"Claims of a cyberattack on Oracle’s cloud service emerged in late March when a miscreant using the handle “rose87168” boasted of cracking into two of Big Red's login servers for customers and harvesting around six million records, which included clients’ private security keys, encrypted credentials, and LDAP entries. The netizen put the info, involving thousands of organizations, up for sale on a cybercrime forum."

https://www.theregister.com/2025/04/08/oracle_cloud_compromised/

Sintesi riepilogativa delle campagne malevole nella settimana del 5 aprile – 11 aprile
In questa settimana, il CERT-AGID ha riscontrato ed analizzato, nello scenario italiano di suo riferimento un totale di 60 campagne malevole, di cui 22 con obiettivi italiani e 38 generiche che hanno comunque interessato l’Italia, mettendo a disposizione dei suoi enti accreditati i relativi 2043 indicatori di compromissione (IoC) individuati.

by CERT-AgID - https://r.zerozone.it/post/649sgJYeRA1pNEHbA

Wow!

https://busy.bar/

Scuola, Registro Elettronico e pubblicità
Su alcune piattaforme del Registro Elettronico sono comparsi giochi e pubblicità. Parliamo di piattaforme dove sono gestiti e conservati i dati di valutazione personale degli studenti, molti di loro minorenni. Source

by Zerozone.it - https://r.zerozone.it/post/RP9Pf0TqWpZpPX9P3

Per chi conosce il francese...

https://erreur403.beehiiv.com/

SPF, DKIM, DMARC.... cosa sono e come funzionano?

https://www.learndmarc.com/

Quando l’attacco ransomware alla ASL porta ad una ammonizione: il caso ASL1 Abruzzo
Il provvedimento 10116834 del Garante della Privacy in merito alla vicenda dell'attacco ransomware ai danni della ASL1 Abruzzo, conclusasi con una ammonizione per il titolare, merita un approfondimento maggiore poiché contiene alcuni elementi interessanti sulla valutazione degli attacchi informatici da parte dell'Autorità Garante dei Dati Personali. Source

by Zerozone.it - https://r.zerozone.it/post/yVyZeWCpG31w2bvYp

I boosted several posts about this already, but since people keep asking if I've seen it....

MITRE has announced that its funding for the Common Vulnerabilities and Exposures (CVE) program and related programs, including the Common Weakness Enumeration Program, will expire on April 16. The CVE database is critical for anyone doing vulnerability management or security research, and for a whole lot of other uses. There isn't really anyone else left who does this, and it's typically been work that is paid for and supported by the US government, which is a major consumer of this information, btw.

I reached out to MITRE, and they confirmed it is for real. Here is the contract, which is through the Department of Homeland Security, and has been renewed annually on the 16th or 17th of April.

https://www.usaspending.gov/award/CONT_AWD_70RCSJ23FR0000015_7001_70RSAT20D00000001_7001

MITRE's CVE database is likely going offline tomorrow. They have told me that for now, historical CVE records will be available at GitHub, https://github.com/CVEProject

Yosry Barsoum, vice president and director at MITRE's Center for Securing the Homeland, said:

“On Wednesday, April 16, 2025, funding for MITRE to develop, operate, and modernize the Common Vulnerabilities and Exposures (CVE®) Program and related programs, such as the Common Weakness Enumeration (CWE™) Program, will expire. The government continues to make considerable efforts to support MITRE’s role in the program and MITRE remains committed to CVE as a global resource.”

https://infosec.exchange/@briankrebs/114343835430587973

Solidarietà alla redazione di Basilicata24 per quello che si configura come un atto intimidatorio, sproporzionato nella sua esecuzione, nei confronti degli organi di stampa e di informazione.

https://www.articolo21.org/2025/04/perquisizione-nella-redazione-di-basilicata24-solidarieta-da-articolo-21/

During this investigation, a threat actor was observed using known vulnerabilities (e.g. FG-IR-22-398, FG-IR-23-097, FG-IR-24-015) to gain access to Fortinet devices. The targeting of known, unpatched vulnerabilities by a threat actor is not new and has been previously examined; this specific finding is the result of a threat actor taking advantage of a known vulnerability with a new technique to maintain read-only access to vulnerable FortiGate devices after the original access vector was locked down.

https://www.fortinet.com/blog/psirt-blogs/analysis-of-threat-actor-activity