Breaking News

Pierluigi Paganini August 09, 2019
A Zero-Day in Steam client for Windows affects over 100 Million users

Two researchers publicly disclosed a zero-day vulnerability that affects the popular Steam game client for Windows, 0ver 100 million users at risk. Two security experts disclosed a privilege escalation vulnerability in the Stream client for Windows that can be exploited by an attacker with limited permissions to run code administrative privileges. The issue could be exploited […]

Pierluigi Paganini August 08, 2019
WhatsApp flaws allow the attackers to manipulate conversations

Security experts at CheckPoint discovered a series of vulnerabilities in WhatsApp that could be exploited by attackers to tamper with conversations. A team of Check Point security researchers composed of Dikla Barda, Roman Zaikin, and Oded Vanunu devised three attacks that leverage the vulnerabilities in WhatsApp to tamper with conversations. The flaws could allow attackers […]

Pierluigi Paganini August 08, 2019
New strain of Clipsa malware launches brute-force attacks on WordPress sites

Avast spotted a new strain of Clipsa malware that is used to mine and steal cryptocurrencies along with carrying out brute-force attacks on WordPress sites. Clipsa is a malware that is well known to cyber security community is able to steal cryptocurrency via clipoard hijacking and mine cryptocurrency after installing a miner.  Avast recently discovered […]

Pierluigi Paganini August 08, 2019
American Insurance firm State Farm victim of credential stuffing attacks

The American group of insurance and financial services companies State Farm disclosed a credential stuffing attack it has suffered in July. The American group of insurance and financial services companies State Farm revealed that it was the victim of a credential stuffing attack it has suffered in July. The insurance firm is notifying the impacted […]

Pierluigi Paganini August 08, 2019
Cisco addressed critical flaws in Cisco Small Business 220 Series Smart Switches

Cisco has released security updates to address several vulnerabilities in Cisco Small Business 220 Series Smart Switches. Cisco released security updates to address several vulnerabilities in Cisco Small Business 220 Series Smart Switches, including two critical issues. The most important flaw, tracked as CVE-2019-1913, could be exploited by an unauthenticated, remote attacker to execute arbitrary code with […]

Pierluigi Paganini August 07, 2019
OilRig APT group: the evolution of attack techniques over time

Security researcher Marco Ramilli presents a comparative analysis of attacks techniques adopted by the Iran-Linked OilRig APT group. Today I’d like to share a comparative analysis of OilRig techniques mutation over time. In particular I will refer to great analyses made by Paloalto UNIT 42 plus my own ones (HERE, HERE, HERE, etc..)  and more personal thoughts. I would define this group […]

Pierluigi Paganini August 07, 2019
The number of exploits in the Echobot botnet reached 59

The operators behind the recently discovered Echobot botnet added tens of new exploits to infect a broad range of systems worldwide. In June, experts at PaloAlto Networks uncovered a new botnet, dubbed Echobot that is based on the dreaded Mirai botnet. At the time of its discovery, operators added 8 new exploits, but a few weeks later the […]

Pierluigi Paganini August 07, 2019
SWAPGS Attack – A new Spectre-V1 attack affects modern chips

Experts discovered a new variant of the Spectre vulnerability (SWAPGS Attack) that affects modern Intel CPUs which leverage speculative-execution, and also some AMD processors. Experts discovered a new Spectre speculative execution flaw (SWAPGS attack), tracked as CVE-2019-1125, that affects all Modern Intel CPUs and some AMD processors. The flaw could be exploited by unprivileged local attackers to access […]

Pierluigi Paganini August 07, 2019
New Lord Exploit Kit appears in the threat landscape

Security experts discovered a new exploit kit, dubbed Lord Exploit Kit, that is currently targeting vulnerable versions of Adobe Flash Player. Security experts at Malwarebytes have recently discovered a new exploit kit, dubbed Lord Exploit Kit, that is targeting vulnerable versions of Adobe Flash Player The Lord Exploit Kit was first detected by Adrian Luca, […]

Pierluigi Paganini August 06, 2019
Expert publicly disclosed a zero-day vulnerability in KDE

A security expert has published PoC code exploit for a vulnerability in the KDE software framework that is yet to be fixed. The security expert Dominik Penner, aka “@zer0pwn”, has disclosed an unpatched KDE vulnerability on Twitter. “KDE Frameworks is a collection of libraries and software frameworks by KDE readily available to any Qt-based software stacks or applications on multiple operating systems.” The KDE Frameworks is […]