Pierluigi Paganini
May 01, 2018
The NATO team is the winner of the Cyber Defence Exercise Locked Shields 2018 that took place on April 23-26 in Tallinn, Estonia. The international live-fire cyber defence exercise Locked Shields 2018 took place on April 23-26 in Tallinn, Estonia, and the figures behind this important competition are impressive. A total of 22 Blue Teams participated […]
Pierluigi Paganini
April 30, 2018
SamSam ransomware made the headlines again, crooks now spreading thousands of copies of the ransomware at once into individual targeted organizations. Ransomware continues to be one of the most dangerous cyber threat and incident like the one suffered by the city of Atlanta demonstrates that their economic impact on victims could be severe. SamSam ransomware […]
Pierluigi Paganini
April 30, 2018
According to a security expert, Oracle appears to have botched the CVE-2018-2628 fix, this means that attackers could bypass it to take over WebLogic servers. Earlier April, Oracle patched the critical CVE-2018-2628 vulnerability in Oracle WebLogic server, but an Alibaba security researcher @pyn3rd discovered that the proposed fix could be bypassed. https://twitter.com/pyn3rd/status/990114565219344384 The CVE-2018-2628 flaw was […]
Pierluigi Paganini
April 30, 2018
Security experts at Kromtech discovered a MongoDB exposed personal details of 25,000 users tied to the Bezop cryptocurrency. Security researchers at cybersecurity firm Kromtech have discovered a MongoDB database containing the personal details of over 25,000 Bezop (BEZ) cryptocurrency users. There are 1384 cryptocurrencies as of Jan 2018. One of them had a database of 25K active […]
Pierluigi Paganini
April 29, 2018
During checkout from faasos, I observed that there are several requests going to Facebook, which carries your Faasos details without user’s consent. I reported the issue to Facebook that closed my report saying: “Unfortunately what you have described is not currently covered by this program, We will follow up with you regarding any questions we may […]
Pierluigi Paganini
April 29, 2018
Many companies using SAP systems ignore to be impacted by a 13-year-old security configuration that could expose their architecture to cyber attacks. According to the security firm Onapsis, 90 percent SAP systems were impacted by the vulnerability that affects SAP Netweaver and that can be exploited by a remote unauthenticated attacker who has network access […]
Pierluigi Paganini
April 29, 2018
A new round of the weekly SecurityAffairs newsletter arrived! The best news of the week with Security Affairs. Let me inform you that my new book, “Digging in the Deep Web” is online Kindle Edition Paper Copy Once again thank you! · Experts spotted spam campaigns delivering XTRAT and DUNIHI backdoors bundled with the Adwind […]
Pierluigi Paganini
April 29, 2018
This week Mozilla announced that the upcoming Firefox 60 version will implement a new Cross-Site Request Forgery (CSRF) protection by introducing support for the same-site cookie attribute. An attacker can launch a CSRF attack to perform unauthorized activities on a website on behalf of authenticated users, this is possible by tricking victims into visiting a specially crafted webpage. “Cross-Site […]
Pierluigi Paganini
April 29, 2018
Two security experts discovered that the control panel of a Ski lift in Austria was exposed online without any protection. The control panel of a Ski lift in Austria was exposed online, the disconcerting discovery was made on March 16 by the security experts Tim Philipp Schäfers and Sebastian Neef with security organization InternetWache.org. The ski lift is Patscherkofelbahn, a […]
Pierluigi Paganini
April 28, 2018
Bitdefender researcher Marius Tivadar has developed a dodgy NTFS file system image that could trigger a blue-screen-of-death when a mount is attempted on Windows 7 and 10 systems. The Bitdefender expert Marius Tivadar has discovered a vulnerability tied the way Microsoft handles of NTFS filesystem images, he also published a proof-of-concept code on GitHub that could be used to […]
