Hacking

Pierluigi Paganini October 12, 2018
Five Eyes Intelligence agencies warn of popular hacking tools

Security agencies belonging to Five Eyes (United States, United Kingdom, Canada, Australia and New Zealand) have released a joint report that details some popular hacking tools. Experts from cybersecurity agencies from Five Eyes intelligence alliance have issued a report that provides technical details on most popular hacking tool families and the way to detect and […]

Pierluigi Paganini October 12, 2018
Hackers targeting Drupal vulnerabilities to install the Shellbot Backdoor

A group of hackers is targeting Drupal vulnerabilities, including Drupalgeddon2, patched earlier this year to install a backdoor on compromised servers. Security experts from IBM are targeting Drupal vulnerabilities, including the CVE-2018-7600 and CVE-2018-7602 flaws, aka Drupalgeddon2 and Drupalgeddon3, to install a backdoor on the infected systems and tack full control of the hosted platforms. According to the IBM experts, this last […]

Pierluigi Paganini October 12, 2018
DOM-XSS Bug Affecting Tinder, Shopify, Yelp, and More

Our team of security researchers was researching dating apps client-side security, and one of the main focus targets was the social search mobile app Tinder. After initial reconnaissance steps were done, a Tinder domain with multiple client-side security issues was found – meaning hackers could have access to users’ profiles and details. Immediately after finding these vulnerabilities, we […]

Pierluigi Paganini October 11, 2018
Juniper Networks provides dozens of fix for vulnerabilities in Junos OS

Juniper Networks has released security updates to address serious vulnerabilities affecting the Junos operating system. This week, Juniper Networks has patched dozens of serious security provided security patches for each of them, the security advisories are available on the company website. The most severe flaw is probably the  CVE-2018-0049, which could be exploited by an attacker to […]

Pierluigi Paganini October 11, 2018
New Gallmaker APT group eschews malware in cyber espionage campaigns

A previously unknown cyber espionage group, tracked as Gallmaker, has been targeting entities in the government, military and defense sectors since at least 2017. A new cyber espionage group tracked as Gallmaker appeared in the threat landscape. According to researchers from Symantec, who first spotted the threat actor, the group has launched attacks on several overseas embassies […]

Pierluigi Paganini October 11, 2018
SAP October 2018 set of patches fixes first Hot News security note for SAP BusinessObjects in 5 years

SAP released its October 2018 set of patches, it includes the first Hot News security note for SAP BusinessObjects in over five years. SAP released its October 2018 set of patches that included 11 security notes, the company also released 4 updates to previously released notes. The patches include 15 notes, 2 rated Hot News and one of […]

Pierluigi Paganini October 10, 2018
GAO report reveals new Pentagon weapon systems vulnerable to hack

According to a new report published by the Government Accountability Office (GAO) almost any new weapon systems in the arsenal of the Pentagon is vulnerable to hack. The new generation of weapon systems developed by the Pentagon is heavily computerized and for this reason more exposed to cyber attacks. According to a new 50-page report […]

Pierluigi Paganini October 10, 2018
CVE-2018-8453 Zero-Day flaw exploited by FruityArmor APT in attacks aimed at Middle East

A Windows zero-day flaw addressed by Microsoft with its latest Patch Tuesday updates is exploited by an APT group in attacks aimed at entities in the Middle East. The Windows zero-day vulnerability tracked as CVE-2018-8453 is a privilege escalation flaw that was exploited by an APT group in attacks against entities in the Middle East. The flaw, tracked as […]

Pierluigi Paganini October 10, 2018
Hackers can compromise your WhatsApp account by tricking you into answering a video call

Hackers can compromise your WhatsApp account by tricking you into answering a video call, the company fixed the flaw in September. WhatsApp has addressed a vulnerability in the mobile applications that could have been exploited by attackers to crash victims instant messaging app simply by placing a call. The vulnerability is a memory heap overflow […]

Pierluigi Paganini October 10, 2018
Millions of Xiongmai video surveillance devices can be easily hacked via cloud feature

Millions of Xiongmai video surveillance devices can be easily hacked via cloud feature, a gift for APT groups and cyber crime syndicates Security experts from security firm SEC Consult have identified over 100 companies that buy and re-brand video surveillance equipment (surveillance cameras, digital video recorders (DVRs), and network video recorders (NVRs)) manufactured by the Chinese […]