Breaking News

Pierluigi Paganini January 18, 2019
Fallout Exploit Kit now includes exploit for CVE-2018-15982 Flash zero-day

Experts at Malwarebytes have reported that the code for the recently discovered Flash zero-day flaw was added to the Fallout Exploit kit. Experts at Malwarebytes observed a new version of the Fallout Exploit kit that include the code to exploit a recently discovered Flash zero-day vulnerability. The Fallout Exploit kit was discovered at the end […]

Pierluigi Paganini January 18, 2019
Android apps use the motion sensor to evade detection and deliver Anubis malware

Security experts from Trend Micro have recently spotted two Android apps that use the motion sensor to evade detection and spread the Anubis banking Trojan. Malware authors continue to improve their malicious apps to avoid detection and infect the largest number of users. Security experts from Trend Micro have recently spotted two Android apps in […]

Pierluigi Paganini January 18, 2019
Oracle critical patch advisory addresses 284 flaws, 33 critical

Oracle released the first critical patch advisory for 2019 that addresses a total of 284 vulnerabilities, 33 of them are rated “critical”. Let’s give a close look at some of the vulnerabilities fixed by this patch advisory. The advisory fixed the CVE-2016-1000031 flaw, a remote code execution (RCE) bug in the Apache Commons FileUpload,  disclosed in November […]

Pierluigi Paganini January 18, 2019
Twitter fixed a bug in its Android App that exposed Protected Tweets

A bug in the Twitter app for Android may have had exposed tweets, the social media platform revealed on Thursday. The bug in the Android Twitter app affects the “Protect my Tweets” option from the account’s “Privacy and safety” settings that allows viewing user’s posts only to approved followers. People who used the Twitter app […]

Pierluigi Paganini January 18, 2019
Attacks in the wild leverage flaw in ThinkPHP Framework

Threat actors in the wild are leveraging a recently discovered flaw in the ThinkPHP PHP framework to install cryptominers, skimmers, and other malware. Multiple threat actors are leveraging a recently discovered code execution vulnerability (CVE-2018-20062) in the ThinkPHP framework. The flaw was already addressed by the Chinese firm TopThink that designed the framework, but security expert Larry […]

Pierluigi Paganini January 17, 2019
Collection #1 dump, 773 million emails, 21 million passwords

The popular cyber security expert Troy Hunt has uncovered a massive data leak he called ‘Collection #1’ that included 773 million records. The name ‘Collection #1’ comes from the name of the root folder. Someone has collected a huge trove of data through credential stuffing, the ‘Collection #1’ archive is a set of email addresses […]

Pierluigi Paganini January 17, 2019
Drupal fixes 2 critical code execution issues flaws in Drupal 7, 8.5 and 8.6

Drupal released security updates for Drupal 7, 8.5 and 8.6 that address two “critical” security vulnerabilities that could be exploited for arbitrary code execution. The first vulnerability could be exploited by a remote attacker to execute arbitrary PHP code. The flaw resides in the phar stream wrapper implemented in PHP and is related to the way […]

Pierluigi Paganini January 17, 2019
South Korea: hackers compromised Defense Acquisition Program Administration PCs

South Korea – Allegedstate-sponsored hackers compromised 10 PCs at ministry’s Defense Acquisition Program Administration. Unknown hackers compromised 10 PCs at ministry’s Defense Acquisition Program Administration which is the office that manages the military procurement. The news was confirmed by the South Korea Ministry of National Defense. “It has been turned out that 30 computers installed […]

Pierluigi Paganini January 17, 2019
Unprotected server of Oklahoma Department of Securities exposes millions of government files

A huge trove of data belonging to the Oklahoma Department of Securities (ODS) was left unsecured on a server for at least a week. Another data leak made the headlines, a huge trove of data belonging to the Oklahoma Department of Securities (ODS) was left unsecured on a server for at least a week. It […]

Pierluigi Paganini January 16, 2019
Critical bug in Amadeus flight booking system affects 141 airlines

A critical flaw in online flight ticket booking system developed by Amadeus could impact almost half of the fight travelers of 141 airlines around the world A critical flaw in online flight ticket booking system developed by Amadeus could be exploited by a remote attacker to access and modify travel details and claim his frequent […]