Pierluigi Paganini

Social marketplace Trustanduse exposes nearly half a million users

Security loopholes on social marketplace website trustanduse.com exposed data of around 439,000 users including many businesses for at least six months. Disclosing personal data on platforms providing digital services is always risky. The Cybernews research team identified a publicly accessible database storing up to 855GB of sensitive user and business data that belongs to social […]

The post Social marketplace Trustanduse exposes nearly half a million users appeared first on Security Affairs.

January 12, 2023
0 comment
Read More >>

Royal Mail is suffering service disruption due to a ‘cyber incident’

Royal Mail, Britain’s postal service, announced it has suffered a “cyber incident” that caused a “severe service disruption.” Royal Mail, the British multinational postal service and courier company, announced this week that a “cyber incident” has a severe impact on its operation. The incident only impacted Royal Mail’s international export services, the company said it is temporarily unable to […]

The post Royal Mail is suffering service disruption due to a ‘cyber incident’ appeared first on Security Affairs.

January 12, 2023
0 comment
Read More >>

Gootkit Loader campaign targets Australian Healthcare Industry

Threat actors are targeting organizations in the Australian healthcare sector with the Gootkit malware loader. Trend Micro researchers warn that Gootkit Loader is actively targeting the Australian healthcare industry. The experts analyzed a series of attacks and discovered that Gootkit leveraged SEO poisoning for its initial access and abused legitimate tools like VLC Media Player. […]

The post Gootkit Loader campaign targets Australian Healthcare Industry appeared first on Security Affairs.

January 12, 2023
0 comment
Read More >>

US CISA adds MS Exchange bug CVE-2022-41080 to its Known Exploited Vulnerabilities Catalog

US CISA added Microsoft Exchange elevation of privileges bug CVE-2022-41080 to its Known Exploited Vulnerabilities Catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog. The first issue, tracked as CVE-2022-41080, is a Microsoft Exchange server privilege escalation vulnerability. The issue can be chained with CVE-2022-41082 (ProxyNotShell) to […]

The post US CISA adds MS Exchange bug CVE-2022-41080 to its Known Exploited Vulnerabilities Catalog appeared first on Security Affairs.

January 11, 2023
0 comment
Read More >>

Microsoft Patch Tuesday for January 2023 fixed actively exploited zero-day

Microsoft Patch Tuesday security updates for January 2023 fixed 97 flaws and an actively exploited zero-day. Microsoft Patch Tuesday security updates for January 2023 addressed a total of 98 vulnerabilities in Microsoft Windows and Windows Components; Office and Office Components; .NET Core and Visual Studio Code, 3D Builder, Azure Service Fabric Container, Windows BitLocker, Windows […]

The post Microsoft Patch Tuesday for January 2023 fixed actively exploited zero-day appeared first on Security Affairs.

January 11, 2023
0 comment
Read More >>

StrongPity APT spreads backdoored Android Telegram app via fake Shagle site

The StrongPity APT group targeted Android users with a trojanized version of the Telegram app served through a website impersonating a video chat service called Shagle. ESET researchers reported that StrongPity APT group targeted Android users with a trojanized version of the Telegram app. The campaign has been active since November 2021, threat actors served the malicious app […]

The post StrongPity APT spreads backdoored Android Telegram app via fake Shagle site appeared first on Security Affairs.

January 11, 2023
0 comment
Read More >>

Zoom Rooms was affected by four “high” severity vulnerabilities

Zoom addressed four “high” severity vulnerabilities impacting its popular videoconferencing software Zoom Rooms. Zoom addressed four “high” severity vulnerabilities impacting its videoconferencing platform Zoom Rooms. Below are the details for the bugs addressed by the company: CVE-2022-36930 (CVSS Score 8.2) – Local Privilege Escalation in Rooms for Windows Installers. The issue affects Rooms for Windows […]

The post Zoom Rooms was affected by four “high” severity vulnerabilities appeared first on Security Affairs.

January 10, 2023
0 comment
Read More >>

Remote code execution bug discovered in the popular JsonWebToken library

The open-source jsonwebtoken (JWT) library is affected by a high-severity security flaw that could lead to remote code execution. The open-source JsonWebToken (JWT) library is affected by a high-severity security flaw, tracked as CVE-2022-23529 (CVSS score: 7.6), that could lead to remote code execution. The package is maintained by Auth0, it had over 9 million weekly downloads […]

The post Remote code execution bug discovered in the popular JsonWebToken library appeared first on Security Affairs.

January 10, 2023
0 comment
Read More >>

Kinsing malware targets Kubernetes environments via misconfigured PostgreSQL

Kinsing cryptojacking operators are exploiting misconfigured and exposed PostgreSQL servers to access Kubernetes environments. Researchers at Microsoft Defender for Cloud observed threat actors behind the Kinsing cryptojacking operation using two methods to gain initial access in Kubernetes environments: exploitation of weakly configured PostgreSQL containers and exploiting vulnerable images. The crypto-miner Kinsing was first spotted by security firm […]

The post Kinsing malware targets Kubernetes environments via misconfigured PostgreSQL appeared first on Security Affairs.

January 10, 2023
0 comment
Read More >>

Airline company Air France-KLM discloses security breach

Airline company Air France-KLM is notifying the customers of its loyalty program Flying Blue of a data breach. Airline company Air France-KLM announced it has suffered a data breach, data belonging to customers of its loyalty program Flying Blue were exposed. The Flying Blue loyalty program is used by other airlines, including Aircalin, Kenya Airways, […]

The post Airline company Air France-KLM discloses security breach appeared first on Security Affairs.

January 10, 2023
0 comment
Read More >>