Hacking

Pierluigi Paganini November 05, 2018
High severity XML external entity flaw affects Sauter building automation product

A security researcher has found a serious vulnerability in a building automation product from Sauter AG that could be exploited to steal files from an affected system. Sauter AG CASE Suit is a building automation product used worldwide that is affected by a high severity XML external entity (XXE) vulnerability that could be exploited to steal files from an affected […]

Pierluigi Paganini November 05, 2018
USB drives are primary vector for destructive threats to industrial facilities

USB removable storage devices are the main vector for malware attacks against industrial facilities, states Honeywell report. According to a report published on by Honeywell, malware-based attacks against industrial facilities mostly leverage USB removable storage devices Experts from Honeywell analyzed data collected with the Secure Media Exchange (SMX), a product it has launched in 2017 and that was designed […]

Pierluigi Paganini November 04, 2018
PortSmash flaw in Hyper-Threading CPU could allow sensitive data theft

PortSmash side-channel flaw that could be exploited with a timing attack to steal information from other processes running in the same CPU core. PortSmash is a new side-channel vulnerability that could be exploited with a timing attack to steal information from other processes running in the same CPU core with SMT/hyper-threading enabled. A group of […]

Pierluigi Paganini November 04, 2018
Kraken ransomware 2.0 is available through the RaaS model

The author of the infamous Kraken ransomware has released a new version of the malicious code and launched a RaaS distribution program on the Dark Web. Researchers from Recorded Future’s Insikt Group and McAfee’s Advanced Threat Research team have discovered a new version of the malware that is offered through a RaaS distribution program on the Dark Web. […]

Pierluigi Paganini November 02, 2018
Cyber attack exposes sensitive data about a nuclear power plant in France

A cyber attack on a French firm Ingerop allowed attackers to access confidential documents related to nuclear power plant plans in France. The hacker stole more than 65 gigabytes of documents back in June, the huge trove of documents includes nuclear power plant plants and blueprints for prisons and tram networks. According to the media, some […]

Pierluigi Paganini November 02, 2018
CISCO warn of a zero-day DoS flaw that is being actively exploited in attacks

Security experts from CISCO warn of a zero-day vulnerability that is being actively exploited in attacks in the wild. The flaw, tracked as CVE-2018-15454, affects the Session Initiation Protocol (SIP) inspection engine of Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD). The flaw could be exploited by a remote attacker to trigger a DoS condition […]

Pierluigi Paganini November 02, 2018
Top Australia Defence company Austal notifies a serious security breach

Austal, a top Australia defence firm reports also working with the United States Navy has suffered a serious security breach. Austal, a top Australia defence firm reports working with the US Navy has suffered a serious security breach, hackers accessed to personnel files and that it was the subject of an extortion attempt. Austal reported the data breach to the Australian Securities […]

Pierluigi Paganini November 02, 2018
FIFA was hacked again, this is the second hack in a year

According to the New York Times, FIFA has suffered the second hack in a year, new documents are set to be published on Friday by Football Leaks. The Fédération Internationale de Football Association, aka FIFA, is a governing body of association football, futsal, and beach soccer. FIFA reveals it was the victim of a new successful phishing campaign that resulted in the exposed […]

Pierluigi Paganini November 01, 2018
BLEEDINGBIT Bluetooth flaws in TI chips expose enterprises to remote attacks

Two vulnerabilities in new Bluetooth chip, dubbed BLEEDINGBIT expose millions of access points and other networking devices to remote attacks. Security experts from the IoT security firm Armis, the same that found the BlueBorne Bluetooth flaws, have discovered two serious vulnerabilities in BLE chips designed by Texas Instruments. The flaws, dubbed BLEEDINGBIT by Armis, could be exploited by a remote and […]

Pierluigi Paganini November 01, 2018
‘Aaron Smith’ Sextortion scam campaigns hit tens of thousands of individuals

Security experts from Cisco Talos have uncovered two recent sextortion scam campaigns that appear to leverage on the Necurs botnet infrastructure. Experts from Cisco Talos analyzed the two campaigns, one of them began on August 30, the other on October 5, the researchers named them ‘Aaron Smith’ sextortion scams after the ‘From: header’ of the messages. […]