Il dominio italiano di Excite riutilizzato in una campagna di malspam via PEC
Questo fine settimana è stata identificata e contrastata una campagna malevola che utilizzava alcuni account PEC compromessi per colpire altri utenti di Posta Elettronica Certificata.

by CERT-AgID - https://r.zerozone.it/post/k9eUk5vf5BaMqkZVZ

🏴‍☠️ Blackbasta has just published a new victim: thompsoncreek.com
Thompson Creek® Window Company is the Mid-Atlantic region’s premier home improvement replacement products company. We have been customizing and manufacturing replacement windows, doors, gutters, siding and roofing in the Mid-Atlantic region since 1980.SITE: www.thompsoncreek.com Address : 4200 Parliament Place Suite 600 Lanham, MD 20706 USAALL DATA SIZE: ≈750gb 1. Corporate [...]

by Ransomware live - https://r.zerozone.it/post/MgWb33hHcpsh8gh2r

🏴‍☠️ Blackbasta has just published a new victim: northernsafety.com
Northern Safety Co., Inc. operates as a personal safety equipment distributor company. The Company offers disposable respirators, earplugs, first aid kits, gloves, hard hats, safety glasses, safety supplies, traffic work boots, and fall harnesses. Northern Safety serves customers in the United States.SITE: www.northernsafety.com Address : 761 S. Danny Thomas Blvd. [...]

by Ransomware live - https://r.zerozone.it/post/4EVS5bdwMwBmU8AwU

Ivanti: rilevato sfruttamento in rete della CVE-2024-8190 relativa al prodotto Cloud Service Appliance
(AL01/240916/CSIRT-ITA)
Rilevato lo sfruttamento attivo in rete della vulnerabilità CVE-2024-8190 – già sanata dal vendor – che interessa la soluzione Cloud Service Appliance (CSA) di Ivanti, appliance di rete per la gestione e la protezione dei dispositivi aziendali connessi a Internet.

by CSIRT - https://r.zerozone.it/post/9ybGSkeGezCnstdCm

🏴‍☠️ Everest has just published a new victim: MCNA Dental 1 million patients records
Company has the last 24 hours to contact us using the instructions left.In case of silence, all data will be published More than 1 million personal EMR’s + different internal company documents https://www.mcna.net/[redacted] Example :5511310,NICOLE M GARCIA,2901 BAYARD ST,LAREDO, TX 78046,12/07/2005,(956) 949-0951,4174985,526285913,MATTHEW A STAAT,3768,MCNA,Eligible,2019-01-08 00:00:00,2018-11-20 00:00:00,2019-01-08 00:00:00,2016-07-26 00:00:00,2016-07-26 00:00:00,4. 1 [...]

by Ransomware live - https://r.zerozone.it/post/cPFyKh1Zkmr4K27jq

Vulnerabilità in prodotti Solarwinds
(AL03/240916/CSIRT-ITA)
Risolte 2 vulnerabilità di sicurezza, di cui una con gravità “critica” in SolarWinds Access Rights Manager (ARM), software utilizzato per la gestione e l’audit dei diritti di accesso degli utenti ai sistemi, ai dati e ai file. Tale vulnerabilità, qualora sfruttata, potrebbe consentire a un utente malintenzionato remoto l’esecuzione di [...]

by CSIRT - https://r.zerozone.it/post/bj3ZH4kzzbhHZX6ec

Vulnerabilità in prodotti D-Link
(AL02/240916/CSIRT-ITA)
Rilevate 4 nuove vulnerabilità di sicurezza, di cui tre con gravità “critica”, che interessano alcuni modelli di router wifi D-Link. Tali vulnerabilità potrebbero permettere ad un utente malevolo la possibilità di eseguire codice arbitrario sui dispositivi target, anche mediante credenziali codificate all’interno del software.

by CSIRT - https://r.zerozone.it/post/12E7s5TjnK8SEFMmK

🏴‍☠️ Orca has just published a new victim: ExcelPlast Tunisie
Company product portfolio covers PP and Polyester plastic sheeting with a good r...

by Ransomware live - https://r.zerozone.it/post/Y7MTwCXe9V3qkBJhZ

🏴‍☠️ Lynx has just published a new victim: Cruz Marine (cruz.local)
Cruz Marine transports employees, equipment, fuel and materials to remote sites ...

by Ransomware live - https://r.zerozone.it/post/rU1D7fKhBeApBSRyc

🏴‍☠️ Killsec has just published a new victim: SuperCommerce.ai
Supercommerce.ai transforms commerce in the Middle East and Africa with digital solutions for B2C and B2B markets, offering services like autonomous commerce and backend support for tech teams.

by Ransomware live - https://r.zerozone.it/post/ZwfyBVA8Xz07HnF88

Aggiornamenti di sicurezza Apple
(AL01/240917/CSIRT-ITA)
Apple ha rilasciato aggiornamenti di sicurezza per sanare molteplici vulnerabilità presenti nei propri prodotti.

by CSIRT - https://r.zerozone.it/post/GmvHveNVcAhQudCJS

Vidar compare ancora in una nuova campagna malspam che sfrutta le caselle PEC
Ieri questo CERT ha emesso un avviso riguardante una campagna di malspam veicolata tramite caselle PEC, nella quale il link utilizzato verso il dominio italiano Excite non supportava alcun payload malevolo. A quanto pare, gli autori di questa campagna hanno in seguito apportato delle modifiche, riproponendo gli stessi contenuti ma [...]

by CERT-AgID - https://r.zerozone.it/post/ZK1nbutayMPEM25nF

🏴‍☠️ Cactus has just published a new victim: peerlessumbrella.com
Manufacturing“Peerless Umbrella is a full service manufacturer of quality umbrellas. Operating with a Union Shop, this family owned business has been a manufacturer of traditional, as well as golf and fashion umbrellas for more than 70 years. Today Peerless is a leader in umbrella technology and manufacturing, as well as [...]

by Ransomware live - https://r.zerozone.it/post/zU3j42keTPpEkVf2t

🏴‍☠️ Cactus has just published a new victim: thomas-lloyd.com
Finance“ThomasLloyd is a global investment and advisory firm dedicated to leading the necessary process for social and environmental change, focusing exclusively on the financing, construction and operation of sustainable projects in the infrastructure, agriculture and property sectors.”Website: https://www.thomas-lloyd.com/Revenue[redacted] : $66.1MAddress: 427 Bedford Rd, Pleasantville, New York, 10570, United StatesPhone Number: [...]

by Ransomware live - https://r.zerozone.it/post/2e3u5E5Vq9pbCTP6s

Vulnerabilità in FileSender
(AL02/240917/CSIRT-ITA)
Rilevata una vulnerabilità di sicurezza, con gravità “alta” in FileSender, applicazione web open source utilizzata per inviare file di grandi dimensioni in modo sicuro.

by CSIRT - https://r.zerozone.it/post/zNrpmPYRvXjeMm5mG

🏴‍☠️ Hunters has just published a new victim: AutoCanada
Country : Canada - Exfiltraded data : yes - Encrypted data : yes

by Ransomware live - https://r.zerozone.it/post/CnA2E797w2xR6ZFeZ

🏴‍☠️ Hunters has just published a new victim: New Electric
Country : United States of America - Exfiltraded data : yes - Encrypted data : yes

by Ransomware live - https://r.zerozone.it/post/nSFZRsmjmWs6nMt3d

🏴‍☠️ Cactus has just published a new victim: natcoglobal.com
Business Services“Founded in 1991, North American Textile Company, LLC (NATco) is a global manufacturer of labels, trims and hardware. NATco corporate headquarters is located in Los Angeles, California and owns and operates plants in several countries throughout the world including Italy, China, India and more.”Website: https://www.natcoglobal.com/Revenue[redacted] : $38.5MAddress: 346 W [...]

by Ransomware live - https://r.zerozone.it/post/D89UeuHxxRfS81GPj

🏴‍☠️ Bianlian has just published a new victim: Sherr Puttmann Akins Lamb PC
Sherr Puttmann Akins Lamb is a full-service family law firm specializing in divorce, legal separation, child custody, juvenile law, and more.

by Ransomware live - https://r.zerozone.it/post/AgRXUxf5Kay6Tvx3v

🏴‍☠️ Killsec has just published a new victim: miit.gov.cn
The Ministry of Industry and Information Technology (MIIT) is the sixth-ranked executive department of the State Council of the People's Republic of China.

by Ransomware live - https://r.zerozone.it/post/etxACTTA4kfRqZeE5