Breaking News

Pierluigi Paganini November 11, 2016
OpenSSL Project fixed the CVE-2016-7054 High severity DoS bug

The OpenSSL Project has released the OpenSSL 1.1.0c update that addresses several vulnerabilities, including a high-severity DoS flaw (CVE-2016-7054). The OpenSSL Project has released an update for the 1.1.0 branch (OpenSSL 1.1.0c) to fix a number of vulnerabilities. One of the issues solved with the update is the high severity denial-of-service (DoS) flaw CVE-2016-7054 that […]

Pierluigi Paganini November 11, 2016
Telecrypt ransomware abuses Telegram Messenger’s communication protocol

Telecrypt ransomware is a new malware that abuses the instant messaging service Telegram for command and control (C&C) communications. Security experts from Kaspersky Lab have spotted a new Ransomware, called Telecrypt (Trojan-Ransom.Win32.Telecrypt), that abuses the Telegram instant messaging service for communications with command and control (C&C). The Delphi-written Trojan, which is currently targeting only Russian users, it exploits […]

Pierluigi Paganini November 10, 2016
MalwareMustDie is closed for protest against the NSA

The Legendary Blog of MalwareMustDie is closed for protest against NSA hacking trace of educational and public servers of harmless countries. The Shadow Brokers, the hacker group that hacked NSA hackers, who have previously released NSA hacking tools for anyone to download, published more files containing the IP address of 49 countries that have been […]

Pierluigi Paganini November 10, 2016
CVE-2016-7165 Privilege Escalation flaw affects many Siemens solutions

Siemens released security updates and temporary fixes to fix a privilege escalation flaw, tracked CVE-2016-7165, that affects several industrial products. Siemens has released security updates and temporary fixes to address a privilege escalation vulnerability, tracked CVE-2016-7165, that affects several industrial products. The flaw could be exploited by attackers to escalate their privileges if the flawed products […]

Pierluigi Paganini November 10, 2016
SCADA Sssh! Don’t Talk, Filter it

The effects of cyber-attacks against SCADA/ICS are well known, however, there is a great confusion when dealing with mitigation techniques. The Majority are aware of the impact cyber-attacks can have on Industrial Control Systems however, the reality in terms of mitigation techniques are shrouded with confusion and a reactive approach. Recent 0-day vulnerability dubbed as […]

Pierluigi Paganini November 09, 2016
Malvertising campaign delivered Android Svpeng Trojan via a zero-day in Chrome

Kaspersky discovered a new strain of the Svpeng Trojan delivered through popular news websites using Google’s AdSense via a zero-day in Chrome. Crooks exploited a Chrome Zero-Day vulnerability to deliver the Android Svpeng Trojan to Android users via Google AdSense. The Svpeng Trojan is not a new threat, it was first spotted by Kaspersky Lab in July 2013 when threat […]

Pierluigi Paganini November 09, 2016
What does a DDoS with everyday life? DDoS knocks out building control systems in Finland

The residents in two apartment buildings Finland faced more that a week of serious problem due to a DDoS attack that targeted the building control systems. What does a DDoS with everyday life? The recent attack against the Dyn DNS service powered by an IoT botnet demonstrated the weakness of modern society to cyber threats. Anyway, to better explain […]

Pierluigi Paganini November 09, 2016
Microsoft patches CVE-2016-7255 Windows zero-day exploited by Fancy Bear

Microsoft has issued a security patch that fixes the zero-day vulnerability tracked as CVE-2016-7255 exploited by Russian hackers. Microsoft has issued security patches that fixed also the zero-day vulnerability exploited by Russian hackers. One of the zero-days tracked as CVE-2016-7255  has been patched in the MS16-135 bulletin that also addresses two information disclosure and three […]

Pierluigi Paganini November 09, 2016
Adobe issued security patches for 9 Flash Player flaws reported via ZDI

Adobe released security updates that address nine vulnerabilities in Flash Player that could be exploited for remote code execution. Adobe has released security updates to address one vulnerability in Connect for Windows and nine arbitrary code execution flaws in the Flash Player product. The patches issued by the company for Adobe Flash Player are available for […]

Pierluigi Paganini November 08, 2016
CVE-2016-6563 RCE flaw affects D-Link Routers, disable remote admin

Carnegie-Mellon CERT warns of a flawed implementation of HNAP in D-Link routers (CVE-2016-6563) that could be exploited for remote execute code. According to the Carnegie-Mellon CERT the implementation of the Home Network Automation Protocol (HNAP) of D-Link routers is affected by a stack-based buffer overflow vulnerability tracked as  CVE-2016-6563. The flaw could be exploited by a […]