Experts demonstrate how to unlock several Honda models via Rolling-PWN attack
Bad news for the owners of several Honda models, the Rolling-PWN Attack vulnerability can allow unlocking their vehicles. A team...
hacking
French telephone operator La Poste Mobile suffered a ransomware attack
French virtual mobile telephone operator La Poste Mobile was hit by a ransomware attack that impacted administrative and management services. ...
Security Affairs newsletter Round 373 by Pierluigi Paganini
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs for...
Apple Lockdown Mode will protect users against highly targeted cyberattacks
Apple plans to introduce a security feature, called Lockdown Mode, to protect its users against “highly targeted cyberattacks.” The recent wave of...
Fortinet addressed multiple vulnerabilities in several products
Fortinet released security patches to address multiple High-Severity vulnerabilities in several products of the vendor. Fortinet addressed multiple vulnerabilities in...
Previously undocumented Rozena backdoor delivered by exploiting the Follina bug
Threat actors are exploiting the disclosed Follina Windows vulnerability to distribute the previously undocumented Rozena backdoor. Fortinet FortiGuard Labs researchers...
Pamspy – Credentials Dumper For Linux Using eBPF
pamspy leverage eBPF technologies to achieve an equivalent work of 3snake. It will track a particular userland function inside the...
Ongoing Raspberry Robin campaign leverages compromised QNAP devices
Cybereason researchers are warning of a wave of attacks spreading the wormable Windows malware Raspberry Robin. Raspberry Robin is a Windows...
Evolution of the LockBit Ransomware operation relies on new techniques
Experts documented the evolution of the LockBit ransomware that leverages multiple techniques to infect targets and evade detection. The Cybereason Global...
Cisco fixed a critical arbitrary File Overwrite flaw in Enterprise Communication solutions
Cisco fixed a critical vulnerability in the Cisco Expressway series and TelePresence Video Communication Server (VCS) products. Cisco released security...
Emsisoft: Victims of AstraLocker and Yashma ransomware can recover their files for free
Emsisoft has released a free decryption tool that allows victims of the AstraLocker and Yashma ransomware to recover their files...
Haxx – Untethered + Unsandboxed Code Execution Haxx As Root On iOS 14 – iOS 14.8.1
Untethered + Unsandboxed code execution haxx as root on iOS 14 - iOS 14.8.1. Based on CoreTrustDemo, also please note...
Discussing the risks of bullying for anonymous social app NGL
This is a transcription of my complete interview with the program NEWSFEED at TRT, during which we discussed NGL software...
Russian Cybercrime Trickbot Group is systematically attacking Ukraine
The operators behind the TrickBot malware are systematically targeting Ukraine since the beginning of the war in February 2022. IBM...
New Checkmate ransomware target QNAP NAS devices
Taiwanese vendor QNAP wars of a new strain of ransomware, dubbed Checkmate, that is targeting its NAS devices. The Taiwanese...
Large-scale cryptomining campaign is targeting the NPM JavaScript package repository
Researchers uncovered a large-scale cryptocurrency mining campaign targeting the NPM JavaScript package repository. Checkmarx researchers spotted a new large-scale cryptocurrency...
North Korea-linked APTs use Maui Ransomware to target the Healthcare industry
US authorities have issued a joint advisory warning of North Korea-linked APTs using Maui ransomware in attacks against the Healthcare...
ENISA released the Threat Landscape Methodology
I’m proud to announce that the European Union Agency for Cybersecurity, ENISA, has released the Threat Landscape Methodology. Policy makers,...
OrBit, a new sophisticated Linux malware still undetected
Cybersecurity researchers warn of new malware, tracked as OrBit, which is a fully undetected Linux threat. Cybersecurity researchers at Intezer...
OpenSSL version 3.0.5 fixes a flaw that could potentially lead to RCE
The development team behind the OpenSSL project fixed a high-severity bug in the library that could potentially lead to remote code execution....
Marriott International suffered a new data breach, attackers stole 20GB of data
Hotel chain Marriott International suffered a new data breach, a threat actor has stolen 20GB from the company. Hotel chain...
CrackQL – GraphQL Password Brute-Force And Fuzzing Utility
CrackQL is a GraphQL password brute-force and fuzzing utility. CrackQL is a versatile GraphQL penetration testing tool that exploits poor...
Cyberattacks against law enforcement are on the rise
Experts observed an increase in malicious activity targeting law enforcement agencies at the beginning of Q2 2022. Resecurity, a Los...
Less popular, but very effective, Red-Teaming Tool BRc4 used in attacks in the wild
Threat actors are abusing legitimate adversary simulation software BRc4 in their campaigns to evade detection. Researchers from Palo Alto Networks...
