Hacking

Pierluigi Paganini November 27, 2018
Malicious developer distributed tainted version of Event-Stream NodeJS Module to steal Bitcoins

Hacker compromised third-party NodeJS module “Event-Stream” introducing a malicious code aimed at stealing funds in Bitcoin wallet apps. The malicious code was introduced in the version 3.3.6, published on September 9 via the  Node Package Manager (NPM) repository. The Event-Stream library is a very popular NodeJS module used to allow developers the management of data streams, it has nearly 2 […]

Pierluigi Paganini November 27, 2018
Experts demonstrate how to exfiltrate data using smart bulbs

Security researchers with Checkmarx developed two mobile applications that abuse the functionality of smart bulbs for data exfiltration. Security researchers with Checkmarx developed two mobile applications that exploit smart bulbs features for data exfiltration. The experts used the Magic Blue smart bulbs that implement communication through Bluetooth 4.0. The devices are manufactured by the Chinese company called […]

Pierluigi Paganini November 26, 2018
Hacker stole $1m from Silicon Valley executive via SIM swap

Nicholas Truglia, a 21-years-old man from New York, has stolen $1 million from Silicon Valley executive via SIM swap, and targeted other indivisuals. Nicholas Truglia, a 21-years-old man from New York, has been accused of stealing $1 million from Silicon Valley executive via SIM swap. He gained access to his phone number and used it impersonate […]

Pierluigi Paganini November 25, 2018
Very trivial Spotify phishing campaign uncovered by experts

Researchers at AppRiver uncovered a very trivial phishing campaign targeting the streaming service Spotify, anyway, it is important to share info about it. Security researchers at AppRiver uncovered a phishing campaign targeting the popular streaming service Spotify. The phishing campaign was discovered earlier November, attackers used convincing emails to trick Spotify users into providing their account credentials. The messages include a […]

Pierluigi Paganini November 25, 2018
Security Affairs newsletter Round 190 – News of the week

A new round of the weekly SecurityAffairs newsletter arrived! The best news of the week with Security Affairs. Let me inform you that my new book, “Digging in the Deep Web” is online with a special deal 20% discount Kindle Edition Paper Copy Once again thank you! ·      6,500+ sites deleted after Dark Web hosting […]

Pierluigi Paganini November 24, 2018
North Korea-linked group Lazarus targets Latin American banks

According to security reearchers at Trend Micro, the North Korea-linked APT group Lazarus recently targeted banks in Latin America. The North Korea-linked APT group Lazarus recently targeted banks in Latin America, Trend Micro experts reported. The activity of the Lazarus Group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks and experts […]

Pierluigi Paganini November 23, 2018
Beware Black Friday & Cyber Monday shoppers: fake products, credit cards scams and other types of fraud

Group-IB security experts are warning about the increasing scammers’ activity during the Black Friday and Cyber Monday Sales Group-IB, an international company that specializes in preventing cyber attacks, warns about the increasing scammers’ activity during the Black Friday and Cyber Monday Sales. Group-IB experts have discovered more than 400 website-clones of the popular marketplace AliExpress and roughly 200 fake websites […]

Pierluigi Paganini November 23, 2018
Exclusive Cybaze ZLab – Yoroi – Hunting Cozy Bear, new campaign, old habits

The experts at Cybaze ZLab – Yoroi continue the analysis of new strain of malware used by the Russia-linked APT29 cyberespionage group (aka Cozy Bear) The experts at Cybaze ZLab – Yoroi continue the analysis of new strain of malware used by the Russia-linked APT29 cyberespionage group (aka The Dukes, Cozy Bear, and Cozy Duke). The researchers of Yoroi ZLab, on […]

Pierluigi Paganini November 23, 2018
Software company OSIsoft has suffered a data breach

Software company OSIsoft has suffered a data breach, the firm confirmed that all domain accounts have likely been compromised. Software company OSIsoft notified security breach to employees, interns, consultants, and contractors. The company offers real-time data management solutions, its core product is the open enterprise infrastructure, the PI System, that allows connecting sensor-based data, systems, and people. The […]

Pierluigi Paganini November 22, 2018
Chaining 3 zero-days allowed pen testers to hack Apple macOS computers

Dropbox team disclosed three critical zero-day vulnerabilities in Apple macOS, chaining them it is possible to take over a Mac computer. Dropbox team disclosed three critical zero-day vulnerabilities (CVE-2017-13890, CVE-2018-4176, CVE-2018-4175) affecting the Apple macOS operating system, an attacker could chain them to remotely execute arbitrary code on a targeted Mac computer. The attacker only needs to trick victims […]