Blog and Security - Information Management Today

Security Affairs newsletter Round 369 by Pierluigi Paganini

Security Affairs

JUNE 12, 2022

A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs for free in your email box. Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS. To nominate, please visit:?. Pierluigi Paganini.

Security

Security Ransomware Cybersecurity Encryption

Security Affairs newsletter Round 367 by Pierluigi Paganini

Security Affairs

MAY 29, 2022

A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs for free in your email box. Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS. To nominate, please visit:?. Pierluigi Paganini.

Security

Security Cybersecurity Ransomware Government

The source code of Banshee Stealer leaked online

Security Affairs

NOVEMBER 26, 2024

Researchers at Elastic Security Labs analyzed the malware and confirmed it can steal keychain passwords and data from multiple browsers. A list of these extension IDs is provided at the end of the blog post.” reads the report published by Elastic Security Labs.

Archiving

Archiving Encryption Passwords IT

Webinars

Automation, Evolved: Your New Playbook For Smarter Knowledge Work

MORE WEBINARS

North Korea-linked Zinc group posed as Samsung recruiters to target security firms

Security Affairs

NOVEMBER 28, 2021

North Korea-linked threat actors posed as Samsung recruiters in a spear-phishing campaign aimed at employees at South Korean security firms. North Korea-linked APT group posed as Samsung recruiters is a spear-phishing campaign that targeted South Korean security companies that sell anti-malware solutions, Google TAG researchers reported.

Security

Security Phishing Information Security Communications

China-linked Moshen Dragon abuses security software to sideload malware

Security Affairs

MAY 3, 2022

The threat actor systematically utilized software distributed by security vendors to sideload ShadowPad and PlugX variants.” The attackers focused on the hijacking of programs belonging to security vendors, including Symantec, TrendMicro, BitDefender, McAfee and Kaspersky. .”Once To nominate, please visit:?

Security

Security Military Insurance Cybersecurity

U.S. CISA adds Cisco Smart Licensing Utility flaw to its Known Exploited Vulnerabilities catalog

Security Affairs

MARCH 31, 2025

Cybersecurity and Infrastructure Security Agency (CISA) adds Cisco Smart Licensing Utility flaw to its Known Exploited Vulnerabilities catalog. Cybersecurity and Infrastructure Security Agency (CISA) added a Cisco Smart Licensing Utility vulnerability, tracked as CVE-2024-20439 , to its Known Exploited Vulnerabilities (KEV) catalog.

IT

IT Cybersecurity Access Passwords

Strategies for Securing Your Supply Chain

IT Governance

OCTOBER 23, 2024

What to do when your ‘supply chain’ is really a ‘supply loop’ When I asked Bridget Kenyon – CISO (chief information security officer) for SSCL, lead editor for ISO 27001:2022 and author of ISO 27001 Controls – what she’d like to cover in an interview, she suggested supply chain security. How can you secure a ‘supply loop’?

Security

Security Information Security Risk Access

How to Create a Strong Security Culture

IT Governance

NOVEMBER 18, 2024

Getting a greater return on investment on your security measures We all have a responsibility for security. But to ensure that all staff truly take note of security and apply the knowledge gained from any staff awareness training , security should be embedded in your organisation’s culture.

Security

Security Security awareness Phishing Information Security

Experts warn of mass exploitation of Ivanti Connect Secure VPN flaws

Security Affairs

JANUARY 16, 2024

Experts warn that recently disclosed Ivanti Connect Secure VPN and Policy Secure vulnerabilities are massively exploited in the wild. x and Ivanti Policy Secure. is a command injection vulnerability in web components of Ivanti Connect Secure (9.x, x) and Ivanti Policy Secure. reads the advisory published by Ivanti.

Security

Security Authentication Military Government

Fulton County, Security Experts Call LockBit’s Bluff

Krebs on Security

FEBRUARY 29, 2024

Security experts say LockBit was likely bluffing and probably lost most of the data when the gang’s servers were seized this month by U.S. “So the best thing for them to do would be to delete all other entries from their blog and stop defrauding honest people.” law enforcement. We have no control over that.

Security

Security Ransomware IT Access

Microsoft Announces Security Update with Windows Resiliency Initiative

eSecurity Planet

DECEMBER 4, 2024

Microsoft recently announced that they’re making changes to their Windows operating system to improve security and reliability. During the Ignite 2024 conference, Microsoft announced the Windows Resiliency Initiative to address these security concerns.

Security

Security Phishing Encryption Passwords

Gladinet flaw CVE-2025-30406 actively exploited in the wild

Security Affairs

APRIL 15, 2025

Security researchers at Huntress warn of attacks in the wild exploiting a critical vulnerability, tracked as CVE-2025-30406 , in Gladinet CentreStack and Triofox software. The application uses a hardcoded or improperly protected machineKey in the IIS web.config file, which is responsible for securing ASP.NET ViewState data.

Cybersecurity

Cybersecurity Risk Security IT

CISA published 2021 Top 15 most exploited software vulnerabilities

Security Affairs

APRIL 28, 2022

Cybersecurity and Infrastructure Security Agency (CISA) published a list of 2021’s top 15 most exploited software vulnerabilities. Cybersecurity and Infrastructure Security Agency (CISA) published the list of 2021’s top 15 most exploited software vulnerabilities. To nominate, please visit:? Pierluigi Paganini.

Cybersecurity

Cybersecurity Security Risk Government

Asian media company Nikkei suffered a ransomware attack

Security Affairs

MAY 21, 2022

This week the company disclosed a security breach, ransomware infected one of its servers at a Singapore branch. The post Asian media company Nikkei suffered a ransomware attack appeared first on Security Affairs. Nikkei reported the attack to Japanese and Singaporean authorities and is investigating the extent of the attack.

Ransomware

Ransomware Data breaches Cybersecurity Security

Black Basta ransomware now supports encrypting VMware ESXi servers

Security Affairs

JUNE 8, 2022

Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS. Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g.

Encryption

Encryption Ransomware Cybersecurity Security

Boost Your Security Posture With Objective-Based Penetration Testing

IT Governance

NOVEMBER 6, 2024

To maximise value from your security investments , your measures must be effective How can you be confident your measures are fit for purpose – and prove it to stakeholders like customers, partners and regulators? Our head of security testing, James Pickard, explains further. In this interview Is your security programme effective?

Security

Security Risk Data breaches Access

Lockbit ransomware gang claims to have hacked cybersecurity giant Mandiant

Security Affairs

JUNE 6, 2022

LockBit ransomware gang claims to have hacked the cybersecurity firm Mandiant, which is investigating the alleged security breach. Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Ransomware

Ransomware Cybersecurity Archiving Security

CISA adds 41 flaws to its Known Exploited Vulnerabilities Catalog

Security Affairs

MAY 25, 2022

US Critical Infrastructure Security Agency (CISA) adds 41 new vulnerabilities to its Known Exploited Vulnerabilities Catalog. Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS. To nominate, please visit:?. Follow me on Twitter: @securityaffairs and Facebook.

IT

IT Cybersecurity Security Risk

Experts uncovered over 3.6M accessible MySQL servers worldwide

Security Affairs

JUNE 1, 2022

Secure Deployment Guide and MySQL 8.0 Secure Deployment Guide for the deployment of their servers. Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS. Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g.

Access

Access Authentication Cybersecurity Security

CISA adds VMware, Chrome flaws to its Known Exploited Vulnerabilities Catalog

Security Affairs

APRIL 18, 2022

The Cybersecurity and Infrastructure Security Agency (CISA) added a VMware privilege escalation flaw (CVE-2022-22960) and a Google Chrome type confusion issue (CVE-2022-1364) to its Known Exploited Vulnerabilities Catalog. CISA added the CVE-2022-24521 Microsoft Windows CLFS Driver Privilege Escalation Vulnerability to its Catalog.

IT

IT Cybersecurity Risk Security

A new WhatsApp OTP scam could allow the hijacking of users’ accounts

Security Affairs

MAY 30, 2022

Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS. Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog”).

Cybersecurity

Cybersecurity Security IT Information Security

Experts believe that Russian Gamaredon APT could fuel a new round of DDoS attacks

Security Affairs

MAY 28, 2022

Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS. Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog”).

Phishing

Phishing Cybersecurity Security IT

Ransomware gangs are exploiting CVE-2022-26134 RCE in Atlassian Confluence servers

Security Affairs

JUNE 12, 2022

Researchers from security firm Prodaft first reported that AvosLocker ransomware operators have already started exploiting the Atlassian Confluence bug, BleepingComputer reported. Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS. Pierluigi Paganini.

Ransomware

Ransomware Cybersecurity Encryption Security

GitLab addressed critical account take over via SCIM email change

Security Affairs

JUNE 4, 2022

GitLab addresses a critical security vulnerability, tracked as CVE-2022-1680, that could be exploited by an attacker to take over users’ accounts. GitLab has fixed a critical security flaw in its GitLab Enterprise Edition (EE), tracked as CVE-2022-1680 (CVSS score 9.9), that could be exploited to take over an account.

Security

Security Cybersecurity IT Information Security

CVE-2022-22292 flaw could allow hacking of Samsung Android devices

Security Affairs

APRIL 7, 2022

deleting all user data), make phone calls (including to emergency numbers such as 911), install/uninstall apps, weaken HTTPS security by installing arbitrary root certificates , all from untrusted apps running in the background and without end-user approval.” ” reads the advisory published by Kryptowire. Pierluigi Paganini.

Cybersecurity

Cybersecurity Security Access Information Security

Multiple Microsoft Office versions impacted by an actively exploited zero-day

Security Affairs

MAY 30, 2022

Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS. Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog”).

Cybersecurity

Cybersecurity Security IT Information Security

North Korea-linked Lazarus APT uses Log4J to target VMware servers

Security Affairs

MAY 22, 2022

Multiple threat actors are exploiting this flaw since January, in January VMware urged customers to patch critical Log4j security vulnerabilities impacting Internet-exposed VMware Horizon servers targeted in ongoing attacks. The post North Korea-linked Lazarus APT uses Log4J to target VMware servers appeared first on Security Affairs.

Communications

Communications Cybersecurity Security Access

CVE-2021-3490 – Pwning Linux kernel eBPF on Ubuntu machines

Security Affairs

JULY 30, 2021

The security researcher Manfred Paul of the RedRocket CTF team released the exploit code for a high-severity privilege escalation bug, tracked as CVE-2021-3490, in Linux kernel eBPF (Extended Berkeley Packet Filter). So excited to finally release my blog post- Kernel Pwning with eBPF: a Love Story.

Security

Security IT Cybersecurity Information Security

Reuters: Russia-linked APT behind Brexit leak website

Security Affairs

MAY 28, 2022

”” Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS. Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g.

Cybersecurity

Cybersecurity Authentication Security IT

CVE-2021-31805 RCE bug in Apache Struts was finally patched

Security Affairs

APRIL 13, 2022

Using forced OGNL evaluation on untrusted user input can lead to a Remote Code Execution and security degradation.”. Using forced OGNL evaluation on untrusted user input can lead to a Remote Code Execution and security degradation.” Forced OGNL evaluation on untrusted input it is possible to achieve remote code execution.

Security

Security Cybersecurity IT Information Security

Critical bug in decoder used by popular chipsets exposes 2/3 of Android devices to hack

Security Affairs

APRIL 21, 2022

Security researchers at Check Point Research have discovered a critical remote code execution that affects the implementation of the Apple Lossless Audio Codec (ALAC) in Android devices running on Qualcomm and MediaTek chipsets. ” The security firm responsibly shared its findings with MediaTek and Qualcomm and helped them to fix it.

Access

Access Security Cybersecurity IT

Chaining Zoom bugs is possible to hack users in a chat by sending them a message

Security Affairs

MAY 25, 2022

Security flaws in Zoom can be exploited to compromise another user over chat by sending specially crafted messages. A set of four security flaws in the popular video conferencing service Zoom could be exploited to compromise another user over chat by sending specially crafted Extensible Messaging and Presence Protocol ( XMPP ) messages.

Security

Security Cybersecurity IT Information Security

New DFSCoerce NTLM relay attack allows taking control over Windows domains

Security Affairs

JUNE 21, 2022

The security researcher Filip Dragovic published a proof-of-concept script for the new NTLM relay attack. Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS. Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g.

Authentication

Authentication Cybersecurity Security IT

A North Korean Hacker Tricked a US Security Vendor Into Hiring Him—and Immediately Tried to Hack Them

WIRED Threat Level

JULY 26, 2024

KnowBe4 detailed the incident in a recent blog post as a warning for other potential targets.

Security

The Pwn2Own Vancouver 2022: Trend Micro and ZDI awarded $1,155,000

Security Affairs

MAY 22, 2022

nghiadt12 from Viettel Cyber Security demonstrated an exploit for an escalation of privilege via Integer Overflow on Microsoft Windows 11. The post The Pwn2Own Vancouver 2022: Trend Micro and ZDI awarded $1,155,000 appeared first on Security Affairs. The exploit was awarded $40,000 and 4 Master of Pwn points. Pierluigi Paganini.

Cybersecurity

Cybersecurity Security Access IT

Hackers stole over $250,000 in Ethereum from Bored Ape Yacht Club

Security Affairs

JUNE 5, 2022

Hackers have stolen over $250,000 in Ethereum from Bored Ape Yacht Club (BAYC), this is the third security breach it suffered this year. Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS. Follow me on Twitter: @securityaffairs and Facebook. Pierluigi Paganini.

Phishing

Phishing Blockchain Cybersecurity Authentication

Clipminer Botnet already allowed operators to make at least $1.7 Million

Security Affairs

JUNE 3, 2022

million, according to a report published by security researchers at Symantec. Security Affairs is one of the finalists for the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS. Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g. million in illicit gains.

Mining

Mining Archiving Security Cybersecurity

Threat actors target the infoSec community with fake PoC exploits

Security Affairs

MAY 22, 2022

“Usually, people working in information security or TAs use exploits to check for vulnerabilities. The post Threat actors target the infoSec community with fake PoC exploits appeared first on Security Affairs. The malware executes a PowerShell command using cmd.exe to deliver the actual payload which is a Cobalt-Strike Beacon.

Libraries

Libraries Information Security Cybersecurity Security

Experts released PoC exploit code for critical VMware CVE-2022-22972 flaw

Security Affairs

MAY 26, 2022

Security researchers released PoC exploit code for the critical authentication bypass vulnerability CVE-2022-22972 affecting multiple VMware products. The company acknowledged Bruno López of Innotec Security for the discovery of the flaw. Please vote for Security Affairs and Pierluigi Paganini in every category that includes them (e.g.

Authentication

Authentication Cybersecurity Access Education

OpRussia update: Anonymous breached other organizations

Security Affairs

MAY 14, 2022

Please vote for Security Affairs as the best European Cybersecurity Blogger Awards 2022 – VOTE FOR YOUR WINNERS Vote for me in the sections “The Underdogs – Best Personal (non-commercial) Security Blog” and “The Tech Whizz – Best Technical Blog” and others of your choice.

Archiving

Archiving Mining Government Cybersecurity

Russia-linked Armageddon APT targets Ukrainian state organizations, CERT-UA warns

Security Affairs

APRIL 5, 2022

Ukraine CERT-UA published a security advisory to warn of spear-phishing attacks conducted by Russia-linked Armageddon APT (aka Gamaredon , Primitive Bear, Armageddon, Winterflounder, or Iron Tilden) targeting local state organizations. The Ukraine CERT-UA published indicators of compromise (IoCs) for this campaign. Pierluigi Paganini.

Military

Military Phishing Archiving File names

Microsoft Patch Tuesday updates for May 2022 fixes 3 zero-days, 1 under active attack

Security Affairs

MAY 10, 2022

Microsoft Patch Tuesday security updates for May 2022 address three zero-day vulnerabilities, one of them actively exploited. Microsoft Patch Tuesday security updates for May 2022 addressed three zero-day vulnerabilities, one of which is under active attack. ” read the advisory published by Microsoft. Pierluigi Paganini.

Authentication

Authentication Security Cybersecurity IT

Google OAuth client library flaw allowed to deploy of malicious payloads

Security Affairs

MAY 19, 2022

or above” The vulnerability was reported by the security researcher Tamjid Al Rahat on March 12, the issue was awarded $5,000 as part of the company bug bounty program. The post Google OAuth client library flaw allowed to deploy of malicious payloads appeared first on Security Affairs. We recommend upgrading to version 1.33.3

Libraries

Libraries Authentication Cybersecurity Security

Three Nigerian men arrested in INTERPOL Operation Killer Bee

Security Affairs

MAY 30, 2022

Through its global police network and constant monitoring of cyberspace, INTERPOL had the globally sourced intelligence needed to alert Nigeria to a serious security threat where millions could have been lost without swift police action,” said INTERPOL’s Director of Cybercrime, Craig Jones. Omorume faces a one-year prison sentence. .

Cybersecurity

Cybersecurity Security Access IT

Security Affairs newsletter Round 369 by Pierluigi Paganini

Security Affairs newsletter Round 367 by Pierluigi Paganini

Webinars

Trending Sources

The source code of Banshee Stealer leaked online

Webinars

North Korea-linked Zinc group posed as Samsung recruiters to target security firms

China-linked Moshen Dragon abuses security software to sideload malware

U.S. CISA adds Cisco Smart Licensing Utility flaw to its Known Exploited Vulnerabilities catalog

Strategies for Securing Your Supply Chain

How to Create a Strong Security Culture

Experts warn of mass exploitation of Ivanti Connect Secure VPN flaws

Fulton County, Security Experts Call LockBit’s Bluff

Microsoft Announces Security Update with Windows Resiliency Initiative

Gladinet flaw CVE-2025-30406 actively exploited in the wild

CISA published 2021 Top 15 most exploited software vulnerabilities

Asian media company Nikkei suffered a ransomware attack

Black Basta ransomware now supports encrypting VMware ESXi servers

Boost Your Security Posture With Objective-Based Penetration Testing

Lockbit ransomware gang claims to have hacked cybersecurity giant Mandiant

CISA adds 41 flaws to its Known Exploited Vulnerabilities Catalog

Experts uncovered over 3.6M accessible MySQL servers worldwide

CISA adds VMware, Chrome flaws to its Known Exploited Vulnerabilities Catalog

A new WhatsApp OTP scam could allow the hijacking of users’ accounts

Experts believe that Russian Gamaredon APT could fuel a new round of DDoS attacks

Ransomware gangs are exploiting CVE-2022-26134 RCE in Atlassian Confluence servers

GitLab addressed critical account take over via SCIM email change

CVE-2022-22292 flaw could allow hacking of Samsung Android devices

Multiple Microsoft Office versions impacted by an actively exploited zero-day

North Korea-linked Lazarus APT uses Log4J to target VMware servers

CVE-2021-3490 – Pwning Linux kernel eBPF on Ubuntu machines

Reuters: Russia-linked APT behind Brexit leak website

CVE-2021-31805 RCE bug in Apache Struts was finally patched

Critical bug in decoder used by popular chipsets exposes 2/3 of Android devices to hack

Chaining Zoom bugs is possible to hack users in a chat by sending them a message

New DFSCoerce NTLM relay attack allows taking control over Windows domains

A North Korean Hacker Tricked a US Security Vendor Into Hiring Him—and Immediately Tried to Hack Them

The Pwn2Own Vancouver 2022: Trend Micro and ZDI awarded $1,155,000

Hackers stole over $250,000 in Ethereum from Bored Ape Yacht Club

Clipminer Botnet already allowed operators to make at least $1.7 Million

Threat actors target the infoSec community with fake PoC exploits

Experts released PoC exploit code for critical VMware CVE-2022-22972 flaw

OpRussia update: Anonymous breached other organizations

Russia-linked Armageddon APT targets Ukrainian state organizations, CERT-UA warns

Microsoft Patch Tuesday updates for May 2022 fixes 3 zero-days, 1 under active attack

Google OAuth client library flaw allowed to deploy of malicious payloads

Three Nigerian men arrested in INTERPOL Operation Killer Bee

Stay Connected