Hacking

Pierluigi Paganini June 13, 2019
Massive DDos attack hit Telegram, company says most of junk traffic is from China

Encrypted messaging service Telegram was hit by a major DDoS attack apparently originated from China, likely linked to the ongoing political unrest in Hong Kong. Telegram was used by protesters in Hong Kong to evade surveillance and coordinate their demonstrations against China that would allow extraditions from the country to the mainland. The country is […]

Pierluigi Paganini June 13, 2019
Flaw in Evernote Web Clipper for Chrome extension allows stealing data

Security experts discovered a vulnerability in the popular Evernote Web Clipper for Chrome can be exploited to steal sensitive data from sites visited by users. Security experts at browser security firm Guardio discovered a critical universal cross-site scripting (XSS) vulnerability in the Evernote Web Clipper for Chrome. “In May 2019 Guardio’s research team has discovered […]

Pierluigi Paganini June 12, 2019
Google expert disclosed details of an unpatched flaw in SymCrypt library

Tavis Ormandy, a white hat hacker Google Project Zero announced to have found a zero-day flaw in the SymCrypt cryptographic library of Microsoft’s operating system. The recently released Microsoft Patch Tuesday security updates for June 2019 failed to address a flaw in SymCrypt, a core cryptographic function library currently used by Windows. The flaw could be […]

Pierluigi Paganini June 12, 2019
Radiohead releases a trove of stolen music in response to the hack

The English rock Radiohead released 18-hour trove of private recordings from their 1997 album “OK Computer” in response to the recent hack. The alternative rock band Radiohead released an 18-hour trove of private recordings from their 1997 album “OK Computer” after being hacked by crooks that demanded a ransom of $150,000 for the music. Radiohead uploaded 1.8-gigabyte […]

Pierluigi Paganini June 12, 2019
RAMBleed, a new Side-Channel Attack that allows stealing sensitive data

Security researchers disclosed the details of RAMBleed, a new type of side-channel attack on DRAM that can allow stealing sensitive data from a memory. A team of academics from several universities has disclosed the details a new type of side-channel attack on dynamic random-access memory (DRAM), dubbed RAMBleed. The RAMBleed issue, tracked as CVE-2019-0174, could […]

Pierluigi Paganini June 11, 2019
Vulnerability in WordPress Live Chat Plugin allows to steal and hijack sessions

Security researchers at Alert Logic have discovered a vulnerability in the WordPress Live Chat plugin that could be exploited to steal and hijack sessions. Experts at Alert Logic have discovered a vulnerability in the popular WordPress Live Chat plugin that could be exploited by an unauthorized remote attacker to steal chat logs or manipulate chat sessions. […]

Pierluigi Paganini June 11, 2019
Customs and Border Protection (CBP) confirms hack of a subcontractor

Customs and Border Protection (CBP) revealed that photos of travelers and license plates collected at a single U.S. border point have been stolen by hackers. Customs and Border Protection (CBP) revealed that photos of travelers and license plates collected at a single U.S. border point have been stolen as a result of a cyber attack. […]

Pierluigi Paganini June 11, 2019
MuddyWater APT group updated its multi-stage PowerShell backdoor Powerstats

The MuddyWater cyber espionage group has used an updated multi-stage PowerShell backdoor in recent cyber attacks. Security experts at Trend Micro report that the MuddyWater APT group (aka SeedWorm and TEMP.Zagros), has used an updated multi-stage PowerShell backdoor in recent cyber espionage campaigns. The first MuddyWater campaign was observed in late 2017 when targeted entities in the Middle East. The experts called […]

Pierluigi Paganini June 11, 2019
CVE-2019-2725 Oracle WebLogic flaw exploited in cryptojacking campaign

The CVE-2019-2725 vulnerability in Oracle WebLogic recently, addressed by the company, is being exploited in cryptojacking attacks, Trend Micro reports. Experts at Trend Micro reported that the recently patched CVE-2019-2725 vulnerability in Oracle WebLogic is being exploited in cryptojacking attacks. The flaw is a deserialization remote command execution zero-day vulnerability that affects the Oracle WebLogic wls9_async and wls–wsat components. The […]

Pierluigi Paganini June 10, 2019
CVE-2019-12735 – opening a specially crafted file in Vim or Neovim Editor could compromise your Linux system

Bad news for Linux users, a flaw tracked as CVE-2019-12735 allows to hack their systems by tricking them into opening a specially crafted file in Vim or Neovim Editor. Security expert Armin Razmjou has recently found a high-severity vulnerability (CVE-2019-12735) in Vim and Neovim command-line text editing applications. The vulnerability, tracked as CVE-2019-12735, is classified as an arbitrary OS command […]