Breaking News

Pierluigi Paganini December 05, 2019
Iran-Linked APT groups target energy, industrial sectors with ZeroCleare Wiper

Experts spotted a piece of malware dubbed ZeroCleare that has been used in highly targeted attacks aimed at energy and industrial organizations in the Middle East. Security experts at IBM X-Force found a piece of malware dubbed ZeroCleare (the name ZeroCleare comes from the path in the binary file) that has been used in highly targeted […]

Pierluigi Paganini December 04, 2019
Two malicious Python libraries were stealing SSH and GPG keys

The Python security team removed two trojanized Python libraries from PyPI (Python Package Index) that were stealing SSH and GPG keys from the projects of infected developers. The Python security team removed two tainted Python libraries from PyPI (Python Package Index) that were found stealing SSH and GPG keys from the projects of infected developers. […]

Pierluigi Paganini December 04, 2019
Mozilla removed 4 Avast and AVG extensions for spying on Firefox users

Mozilla has removed four extensions from Avast and AVG from the Firefox site that are suspected to track user activity online. Four Avast and AVG Firefox extensions have been removed from Mozilla Addons Site over concerns of spying of users. “This add-on violates Mozilla’s add-on policy by collecting data without user disclosure or consent,” explained […]

Pierluigi Paganini December 04, 2019
Talos experts found a critical RCE in GoAhead Web Server

Experts at Cisco Talos found two vulnerabilities in the GoAhead embedded web server, including a critical remote code execution flaw. GoAhead is the world’s most popular, tiny embedded web server. It is developed by EmbedThis that defines it as compact, secure and simple to use. GoAhead is deployed in hundreds of millions of devices and […]

Pierluigi Paganini December 03, 2019
A flaw in Microsoft OAuth authentication could lead Azure account takeover

A vulnerability in the Microsoft OAuth implementation exposes Azure cloud accounts to takeover. The vulnerability affects the way Microsoft applications use OAuth for authentication, these applications trust certain third-party domains and sub-domains that are not registered by Microsoft. Experts from Cyberark discovered the following three vulnerable Microsoft applications that trust these unregistered domains Portfolios, O365 […]

Pierluigi Paganini December 03, 2019
Website of gunmaker Smith & Wesson hit by a Magecart attack

The US gunmaker Smith & Wesson was hacked late last month in a Magecart attack, attackers injected a malicious software skimmer. A new Magecart attack made the headlines, the victim is the American gunmaker Smith & Wesson. The hack took place last month, the attackers planted a malicious software skimmer on its website to steal […]

Pierluigi Paganini December 03, 2019
Experts discovered DLL hijacking issues in Kaspersky and Trend Micro solutions

Experts discovered several DLL hijacking flaws in Kaspersky Secure Connection, Trend Micro Maximum Security, and Autodesk Desktop Application. Researchers from SafeBreach discovered several vulnerabilities in Kaspersky Secure Connection, Trend Micro Maximum Security, and Autodesk Desktop Application products that could be exploited by hackers for DLL preloading, code execution, and privilege escalation. The first issue in […]

Pierluigi Paganini December 02, 2019
Ohio Election Day cyber attack attempt traced Russian-Owned Company

Ohio detected and neutralized a cyber attack against its election systems earlier this month, it was traced to a Russian-owned company. Ohio officials thwarted a cyber attack against its election infrastructure earlier this month, the state’s elections chief announced. According to the Republican Secretary of State Frank LaRose, the cyber attack was “relatively unsophisticated” and […]

Pierluigi Paganini December 02, 2019
StrandHogg Vulnerability exploited by tens of rogue Android Apps

Security experts disclosed a vulnerability dubbed StrandHogg that has been exploited by tens of malicious Android apps. Security experts at Promon disclosed a vulnerability, dubbed StrandHogg, that has been exploited by tens of malicious Android apps. The name StrandHogg comes from an old Norse term that refers to a tactic adopted by the Vikings that […]

Pierluigi Paganini December 02, 2019
Europol seized 30,506 Internet domain names for IP Infringement

Europol announced another success in the fight against cybercrime, the agency shut down 30,506 Internet domain names for distributing counterfeit and pirated items. Europol announced the shutdown of 30,506 Internet domain names for distributing counterfeit and pirated items as part of the ‘In Our Sites’ (IOS) operation launched in 2014. The success is the result […]