached at least three organizations from US critical […]

Pierluigi Paganini February 12, 2022
Organizations are addressing zero-day vulnerabilities more quickly, says Google

Organizations are addressing zero-day vulnerabilities more quickly, compared to last year, Google’s Project Zero reported. According to Google’s Project Zero researchers, organizations are addressing zero-day vulnerabilities more quickly, compared to last year. Software vendors took an average of 52 days to address vulnerabilities reported from Project Zero while 3 years ago the average was of […]

Pierluigi Paganini January 31, 2022
Americans lost $770 million from social media fraud in 2021, FTC reports

A report from the US Federal Trade Commission (FTC) revealed that in 2021 Americans lost $770 million from social media frauds The US Federal Trade Commission (FTC) revealed that in 2021 Americans lost $770 million from social media frauds. These data are the result of the increased exposure of netizens through social media. The US […]

Pierluigi Paganini December 17, 2021
PseudoManuscrypt, a mysterious massive cyber espionage campaign

Tens of thousands of devices worldwide, including many industrial control systems (ICS), have been hit by the PseudoManuscrypt spyware. Kaspersky researchers reported that tens of thousands of devices belonging to industrial and government organizations worldwide have been hit by the PseudoManuscrypt spyware. The name PseudoManuscrypt comes from the similarities with the Manuscrypt malware used by the North Korea-linked […]

Pierluigi Paganini November 20, 2021
Study reveals top 200 most common passwords

The annual study on top-used passwords published by Nordpass revealed that we are still using weak credentials that expose us to serious risks. Nordpass has published its annual report, titled “Top 200 most common passwords,” on the use of passwords. The report shows that we are still using weak passwords. The list of passwords was […]