Experts demonstrated that SQLite database can be abused by threat actors as an attack vector to execute malicious code in other apps. Experts at CheckPoint discovered that SQLite database can be abused by threat actors as an attack vector to execute malicious code in other apps, including Apple’s . The experts presented the attack technique at the DEF […]
A group of Israeli researchers demonstrated that it is possible to take over the Simatic S7 controller one of the most secure controllers in the industry. A team of Israeli researchers demonstrated that it is possible to take control of the Simatic S7 controller without the knowledge of the operators. The team was composed of […]
Security researchers at McAfee have discovered that a vulnerability patched ten years ago is still affecting several Avaya phones. Security experts at McAfee discovered that a stack-based buffer overflow flaw in the Dynamic Host Configuration Protocol (DHCP) client discovered and fixed ten years ago is still affecting several Avaya phones. The vulnerability, tracked as CVE-2009-0692, could […]
Another city in the United States was hit by a cyber attack, according to officials in the city of Naples (Florida) they lost $700,000 in a recent attack. According to officials in the city of Naples, Florida, a cyberattack caused an economic loss of $700,000. This is the last incident in order of time that […]
At the Blackhat cybersecurity conference, Apple has announced a few major changes to its bug bounty program that will be open to any researcher. The most striking change is related to the payout for the rewards, themaximum reward passed from $200,000 to $1 million. This is the biggest payout for a bug bounty program operated […]
Two researchers publicly disclosed a zero-day vulnerability that affects the popular Steam game client for Windows, 0ver 100 million users at risk. Two security experts disclosed a privilege escalation vulnerability in the Stream client for Windows that can be exploited by an attacker with limited permissions to run code administrative privileges. The issue could be exploited […]
Security experts at CheckPoint discovered a series of vulnerabilities in WhatsApp that could be exploited by attackers to tamper with conversations. A team of Check Point security researchers composed of Dikla Barda, Roman Zaikin, and Oded Vanunu devised three attacks that leverage the vulnerabilities in WhatsApp to tamper with conversations. The flaws could allow attackers […]
Avast spotted a new strain of Clipsa malware that is used to mine and steal cryptocurrencies along with carrying out brute-force attacks on WordPress sites. Clipsa is a malware that is well known to cyber security community is able to steal cryptocurrency via clipoard hijacking and mine cryptocurrency after installing a miner. Avast recently discovered […]
Cisco has released security updates to address several vulnerabilities in Cisco Small Business 220 Series Smart Switches. Cisco released security updates to address several vulnerabilities in Cisco Small Business 220 Series Smart Switches, including two critical issues. The most important flaw, tracked as CVE-2019-1913, could be exploited by an unauthenticated, remote attacker to execute arbitrary code with […]
Security researcher Marco Ramilli presents a comparative analysis of attacks techniques adopted by the Iran-Linked OilRig APT group. Today I’d like to share a comparative analysis of OilRig techniques mutation over time. In particular I will refer to great analyses made by Paloalto UNIT 42 plus my own ones (HERE, HERE, HERE, etc..) and more personal thoughts. I would define this group […]