Breaking News

Pierluigi Paganini November 03, 2016
Critical DOM XSS flaw on Wix.com put million websites at risk

A DOM-based cross-site scripting vulnerability in the cloud-based development platform Wix.com put million websites at risk. The cloud-based development platform Wix.com is affected by a DOM-based cross-site scripting vulnerability that could be exploited by attackers to gain full control over any website running on the popular platform. Millions of websites hosted on Wix.com are potentially […]

Pierluigi Paganini November 03, 2016
Critical MySQL flaws can allow attackers to hack into your server

The security expert Dawid Golunski disclosed critical vulnerabilities in MySQL, MariaDB and PerconaDB can lead fully compromise of servers. Critical vulnerabilities affecting the MySQL, MariaDB and PerconaDB can lead fully compromise of servers. The flaws could be exploited by attackers to arbitrary code execution, root privilege escalation and, of course, server compromise. Dawid Golunski (@dawid_golunski) from Legal […]

Pierluigi Paganini November 03, 2016
Sundown exploit kit – Conquering the criminal underground

Cisco Talos group analyzed the evolution of the Sundown exploit kit that over the past six months has become responsible for a large number of infections. Over the past months, the threat landscape for exploit kits is rapidly changing. Angler EK, Neutrino EK, and Nuclear EK that for years monopolized the criminal underground disappeared. Now, […]

Pierluigi Paganini November 02, 2016
Stealth Cell Tower, how to spy on workers with a harmless printer

Stealth Cell Tower, it is an antagonistic GSM base station concealed in an office printer that could be used for surveillance purposes. Are you angry with your boss or your colleagues? Do you want to spy on them? The engineer Julian Oliver has demonstrated how to do it with a tiny cellphone base station concealed in […]

Pierluigi Paganini November 02, 2016
Recent Windows Kernel zero-day exploited by hackers behind the DNC hack

Executive vice president of Microsoft’s Windows and Devices group revealed that Windows Kernel zero-day recently disclosed was used by the Fancy Bear APT. On Oct. 31, the Google Threat Analysis Group publicly disclosed a vulnerability in the Windows kernel that is actively being exploited by threat actors in the wild. The zero-day could be exploited […]

Pierluigi Paganini November 02, 2016
An information disclosure flaw still impacts SAP Systems to the Internet

Experts from ERPScan revealed that a SAP flaw patched in September still impacts more than 900 SAP systems exposed to the Internet. An information disclosure vulnerability in SAP that was patched in September impacts more than 900 SAP systems that are exposed to the Internet. According to the expert Sergiu Popa from Quenta Solutions who reported the […]

Pierluigi Paganini November 01, 2016
Philip Hammond invokes an active defence of UK hacking back the attackers

The British Government announces an active defence posture in response to nation-state cyber attacks, Chancellor warns UK will retaliate against attacks. Hacking back, or “active defence” as security experts prefer to call it, is becoming a high debated argument. While the number of cyber attacks continues to increase and attackers are using even more sophisticated techniques, many Governments […]

Pierluigi Paganini November 01, 2016
Google discloses Windows zero-day that has been exploited in the wild

Google has disclosed a Windows zero-day vulnerability after 7-day deadline it gives vendors when the flaw is actively exploited in the wild by hackers. Google has once again publicly disclosed a zero-day vulnerability affecting current versions of Windows operating system  and Microsoft still hasn’t issued a patch. Yes, you’ve got it right! There is a […]

Pierluigi Paganini November 01, 2016
PanelShock 0-day Vulnerability Puts Thousands of Schneider Electric HMI Panels, Industrial Control Systems and Critical Infrastructure at Risk

Security researchers at CRITIFENCE cyber security labs publicly announced this morning (November 1, 2016) major cyber security vulnerabilities affecting one of the world’s largest manufacturers of SCADA and Industrial Control Systems, Schneider Electric.   The zero-day vulnerabilities dubbed PanelShock, found earlier this year by Eran Goldstein, CTO and Founder of CRITIFENCE, a leading Critical Infrastructure, […]

Pierluigi Paganini November 01, 2016
Office of the Comptroller of the Currency reported a former employee stolen data from office

A former employee of the Office of the Comptroller of the Currency downloaded 10,000 records onto thumb drives before his retirement in November 2015. On Friday, the US banking regulator told Congress about a potential “major information security incident” after it discovered that a former employee has downloaded a large number of files onto thumb drives […]