Hacking

Pierluigi Paganini March 28, 2019
Gustuff Android banking trojan targets 125+ banking, and 32 cryptocurrency apps

Security experts at Group-IB have detected the activity of Gustuff a mobile Android Trojan, which includes potential targets of customers in leading international banks, users of cryptocurrency services, popular ecommerce websites and marketplaces. Gustuff has previously never been reported. Gustuff is a new generation of malware complete with fully automated features designed to steal both fiat […]

Pierluigi Paganini March 28, 2019
Lazarus APT continues to target cryptocurrency businesses with Mac malware

North Korea-linked Lazarus group made the headlines again, it has been leveraging PowerShell to target both Windows and macOS machines. The North Korea-linked Lazarus APT group made has been leveraging PowerShell to target both Windows and macOS machines in a new wave of attacks. The discovery was made by experts at Kaspersky Lab, the campaign […]

Pierluigi Paganini March 28, 2019
ASUS fixes supply chain of Live Update tool hit in Operation ShadowHammer

ASUS released security patches to fix the issues in the Live Update utility that were exploited by threat actors in Operation ShadowHammer. ASUS announced to have released a fix for the Live Update utility that was exploited by threat actors behind the Operation ShadowHammer to deliver malware to hundreds of users.  The Operation ShadowHammer took […]

Pierluigi Paganini March 27, 2019
LUCKY ELEPHANT campaign targets South Asian governments

The NETSCOUT Threat Intelligence team uncovered a credential harvesting campaign tracked as LUCKY ELEPHANT targeting mostly South Asian governments. Security experts at NETSCOUT Threat Intelligence team uncovered a credential harvesting campaign, tracked as LUCKY ELEPHANT, targeting mostly South Asian governments. The campaign was discovered in early March 2019, threat actors behind the LUCKY ELEPHANT campaign […]

Pierluigi Paganini March 27, 2019
Experts found 36 vulnerabilities in the LTE protocol

A team of researchers from the Korea Advanced Institute of Science and Technology Constitution (KAIST) discovered 36 vulnerabilities in the LTE protocol. Security experts from the Korea Advanced Institute of Science and Technology Constitution (KAIST) have discovered 36 vulnerabilities in the LTE protocol used by most mobile carriers. The researchers used a fuzzing technique to […]

Pierluigi Paganini March 26, 2019
Whitehat settings allow white hat hackers to Test Facebook mobile apps

Facebook introduced new settings designed to make it easier for cyber experts to test the security of its mobile applications. Facebook has announced the implementation of new settings to make it easier for white hat hackers to test the security of its mobile applications. To protect Facebook users, the mobile apps of the company implement […]

Pierluigi Paganini March 26, 2019
Microsoft experts found high severity flaws in Huawei PCManager

Microsoft experts discovered privilege escalation and arbitrary code execution vulnerabilities in a tool from Huawei. Microsoft researchers discovered privilege escalation and arbitrary code execution vulnerabilities in a tool from Huawei, both flaws were classified as “high severity.” The experts discovered the flaws because the kernel sensors in Microsoft Defender Advanced Threat Protection (ATP) detected an […]

Pierluigi Paganini March 25, 2019
Operation ShadowHammer – Supply-Chain attack hit ASUS users

Operation ShadowHammer – ASUS is the last victim of a clamorous supply chain attack that delivered a backdoor to more than one million users, Kaspersky Lab reported. Over 1 million ASUS users may have been impacted by a supply chain attack that leveraged the ASUS Live Update utility to inject a backdoor in ASUS systems. […]

Pierluigi Paganini March 25, 2019
Anubis II – malware and afterlife

Due to the growing demand for Android banking malware, threat actors continue using Anubis even is the creator has vanished. Introduction Besides being the Egyptian God associated with mummification and afterlife, Anubis is also an Android banking malware that has caused quite some trouble for over 300 financial institutions worldwide since 2017. Anubis II is […]

Pierluigi Paganini March 25, 2019
Free Tools: spotting APTs through Malware streams

Cyber security expert and founder of Yoroi has published a new tool that could be used to spot APTs (Advanced Persistent Threats) through Malware streams. There are many ways to spot Advanced Persistent Threats, for example during a forensic analysis on “high rate incident” or having sandbox systems on critical infrastructures or again working as […]