Hacking

Pierluigi Paganini June 24, 2019
Free proxy service runs on top of Linux Ngioweb Botnet

Researchers from Netlab, discovered a website offering free and commercial proxy servers leveraging a huge botnet (Ngioweb) of hacked WordPress sites. Researchers from Netlab, discovered that Free-Socks.in proxy service is leveraging a huge botnet of hacked WordPress sites. According to the experts, traffic managed by the proxy service is routed through a network of hacked […]

Pierluigi Paganini June 24, 2019
CVE-2019-10149: “Return of the WiZard” Vulnerability: Crooks Start Hitting

Malware researchers at Cybaze-Yoroi ZLAB observed many attack attempts trying to spread malware abusing the CVE-2019-10149 issue. Introduction In the past days, a really important issue has been disclosed to the public: “Return of the WiZard” vulnerability (ref. EW N030619, CVE-2019-10149). Such vulnerability affected a wide range of Exim servers, one of the main email server […]

Pierluigi Paganini June 24, 2019
OpenSSH introduces a security feature to prevent Side-Channel Attacks

OpenSSH introduces a new feature to prevent Side-Channel attacks, latest release encrypts secret keys in memory as temporary solution. Memory side-channel vulnerabilities continue to threaten modern processors, Spectre, and Meltdown, Rowhammer, and RAMBleed are just some samples,  Now OpenSSH encrypts secret keys in memory against Side-Channel attacks. Many experts demonstrated variants of side-channel attacks against OpenSSH application […]

Pierluigi Paganini June 23, 2019
Hundreds of million computers potentially exposed to hack due to a flaw in PC-Doctor component

Hundreds of million computers from many vendors may have been exposed to hack due to a serious flaw in PC-Doctor software. Experts at SafeBreach discovered that the Dell SupportAssist software, that comes preinstalled on most Dell PCs, was affected by a DLL hijacking vulnerability tracked as CVE-2019-12280. The flaw could have been exploited by an […]

Pierluigi Paganini June 23, 2019
Trump secretly ordered cyber attacks against Iran missile systems

The United States launched a series of cyber attacks on Iran after the Iranian military has downed an American surveillance drone. The military response to Iran, after the Iranian army has downed an American surveillance drone, started from the cyberspace. US President Donald Trump first approved military strikes against Iran in retaliation for downing a […]

Pierluigi Paganini June 23, 2019
NASA hacked! An unauthorized Raspberry Pi connected to its network was the entry point

NASA Office of Inspector General revealed that the Agency’s network was hacked in April 2018, intruders exfiltrated roughly 500 MB of data related to Mars missions. According to a report published by the NASA Office of Inspector General, hackers breached the Agency’s network in April 2018 and remained undetected for nearly a year. The report […]

Pierluigi Paganini June 23, 2019
Expert released PoC for Outlook for Android flaw addressed by Microsoft

Security researcher from F5 Networks that released more details and proof-of-concept for the recently addressed flaw in Outlook for Android. Microsoft has recently addressed an important vulnerability, tracked as CVE-2019-1105, in Outlook for Android, that potentially affected over 100 million users. The vulnerability is a stored cross-site scripting issue that is related to the way […]

Pierluigi Paganini June 22, 2019
Flaws allow hacking a system playing untrusted videos on VLC Player

Two vulnerabilities in VLC media player could allow remote attackers to take full control over a computer system while playing untrusted videos. An attacker could remotely take full control over a computer system while playing untrusted videos with any version of VLC media player software prior to 3.0.7. The hack is possible due to two […]

Pierluigi Paganini June 21, 2019
Russia-Linked Turla APT group Hijacked C2 of the Iranian OilRig

Russia-Linked cyberespionage group Turla uses a new toolset and hijacked command and control infrastructure operated by Iran-Linked OilRig APT. Russia-linked Turla cyberspies used a new set of tools in new attacks and hijacked command and control infrastructure operated by Iran-Linked OilRig APT. Recent campaigns demonstrate that Turla continues to evolve its arsenal and adopt news […]

Pierluigi Paganini June 21, 2019
Microsoft fixed CVE-2019-1105 flaw in Outlook for Android

Microsoft has addressed an important vulnerability (CVE-2019-1105) in Outlook for Android, potentially affected over 100 million users. Microsoft has addressed an important flaw tracked as CVE-2019-1105 that affects versions of Outlook for Android app before 3.0.88. The vulnerability is a stored cross-site scripting issue that is related to the way the app parses incoming email […]