malware

Pierluigi Paganini December 30, 2020
Google Docs bug could have allowed hackers to hijack screenshots

Google has addressed a bug in its feedback tool incorporated across its services that could have allowed attackers to view users’ private docs. Google has addressed a flaw in its feedback tool that is part of multiple of its services that could be exploited by attackers to take screenshots of sensitive Google Docs documents by […]

Pierluigi Paganini December 30, 2020
US Treasury warns of ransomware attacks on COVID-19 vaccine research

The US Treasury Department’s Financial Crimes Enforcement Network (FinCEN) warns of ransomware attacks on COVID-19 vaccine research organizations. The US Treasury Department’s Financial Crimes Enforcement Network (FinCEN) issued a noticed to warn financial institutions of ransomware attacks aimed at COVID-19 vaccine research organizations. “The Financial Crimes Enforcement Network (FinCEN) is issuing this Notice to alert […]

Pierluigi Paganini December 29, 2020
SolarWinds hackers aimed at access to victims’ cloud assets

Microsoft says that SolarWinds hackers aimed at compromising the victims’ cloud infrastructure after deploying the Solorigate backdoor (aka Sunburst). The Microsoft 365 Defender Team revealed that the goal of the threat actors behind the SolarWinds supply chain attack was to move to the victims’ cloud infrastructure once infected their network with the Sunburst/Solorigate backdoor. “With […]

Pierluigi Paganini December 29, 2020
Japanese Kawasaki Heavy Industries discloses security breach

Japanese giant Kawasaki Heavy Industries discovered unauthorized access to a Japanese company server from multiple overseas offices. Kawasaki Heavy Industries disclosed a security breach, the company discovered unauthorized access to a Japanese company server from multiple overseas offices. Information from its overseas offices might have been stolen as a result of a security breach that […]

Pierluigi Paganini December 29, 2020
CISA releases a PowerShell-based tool to detect malicious activity in Azure, Microsoft 365

Cybersecurity and Infrastructure Security Agency (CISA) released a tool for detecting potentially malicious activities in Azure/Microsoft 365 environments. The Cybersecurity and Infrastructure Security Agency (CISA)’s Cloud Forensics team has released a PowerShell-based tool, dubbed Sparrow, that can that helps administrators to detect anomalies and potentially malicious activities in Azure/Microsoft 365 environments. The tool was developed to […]

Pierluigi Paganini December 28, 2020
Threat actor is selling a dump allegedly including 2,5M customers of service provider Ho Mobile

Threat intelligence analyst discovered a threat actor that is selling a database of the Italian mobile service provider Ho mobile. Threat intelligence analyst @Bank_Security first spotted on a popular hacking forum a threat actor that is selling a database allegedly containing the database of the Italian mobile service provider Ho mobile. Ho mobile is an […]

Pierluigi Paganini December 28, 2020
Nefilim ransomware operators leak data stolen from Whirlpool

The American multinational manufacturer and marketer of home appliances Whirlpool was hit by the Nefilim ransomware gang. The American multinational manufacturer and marketer of home appliances Whirlpool suffered a ransomware attack, Nefilim ransomware operators claim to have stolen data from the company and threaten to release the full dump if the company will not pay the ransom. The leak comes after failed […]

Pierluigi Paganini December 28, 2020
E-commerce app 21 Buttons exposes millions of users’ data

Researchers discovered that the popular e-commerce app 21 Buttons was exposing private data for 100s of influencers across Europe. Researchers from cybersecurity firm vpnMentor discovered that the e-commerce app 21 Buttons was exposing private data for 100s of influencers across Europe. 21 Buttons allows users to shares photos of their outfits with links to the brands they’re […]

Pierluigi Paganini December 27, 2020
Vermont Hospital confirmed the ransomware attack

The Burlington-based University of Vermont Health Network has finally admitted that ransomware was behind the October attack. In October, threat actors hit the Wyckoff Heights Medical Center in Brooklyn and the University of Vermont Health Network. The cyber attack took place on October 28 and disrupted services at the UVM Medical Center and affiliated facilities. A […]

Pierluigi Paganini December 27, 2020
Security Affairs newsletter Round 294

A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. A massive fraud operation used mobile device emulators to steal millions from online bank accounts SolarWinds hackers also breached the US NNSA nuclear agency Clop ransomware gang paralyzed flavor and […]