Hacking

Pierluigi Paganini July 18, 2019
CVE-2019-6342 flaw allows hackers to fully compromise Drupal 8.7.4 websites

Drupal developers urge users to update their installs to version 8.7.5, which addresses the CVE-2019-6342 flaw that allows hackers to take control of Drupal 8 sites. Drupal developers informed users that version 8.7.4 is affected by a critical flaw, tracked as CVE-2019-6342, that could be exploited by attackers to take control of Drupal 8 websites. […]

Pierluigi Paganini July 17, 2019
Expert was awarded $10,000 for disclosing XSS flaw to Tesla

Tesla paid $10,000 a researcher that found a stored cross-site scripting (XSS) vulnerability that could have been exploited to change vehicle information. The security researcher Sam Curry has earned $10,000 from Tesla after reporting a stored cross-site scripting (XSS) flaw that could have been exploited to obtain vehicle information and potentially modify it. Curry discovered […]

Pierluigi Paganini July 17, 2019

Threat actors used the Extembro DNS-changer Trojan in an adware campaign to prevent users from accessing security-related websites. Security experts at Malwarebytes observed an adware campaign that involved the Extembro DNS-changer Trojan to prevent users from accessing websites of security vendors. “Recently, we uncovered a new DNS-changer called Extenbro that comes with an adware bundler. […]

Pierluigi Paganini July 17, 2019
Turla APT group adds Topinambour Trojan to its arsenal

Kaspersky researchers revealed that since earlier this year, Russia-linked APT group Turla used new variants of the KopiLuwak Trojan in targeted attacks. Security experts at Kaspersky revealed that the Russia-linked APT group Turla used new variants of the KopiLuwak Trojan in targeted attacks since early 2019. The Turla APT group (aka Snake, Uroburos, Waterbug, Venomous Bear and KRYPTON) has been active since at least 2007 targeting […]

Pierluigi Paganini July 16, 2019
Sprint revealed that hackers compromised some customer accounts via Samsung site

US telecommunications company Sprint revealed that hackers compromised an unknown number of customer accounts via the Samsung.com “add a line” website. The mobile network operator Sprint disclosed a security breach, the company revealed that hackers compromised an unknown number of customer accounts via the Samsung.com “add a line” website. “On June 22, Sprint was informed of unauthorized […]

Pierluigi Paganini July 16, 2019
A flaw in discontinued Iomega/Lenovo NAS devices exposed millions of files

Experts at Vertical Structure and WhiteHat Security discovered a serious flaw that exposed millions of files stored on thousands of exposed Lenovo NAS devices. An analysis conducted by researchers at Vertical Structure and WhiteHat Security allowed discovering a vulnerability in discontinued Iomega/Lenovo NAS devices, tracked as CVE-2019-6160, that exposed millions of files. The discovery was […]

Pierluigi Paganini July 16, 2019
Media File Jacking allows manipulating media files users receive via Android WhatsApp and Telegram

Media File Jacking – Security researchers at Symantec demonstrated how to manipulate media files that can be received via WhatsApp and Telegram Android apps. Security experts at Symantec devised an attack technique dubbed Media File Jacking that could allow attackers to manipulate media files that can be received via WhatsApp and Telegram Android apps. The […]

Pierluigi Paganini July 16, 2019
Mysterious hackers steal data of over 70% of Bulgarians

Hackers stole data of millions of Bulgarians, and sent it to local media, According to the media the source could be the National Revenue Agency. Hackers have exfiltrated data from a Bulgarian government system, likely the National Revenue Agency (NRA), and have shared it with the local media. The hackers have stolen the personal details […]

Pierluigi Paganini July 16, 2019
iOS URL Scheme expose users to App-in-the-Middle attack

Security experts at Trend Micro have discovered that iOS URL scheme could allow an attacker to hijack users’ accounts via App-in-the-Middle attack. Security experts at Trend Micro devised a new app-in-the-middle attack that could be exploited by a malicious app installed on iOS devices to steal sensitive data from other applications. The attack exploits the […]

Pierluigi Paganini July 16, 2019
DoppelPaymer, a fork of BitPaymer Ransomware, appeared in the threat landscape

Some of the crooks behind the Dridex Trojan have split from the gang and released a forked version of the BitPaymer ransomware dubbed DoppelPaymer. Cybercrime gang tracked as TA505 has been active since 2014 and focusing on Retail and Banking industries. The group that is known for the distribution of the Dridex Trojan and the Locky ransomware, has released other pieces of […]