IT Information Security

Pierluigi Paganini November 18, 2023
Israeli man sentenced to 80 months in prison for providing hacker-for-hire services

An Israeli hacker has been sentenced to 80 months in prison in the US for his role in a massive spear-phishing campaign. Aviram Azari (52) was sentenced to 80 months in prison for computer intrusion, wire fraud, and aggravated identity theft in connection with his involvement in a massive spear-phishing campaign targeting companies and individuals […]

Pierluigi Paganini November 18, 2023
Russian APT Gamaredon uses USB worm LitterDrifter against Ukraine

Russia-linked cyberespionage group Gamaredon has been spotted propagating a worm called LitterDrifter via USB. Check Point researchers observed Russia-linked Gamaredon spreading the worm called LitterDrifter via USB in attacks against Ukraine. Gamaredon (aka Shuckworm, Actinium, Armageddon, Primitive Bear, UAC-0010, and Trident Ursa) has been active since 2014 and its activity focuses on Ukraine, the group was observed using the multistage backdoor Pteranodon/Pterodo. The Gamaredon APT group continues to carry out […]

Pierluigi Paganini November 17, 2023
The board of directors of OpenAI fired Sam Altman

OpenAI fired its CEO Sam Altman, and the Chief technology officer Mira Murati appointed interim CEO to lead the company. Sam Altman has been removed as CEO of OpenAI. The company announced that Mira Murati, the Chief Technology Officer, has been appointed as interim CEO. He was distrusted by the board for his behavior, for […]

Pierluigi Paganini November 17, 2023
Medusa ransomware gang claims the hack of Toyota Financial Services

Toyota Financial Services discloses unauthorized activity on systems after the Medusa ransomware gang claimed to have hacked the company. Toyota Financial Services confirmed the discovery of unauthorized activity on systems in a limited number of its locations. “Toyota Financial Services Europe & Africa recently identified unauthorised activity on systems in a limited number of its […]

Pierluigi Paganini November 17, 2023
CISA adds Sophos Web Appliance bug to its Known Exploited Vulnerabilities catalog

US CISA added three new vulnerabilities (tracked as CVE-2023-36584, CVE-2023-1671, and CVE-2023-2551) to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. Below is the list of the three added vulnerabilities: According to Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known […]

Pierluigi Paganini November 17, 2023
A critical OS command injection flaw affects Fortinet FortiSIEM

Fortinet warns of a critical OS command injection vulnerability in FortiSIEM report server that could be exploited to execute arbitrary commands. Fortinet is warning customers of a critical OS command injection vulnerability, tracked as CVE-2023-36553 (CVSS score 9.3), in FortiSIEM report server. A remote, unauthenticated attacker can exploit the flaw to execute commands by sending […]

Pierluigi Paganini November 16, 2023
Zimbra zero-day exploited to steal government emails by four groups

Google TAG revealed that threat actors exploited a Zimbra Collaboration Suite zero-day (CVE-2023-37580) to steal emails from governments. Google Threat Analysis Group (TAG) researchers revealed that a zero-day vulnerability, tracked as CVE-2023-37580 (CVSS score: 6.1), in the Zimbra Collaboration email software was exploited by four different threat actors to steal email data, user credentials, and authentication tokens […]

Pierluigi Paganini November 16, 2023
Vietnam Post exposes 1.2TB of data, including email addresses

Vietnam Post Corporation, a Vietnamese government-owned postal service, exposed security logs and employee email addresses to external cyber threats Vietnam Post Corporation, a Vietnamese government-owned postal service, left its security logs and employee email addresses accessible to outside cyber snoopers, Cybernews researchers have discovered. The exposed sensitive data could spell trouble if accessed by malicious […]

Pierluigi Paganini November 16, 2023
Samsung suffered a new data breach

Samsung Electronics disclosed a data breach that exposed customer personal information to an unauthorized individual. Samsung Electronics suffered a data breach that exposed the personal information of some of its customers to an unauthorized individual. The security breach was discovered on November 13, 2023, and impacted customers who made purchases from the Samsung UK online […]

Pierluigi Paganini November 16, 2023
FBI and CISA warn of attacks by Rhysida ransomware gang

The FBI and CISA warn of attacks carried out by the Rhysida ransomware group against organizations across multiple industry sectors. FBI and CISA published a joint Cybersecurity Advisory (CSA) to warn of Rhysida ransomware attacks against organizations across multiple industry sectors. The report is part of the ongoing #StopRansomware effort that disseminates advisories about tactics, techniques, and […]