Cyber Crime

Pierluigi Paganini August 09, 2015
Carphone Warehouse hacked: 2.4 million customer records at risk

Carphone Warehouse has taken three days to disclose about a sophisticated attack that may have impacted more than 2.4 million customers. The British mobile phone retailer Carphone Warehouse has been hacked and nearly 2.4 million customers records could have been compromised. On 5 August 2015 the experts of the company discovered that the IT infrastructure […]

Pierluigi Paganini August 08, 2015
0-day attack on Firefox stole sensitive data and password

Mozilla released the version 39.0.3 Firefox to patch a critical 0-day vulnerability that has been exploited in the wild. A zero-day vulnerability in Mozilla FireFox was reported on Wednesday to the company. A user noticed that an ad displayed on a Russian news website was serving an a malicious code. The exploit discovered by the user […]

Pierluigi Paganini August 06, 2015
ICANN urges passwords reset due an external service provider breach

The ICANN has issued a warning to inform who registered with ICANN.org that their profile accounts were accessed by an “unauthorized person.” The Internet Corporation for Assigned Names and Numbers (ICANN) has issued another security warning after login credentials of the ICANN.org website have been compromised. A new incident occurred to the ICANN (Internet Corporation for […]

Pierluigi Paganini August 06, 2015
The Panda Emissary APT specialized in defence aerospace projects

The Panda Emissary group extensively uses long-running strategic web compromises and relies on whitelists to syphon defence aerospace projects from victims. An alleged Chinese APT group dubbed Panda Emissary (also known as TG-3390) is targeting high-profile governments and organisations searching for defense aerospace projects. Researchers at Dell discovered that the Panda Emissary group used Watering hole […]

Pierluigi Paganini August 06, 2015
Man-in-the-Cloud Attacks rely on common file synchronization services to hack cloud account

Popular cloud storage services such as Google Drive and Dropbox can be abused by hackers running Man-in-the-Cloud (MITC) attacks. The recently issued Imperva’s Hacker Intelligence Initiative report on Man-in-the-Cloud (MITC) attacks details how threat actors abuse popular cloud storage services for illegal activities. The experts have analyzed a number of cloud storage services including Dropbox, Google Drive, Box, and Microsoft OneDrive. […]

Pierluigi Paganini August 05, 2015
Terracotta VPN, the Chinese VPN Service as Hacking Platform

A Chinese-language Virtual Private Network service provider dubbed Terracotta VPN offers a network of compromised servers as a stealth hacking platform. According RSA Security, a China-based virtual private network (VPN) service provider offers hacking crews a network of compromised servers which can be used to carry out stealth cyber attacks. The attacks appear to be […]

Pierluigi Paganini August 04, 2015
The CTB-Locker Ransomware is Back with a Vengeance: Windows 10 Social Engineering

The CTB-Locker Ransomware is Back with a Vengeance, the security experts noticed that bad actors Leveraging the Release of Windows 10 as an Attack Vector. A false sense of hope that the presence, or rather the active spread, of crypto-ransomware in-the-wild has begun to slowly die out has been quickly diminished thanks to the group behind the CTB-Locker ransomware. While […]

Pierluigi Paganini August 04, 2015
Interpol is training Police officers to fight crime on the Darknet

Police officers from dozen countries have just completed the first training program on Darknets, Tor hidden services and illegal marketplaces. Cybercrime becomes even more sophisticated and explores new technologies for its illegal activities. A growing problem for law enforcement agencies world worldwide is to track illegal activities in the Dark Web. Not only cyber criminals, but also groups […]

Pierluigi Paganini August 04, 2015
BIND Flaws exploited in DNS server attacks

Recently we reported a new vulnerability affecting Bind, now experts at Sucuri confirmed that the flaw is being exploited in DNS server attacks. A few days ago we wrote about the BIND software flaws that were discovered, affecting important companies, and last week a patch was released for the denial-of-service flaw (CVE-2015-5477), which was affecting […]

Pierluigi Paganini August 04, 2015
RIG Exploit Kit 3.0 infected over 1.3 Million PC worldwide

Version 3.0 of the RIG exploit kit has been released with new significant improvement. It has already infected more than 1.3 million PC worldwide. Early 2015, part of the source code for the 2.0 version of the RIG exploit kit was leaked online due to a dispute between the main developer and a reseller. According […]