Breaking News

Pierluigi Paganini March 01, 2019
Cybaze-Yoroi ZLab analyze GoBrut: A new GoLang Botnet

Cybaze-Yoroi ZLab analyze a new GoLang botnet named GoBrut, the investigation allowed to discover that the bot supports a lot more features Introduction Malware written in Go programming language has roots almost a decade ago, few years after its first public release back in 2009: starting from InfoStealer samples discovered since 2012 and abused in […]

Pierluigi Paganini March 01, 2019
Analyzing the evolution of MageCart cybercrime groups’ TTPs

Researchers from RiskIQ and FlashPoint analyzed the evolution of Magecart groups, in particular of a gang tracked as Group 4 that appears to be very sophisticated. Security firms have monitored the activities of a dozen Magecart groups at least since 2015. The gangs use to implant skimming script into compromised online stores in order to […]

Pierluigi Paganini February 28, 2019
CoinHive Cryptocurrency Mining Service will shut down on March 8, 2019

The popular in-browser cryptocurrency mining service Coinhive has announced that it will shut down on March 8, 2019. The service made the headlines across the years because it was used by crooks to abuse computational resources of the victims that were visiting compromised websites hosting the Coinhive script. Coinhive was initially launched as a legitimate […]

Pierluigi Paganini February 28, 2019
Ransomware, Trojan and Miner together against “PIK-Group”

Security expert Marco Ramilli analyzed a new piece of malware apparently designed to target PIK-Group that implements ransomware, Trojan, and Miner capabilities. When an unknown sender suggests me to click on a super wired url, dropping a ZIP file straight in my box, by saying it’s getting the next targeted attack on a huge company, […]

Pierluigi Paganini February 28, 2019
Cisco WebEx Meetings affected by a new elevation of privilege flaw

A vulnerability in the update service of the Cisco Webex Meetings Desktop App for Windows could allow elevation of privilege A vulnerability in the update service of the Cisco Webex Meetings Desktop App for Windows tracked as CVE-2019-1674 could be exploited by an unprivileged local attacker to elevate privileges and run arbitrary commands using the […]

Pierluigi Paganini February 28, 2019
PDF zero-day samples harvest user data when opened in Chrome

Experts at Exploit detection service EdgeSpot detected several PDF documents that exploit a zero-day flaw in Chrome to harvest user data. Exploit detection service EdgeSpot spotted several PDF documents that exploit a zero-day vulnerability in Chrome to harvest data on users who open the files through the popular web browser. The experts initially detected the […]

Pierluigi Paganini February 27, 2019
Multiple threat actors are targeting Elasticsearch Clusters

Security researchers at Cisco Talos are warning of a spike in attacks on unsecured Elasticsearch clusters to drop cryptocurrency miners. Cisco Talos experts have reported a spike in the attacks thatleverage known flaws to compromise unsecured Elasticsearch clusters and use them to mine crypto-currencies. At least six different threat actors are targeting installs running older […]

Pierluigi Paganini February 27, 2019
Thunderclap vulnerabilities allows to hack most of moder computers

Researchers found a new set of flaws that can be exploited via Thunderbolt to compromise a broad range of modern computers with Thunderclap attacksResearchers found a new set of flaws that can be exploited via Thunderbolt to compromise a broad range of modern computers with Thunderclap attacks Security experts from Rice University in the United […]

Pierluigi Paganini February 27, 2019
U.S. Cyber Command disrupted blocked Russian troll factory during 2018 midterms

The U.S. Cyber Command blocked the Internet access to the Russian troll factory while it was attempting to interfere with 2018 midterm. According to the Washington Post, that cites several U.S. officials, the operation conducted by the U.S. Cyber Command hit the Internet Research Agency in St. Petersburg, the company used by the Russian Government […]

Pierluigi Paganini February 27, 2019
Experts devised 3 attacks Show Signed PDF Documents Cannot Be Trusted

Experts found several flaws in popular PDF viewers and online validation services that allow to deceive the digital signature validation process. Several PDF viewers and online validation services contain vulnerabilities that can be exploited to make unauthorized changes to signed PDF documents without invalidating their digital signature. A group of academics from the German Ruhr-University […]