Breaking News

Pierluigi Paganini January 22, 2018
Google awarded Chinese hacker record $112,500 for Android exploit chain

Google has awarded a record $112,500 to a security researcher for reporting an exploit chain that could be used to hack Pixel smartphones. Last week the Google disclosed the technical details of the exploit chain that was devised in August 2017 by the Guang Gong from Alpha Team at Qihoo 360 Technology. The exploit chain triggers two […]

Pierluigi Paganini January 21, 2018
A hospital victim of a new SamSam Ransomware campaign paid $55,000 ransom

The Samsam Ransomware made the headlines in the first days of 2018, the malicious code infected systems of some high-profile targets, including a hospital that paid a $55,000 ransom. The SamSam ransomware is an old threat, attacks were observed in 2015 and the list of victims is long, many of them belong to the healthcare industry. […]

Pierluigi Paganini January 21, 2018
Security Affairs newsletter Round 146 – News of the week

A new round of the weekly SecurityAffairs newsletter arrived! The best news of the week with Security Affairs. Once again thank you! ·      Fappening – A fourth man has been charged with hacking into over 250 Apple iCloud accounts belonging to celebrities ·      Lenovo spotted and fixed a backdoor in RackSwitch and BladeCenter networking switches […]

Pierluigi Paganini January 21, 2018
OnePlus admitted hackers stole credit card information belonging to up to 40,000 customers

OnePlus confirmed that a security breach affected its online payment system, hackers stole credit card information belonging to up to 40,000 customers. OnePlus confirmed that a security breach affected its online payment system, a few days ago many customers of the Chinese smartphone manufacturer claimed to have been the victim of fraudulent credit card transactions after making purchases […]

Pierluigi Paganini January 21, 2018
Researchers found misconfigured Jenkins servers leaking sensitive data

Security expert Mikail Tunç analyzed Jenkins servers exposed online discovering that many instances leak sensitive information. The researchers clarify that he did not exploit any vulnerabilities to gain access to Jenkins servers, he simply analyzed open ones. Jenkins is the most popular open source automation server, it is maintained by CloudBees and the Jenkins community. The automation […]

Pierluigi Paganini January 20, 2018
Crackas leader (15) gained access to data of intel operations in Afghanistan and Iran by posing as the CIA chief

British teenager Kane Gamble (15), leader of the ‘Crackas With Attitude’ hacking group gained access to intel operations in Afghanistan and Iran by posing as the CIA chief. Do you remember “Crackas With Attitude”? You remember for sure the Crackas With Attitude, a hacking crew that claimed clamorous actions in support of the Palestine cause. The notorious group […]

Pierluigi Paganini January 20, 2018
Italian companies and Ministry of the Interior under attack, experts spotted a huge botnet

Threat actors with a deep knowledge of the Fiscal Italian ecosystem are using a huge botnet to target Italian companies and Ministry of the Interior. On Januaty 18 a colleague of mine (Luca) called me telling a malicious email was targeting Italian companies. This is the beginning of our new analysis adventure that Luca and […]

Pierluigi Paganini January 20, 2018
Red Hat reverts Spectre (CVE-2017-5715) security updates due to boot issues reported by customers

Red Hat is going to release updates that are reverting previous patches for the Spectre vulnerability (Variant 2, aka CVE-2017-5715). Just after the release of Spectre and Meltdown patches many experts argued a significative impact on performance and stability of systems running them. While Meltdown and Spectre Variant 1 could be theoretically being addressed by […]

Pierluigi Paganini January 20, 2018
The US Global surveillance bill has been signed by President Trump

US Government missed a historic opportunity to reform a dangerous surveillance law that opens to a global surveillance, instead it has signed a version that makes it worse. The U.S. legal framework related to the domestic surveillance has been signed by President Trump one day after the Senate approved it with 65 votes against 34. The […]

Pierluigi Paganini January 19, 2018
Triton Malware exploited a Zero-Day flaw in Schneider Triconex SIS controllers

The industrial giant Schneider discovered that the Triton malware exploited a zero-day vulnerability in Triconex Safety Instrumented System (SIS) controllers in an attack aimed at a critical infrastructure organization. In December 2017, a new malicious code dubbed Triton malware  (aka Trisis) was discovered by researchers at FireEye, it was specifically designed to target industrial control […]