Hacking

Pierluigi Paganini November 28, 2019
RevengeHotels campaign – crooks target the hospitality industry

RevengeHotels campaign – The hospitality industry continues to be a privileged target for cybercriminals that target hotels, restaurant chains, and tourism services. Security experts at Kaspersky have published a report on a targeted cybercrime malware campaign, tracked as RevengeHotels, that hit hotels, hostels, hospitality and tourism companies. According to the experts, the threat actor has […]

Pierluigi Paganini November 27, 2019
Adobe revealed that the Magento Marketplace was hacked

Adobe discloses security breach impacting Magento Marketplace users Adobe discloses a security breach that affected the users of the Magento marketplace website, the incident was discovered last week. Adobe disclosed a security breach that affected the users of the Magento Marketplace portal, the security team discovered the incident on November 21. The Magento Marketplace is […]

Pierluigi Paganini November 27, 2019
Upbit cryptocurrency exchange hacked, crooks stole $48.5 million worth of ETH

Another South Korean cryptocurrency exchange was hacked, this time the victim is Upbit that lost $48.5 million in cryptocurrency.  The South Korean cryptocurrency exchange Upbit disclosed a security breach, the company told its customers that hackers have stolen $48.5 million in crypto-currency from its hot wallet.  The company has halted its operations on Wednesday, customers […]

Pierluigi Paganini November 27, 2019
Full(z) House Magecart group mix phishing and MiTM in its attacks

A group under the Magecart umbrella adopted a new tactic that leverages on MiTM and phishing attacks to target sites using external payment processors. Security experts at RiskIQ continue to monitor activities of several Magecart groups, recently they spotted a new crew, tracked as Full(z) House, that leverages phishing and web skimming for its attacks. The Full(z) […]

Pierluigi Paganini November 26, 2019
Kaspersky addressed multiple issues in online protection solutions

Kaspersky has fixed several flaws affecting the web protection features implemented in some of its security products Kaspersky has addressed several vulnerabilities in the web protection features implemented in its antivirus solutions, including Internet Security, Total Security, Free Anti-Virus, Security Cloud, and Small Office Security products. The vulnerabilities were found by the security researcher Wladimir […]

Pierluigi Paganini November 26, 2019
Experts discovered control systems for aircraft warning lights open online

Aircraft warning lights, an essential component of the aviation infrastructure, but they pose a serious risk if controlled by hackers. The independent researcher Amitay Dan discovered that control panels for aircraft warning lights were exposed to the Internet, potentially allowing attackers to control them with unpredictable and catastrophic consequences. Aircraft warning lights are important components of […]

Pierluigi Paganini November 26, 2019
Some Fortinet products used hardcoded keys and weak encryption for communications

Researchers at SEC Consult Vulnerability Lab discovered multiple issues in several security products from Fortinet, including hardcoded key and encryption for communications. Security researchers from SEC Consult Vulnerability Lab discovered that multiple Fortinet products use a weak encryption cipher (“XOR” with a static key) and cryptographic keys to communicate with the FortiGuard Web Filter, AntiSpam […]

Pierluigi Paganini November 25, 2019
PoC exploit code for Apache Solr RCE flaw is available online

Over the summer, the Apache Solr team addressed a remote code execution flaw, not a working exploit code was published online. The bug addressed by the Apache Solr team fixed over the summer is more dangerous than initially thought. Apache Solr is a highly reliable, scalable and fault-tolerant, open-source search engine written in Java. Solr […]

Pierluigi Paganini November 25, 2019
Raccoon Stealer campaign circumvents Microsoft and Symantec anti-spam messaging gateways

Crooks behind the Raccoon Stealer have adopted a simple and effective technique to circumvent popular anti-spam messaging gateways. Cybercriminals behind the Raccoon Stealer have adopted a simple and effective technique to circumvent Microsoft and Symantec anti-spam messaging gateways. The Raccoon stealer was first spotted in April, it was designed to steal victims’ credit card data, […]

Pierluigi Paganini November 24, 2019
Security Affairs newsletter Round 241

A new round of the weekly newsletter arrived! The best news of the week with Security Affairs Experts found undocumented access feature in Siemens SIMATIC PLCs Tianfu Cup 2019 Day 1 – Chinese experts hacked Chrome, Edge, Safari, Office365 Crooks use carding bots to check stolen card data ahead of the holiday season Experts report […]