Security

Pierluigi Paganini January 19, 2024
The Quantum Computing Cryptopocalypse – I’ll Know It When I See It

Can quantum computing break cryptography? Can it do it within a person’s lifetime? Will it be a cryptopocalypse, as some experts suggest? Can quantum computing break cryptography? Sure, it can. Can it do it within a person’s lifetime? Yes. In fact, it will likely achieve this sometime within your career. Will it be a cryptopocalypse, […]

Pierluigi Paganini January 19, 2024
Kansas State University suffered a serious cybersecurity incident

Kansas State University (K-State) suffered a cybersecurity incident that has disrupted part of its network and services. Kansas State University (K-State) suffered a cybersecurity incident that impacted a portion of its network and services. On January, 16, 2023, the University K-State announced it was experiencing a disruption to certain network systems, including VPN, K-State Today […]

Pierluigi Paganini January 18, 2024
CISA adds Chrome and Citrix NetScaler to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Chrome and Citrix flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. This week Citrix warned customers to install security updates to address two actively exploited zero-day vulnerabilities, tracked as CVE-2023-6548 and CVE-2023-6549, […]

Pierluigi Paganini January 18, 2024
Google TAG warns that Russian COLDRIVER APT is using a custom backdoor

Google warns that the Russia-linked threat actor COLDRIVER expands its targeting and is developing a custom malware. The ColdRiver APT (aka “Seaborgium“, “Callisto”, “Star Blizzard”, “TA446”) is a Russian cyberespionage group that has been targeting government officials, military personnel, journalists and think tanks since at least 2015. In the past, the group’s activity involved persistent phishing […]

Pierluigi Paganini January 17, 2024
Pro-Russia group hit Swiss govt sites after Zelensky visit in Davos

Switzerland believes that the attack claimed by pro-Russian group NoName that hit the government websites is retaliation for Zelensky’s presence at Davos. Switzerland believes that the cyberattack carried out by pro-Russia group NoName disrupted access to some government websites, following Ukrainian President Volodymyr Zelensky’s visit to Davos. “We took a look at Switzerland, where the World Economic […]

Pierluigi Paganini January 17, 2024
Github rotated credentials after the discovery of a vulnerability

GitHub rotated some credentials after the discovery of a flaw that allowed access to the environment variables of a production container. After GitHub became aware of a vulnerability through its bug bounty program, the Microsoft-owned company rotated some credentials. The vulnerability, tracked as CVE-2024-0200 (CVSS score 7.2), allowed access to the environment variables of a production container […]

Pierluigi Paganini January 16, 2024
Google fixed the first actively exploited Chrome zero-day of 2024

Google has addressed the first Chrome zero-day vulnerability of the year that is actively being exploited in the wild. Google has released security updates to address the first Chrome zero-day vulnerability of the year that is actively being exploited in the wild. The high-serverity vulnerability, tracked as CVE-2024-0519, is an out of bounds memory access […]

Pierluigi Paganini January 16, 2024
Atlassian fixed critical RCE in older Confluence versions

Atlassian warns of a critical remote code execution issue in Confluence Data Center and Confluence Server that impacts older versions. Atlassian warns of a critical remote code execution vulnerability, tracked as CVE-2023-22527 (CVSS score 10.0), in Confluence Data Center and Confluence Server that impacts older versions. The vulnerability is a template injection vulnerability that can […]

Pierluigi Paganini January 16, 2024
VMware fixed a critical flaw in Aria Automation. Patch it now!

VMware warns customers of a critical vulnerability impacting its Aria Automation multi-cloud infrastructure automation platform. VMware Aria Automation (formerly vRealize Automation) is a modern cloud automation platform that simplifies and streamlines the deployment, management, and governance of cloud infrastructure and applications. It provides a unified platform for automating tasks across multiple cloud environments, including VMware […]

Pierluigi Paganini January 16, 2024
Experts warn of a vulnerability affecting Bosch BCC100 Thermostat

Researchers warn of high-severity vulnerability affecting Bosch BCC100 thermostats. Researchers from Bitdefender discovered a high-severity vulnerability affecting Bosch BCC100 thermostats. The researchers discovered a vulnerability, tracked as CVE-2023-49722 (CVSS score: 8.3), that can be exploited by an attacker on the same network to replace the device firmware with a rogue version. The vulnerability was reported […]