Breaking News

Pierluigi Paganini December 27, 2018
Hackers infect Linux servers with JungleSec Ransomware via IPMI Remote console

Since November, a new ransomware called JungleSec has been infecting servers through unsecured IPMI (Intelligent Platform Management Interface) cards. Security experts at BleepingComputer wrote about a new ransomware called JungleSec that is infecting victims through unsecured IPMI (Intelligent Platform Management Interface) cards. The ransomware was first observed early November. The IPMI is a set of computer interface […]

Pierluigi Paganini December 26, 2018
Experts discovered a critical bug in Schneider Electric Vehicle Charging Stations

A critical vulnerability affects Schneider Electric electric vehicle charging stations, the EVLink Parking systems. EVlink Parking charging solutions are usually in parking environments, including offices, hotels, supermarkets, fleets, and municipals. According to the company, the issue is tied to a hard-coded credential bug that could be exploited by attackers to gain access to the system. […]

Pierluigi Paganini December 26, 2018
Hackers target financial firms hosting malicious payloads on Google Cloud Storage

Researchers at Menlo Labs uncovered a malicious email campaign targeting employees of banks and financial services companies abusing Google Cloud Storage. The campaign targeted organizations in the US and the UK, the attackers have been abusing Google Cloud Storage to deliver payload. The spam campaign uses messages including links that point to archivefiles such as .zip or .gz. Attackers […]

Pierluigi Paganini December 25, 2018
Hackers launched phishing attacks aimed at bypassing Gmail, Yahoo 2FA at scale

Amnesty International warns of threat actors that are launching phishing attacks aimed at bypassing Gmail, Yahoo 2FA at scale Amnesty International published a report that details how threat actors are able to bypass 2FA authentication that leverages text message as a second factor. Attackers are using this tactic to break into Gmail and Yahoo accounts […]

Pierluigi Paganini December 25, 2018
Over 19,000 Orange Livebox ADSL modems leak WiFi credentials

Threat actors are attempting to exploit a flaw in Orange LiveBox ADSL modems to retrieve their SSID and WiFi password in plaintext. Threat actors in the wild are attempting to exploit a vulnerability in LiveBox ADSL modems from Orange, the issue could be triggered to retrieve their SSID and WiFi password in plaintext by simply […]

Pierluigi Paganini December 24, 2018
Experts disclosed an unpatched Kernel buffer overflow in Trusteer Rapport for MacOS

Researchers from Trustwave SpiderLabs discovered an unpatched kernel-level vulnerability in driver used by IBM Trusteer Rapport endpoint security tool. The issue affects endpoint security tool for MacOS, IBM released a patch but failed to address the vulnerability within the 120-day disclosure deadline. The IBM Trusteer Rapport endpoint security tool is a lightweight software component that […]

Pierluigi Paganini December 24, 2018
Hacking the Twinkly IoT Christmas lights

Security researchers discovered some flaws in the Twinkly IoT lights that could be exploited display custom lighting effects and to remotely turn off them. Security researchers from MWR InfoSecurity have discovered some flaws in the Twinkly IoT lights that could be exploited to display custom lighting effects and to remotely turn off their Christmas brilliance. […]

Pierluigi Paganini December 24, 2018
Information Disclosure flaw allows attackers to find Huawei routers with default credentials

Some models of Huawei routers are affected by a flaw that could be exploited by attackers to determine whether the devices have default credentials or not. Ankit Anubhav, a principal researcher at NewSky Security, discovered a vulnerability in some models of Huawei routers that could be exploited by attackers to determine whether the devices have […]

Pierluigi Paganini December 23, 2018
Security Affairs newsletter Round 193 – News of the week

A new round of the weekly SecurityAffairs newsletter arrived! The best news of the week with Security Affairs. Let me inform you that my new book, “Digging in the Deep Web” is online with a special deal 20% discount Kindle Edition Paper Copy Once again thank you! Twitter fixed bug could have exposed Direct Messages […]

Pierluigi Paganini December 23, 2018
France data protection agency fines Uber 400k Euros Over 2016 Data Breach

France’s data protection agency had fined the ride-sharing company Uber with 400,000 euros ($455,000) over a 2016 data breach. The data breach suffered by Uber in 2016 exposed the personal data of some 57 million clients and drivers worldwide. In November 2017, the Uber CEO Dara Khosrowshahi announced that hackers broke into the company database and […]