Luca Donetti Dontin Il sito di un pazzo sistemista!

Top CVEs Actively Exploited by People’s Republic of China State-Sponsored Cyber Actors   

Original release date: October 6, 2022 CISA, the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) have released a joint Cybersecurity Advisory (CSA) providing the top Common Vulnerabilities and Exposures (CVEs) used since 2020 by People’s Republic of China (PRC) state-sponsored cyber…

Continue reading →

Vulnerabilità in RealVNC (AL01/221004/CSIRT-ITA)

Rilevata una vulnerabilità nell’installer relativo ai software per la gestione remota dei dispositivi RealVNC VNC Server e VNC Viewer. Tale vulnerabilità, qualora sfruttata, potrebbe permettere l’elevazione dei privilegi sui dispositivi interessati tramite la manipolazione del componente MSI installer Repair. Source link Author: csirt@alfacert.gov.it Article used…

Continue reading →

Impacket and Exfiltration Tool Used to Steal Sensitive Information from Defense Industrial Base Organization

Original release date: October 4, 2022 CISA, the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) have released a joint Cybersecurity Advisory (CSA), Impacket and Exfiltration Tool Used to Steal Sensitive Information from Defense Industrial Base Organization, highlighting advanced persistent threat (APT)…

Continue reading →

Aggiornamenti WithSecure (AL02/221004/CSIRT-ITA)

Aggiornamenti di sicurezza WithSecure – precedentemente noto come F-Secure – risolvono una vulnerabilità di sicurezza nei prodotti Endpoint Protection. Tale vulnerabilità, qualora sfruttata, potrebbe permettere la compromissione della disponibilità del servizio sui dispositivi interessati. Source link Author: csirt@alfacert.gov.it Article used for cyber security disclosure.

Continue reading →

Microsoft Releases Guidance on Zero-Day Vulnerabilities in Microsoft Exchange Server

Original release date: September 30, 2022 | Last revised: October 1, 2022 Microsoft has released Customer Guidance for Reported Zero-day Vulnerabilities in Microsoft Exchange Server. According to the blog post, “Microsoft is aware of limited targeted attacks using the two vulnerabilities to get into users’…

Continue reading →

Vulnerabilità 0-day in Exchange Server (AL03/220930/CSIRT-ITA) – Aggiornamento

Rilevato lo sfruttamento attivo in rete di 2 vulnerabilità di tipo “0-day” presenti nel prodotto Microsoft Exchange server. Source link Author: csirt@alfacert.gov.it Article used for cyber security disclosure.

Continue reading →

Drupal Releases Security Update

Original release date: September 30, 2022 Drupal has released a security update to address a vulnerability affecting multiple versions of Drupal. An attacker could exploit this vulnerability to access sensitive information. For advisories addressing lower severity vulnerabilities, see Drupal’s Security advisories. CISA encourages users and…

Continue reading →

Rilevata la diffusione del malware Chaos (AL01/220930/CSIRT-ITA)

Ricercatori di sicurezza hanno recentemente rilevato la distribuzione di un nuovo malware, denominato Chaos, volto a compromettere i server Windows e Linux al fine di inserirli in una botnet per future attività di post-exploitation. Source link Author: csirt@alfacert.gov.it Article used for cyber security disclosure.

Continue reading →

Page 1 of 28 1 2 3 4 5 ... Last →