Hacking

Pierluigi Paganini August 07, 2019
SWAPGS Attack – A new Spectre-V1 attack affects modern chips

Experts discovered a new variant of the Spectre vulnerability (SWAPGS Attack) that affects modern Intel CPUs which leverage speculative-execution, and also some AMD processors. Experts discovered a new Spectre speculative execution flaw (SWAPGS attack), tracked as CVE-2019-1125, that affects all Modern Intel CPUs and some AMD processors. The flaw could be exploited by unprivileged local attackers to access […]

Pierluigi Paganini August 07, 2019
New Lord Exploit Kit appears in the threat landscape

Security experts discovered a new exploit kit, dubbed Lord Exploit Kit, that is currently targeting vulnerable versions of Adobe Flash Player. Security experts at Malwarebytes have recently discovered a new exploit kit, dubbed Lord Exploit Kit, that is targeting vulnerable versions of Adobe Flash Player The Lord Exploit Kit was first detected by Adrian Luca, […]

Pierluigi Paganini August 06, 2019
Expert publicly disclosed a zero-day vulnerability in KDE

A security expert has published PoC code exploit for a vulnerability in the KDE software framework that is yet to be fixed. The security expert Dominik Penner, aka “@zer0pwn”, has disclosed an unpatched KDE vulnerability on Twitter. “KDE Frameworks is a collection of libraries and software frameworks by KDE readily available to any Qt-based software stacks or applications on multiple operating systems.” The KDE Frameworks is […]

Pierluigi Paganini August 06, 2019
Crooks turn victims into money mules via confidence/romance scams

The FBI published a security advisory to warn of cyber actors using online dating sites to conduct confidence/romance scam and recruit money mules. The FBI published a security advisory to warn of confidence/romance scams turning victims into money mules. The advisory explains that victims are used as part of a money-laundering scheme and act as […]

Pierluigi Paganini August 06, 2019
CafePress Data Breach exposes technical details of 23 Million users

CafePress, the popular T-Shirt and merchandise website, suffered a data breach that exposed the personal details of 23 million of their customers. CafePress, the popular T-Shirt and merchandise website, disclosed a data breach that exposed the personal details of 23 million of their customers. The news was publicly reported by the data breach notification service […]

Pierluigi Paganini August 06, 2019
The Evolution of Aggah: From Roma225 to the RG Campaign

The experts at Yoroi-Cybaze ZLab discovered a new wave of attacks linked to the cyber espionage campaign tracked as Roma225. Introduction Few months ago we started observing a cyber operation aiming to attack private companies in various business sectors, from automotive to luxury, education, and media/marketing.  The attack attribution is still unclear but the large scale of […]

Pierluigi Paganini August 06, 2019
QualPwn Bugs in Qualcomm chips could allow hacking Android Over the Air

Researchers discovered two serious flaws, QualPwn bugs, in Qualcomm’s Snapdragon SoC WLAN firmware that could be exploited to hack Android device over the air. Security experts at Tencent Blade, the security elite unit at Tencent, have discovered two severe vulnerabilities, QualPwn bugs, that could “allow attackers to compromise the Android Kernel over-the-air. “QualPwn is a […]

Pierluigi Paganini August 06, 2019
Russia-linked STRONTIUM APT targets IoT devices to hack corporate networks

The STRONTIUM Russia-linked APT group is compromising common IoT devices to gain access to several corporate networks. Researchers at Microsoft observed the Russia-linked APT group STRONTIUM abusing IoT devices to gain access to several corporate networks. The STRONTIUM APT group (aka APT28, Fancy Bear, Pawn Storm, Sofacy Group, and Sednit) has been active since at least 2007 and it has […]

Pierluigi Paganini August 05, 2019
StockX hacked, customers’ data offered for sale on the dark web

StockX, the live marketplace for buying and selling limited edition sneakers, watches, handbags, and streetwear, announced a data breach. StockX is a live marketplace for buying and selling limited edition sneakers, watches, handbags, and streetwear, the company announced that the sneaker and streetwear buying platform had been hacked. An unauthorized user was able to access customer data, […]

Pierluigi Paganini August 05, 2019
GermanWiper, a data-wiping malware that is targeting Germany

Recently a data-wiping malware tracked as GermanWiper has been targeting German organizations, the malicious code is pushed via phishing messages. GermanWiper is being distributed in Germany through spam messages that pretend to be emails sent by a job applicant named Lena Kretschmer that is submitting her resume. The messages have the subject “Ihr Stellenangebot – Bewerbung [Your job offer – […]