Hacking

Pierluigi Paganini September 10, 2018
Fallout exploit kit appeared in the threat landscape in malvertising campaigns

At the end of August, security experts discovered a new exploit kit called Fallout that is being used to distribute the GandCrab ransomware. At the end of August, the threat analyst nao_sec discovered a new exploit kit called Fallout that is being used to distribute the GandCrab ransomware and other malicious codes, including droppers and potentially unwanted […]

Pierluigi Paganini September 09, 2018
The main source of infection on ICS systems was the internet in H1 2018

Researchers from Kaspersky have published a new report on the attacks on ICS systems observed by its products in the first half of 2018. Kaspersky Lab experts have published a new report titled “Threat Landscape for Industrial Automation Systems” report for H1 2018, that includes interesting data related to attacks against the ICS systems. The security […]

Pierluigi Paganini September 09, 2018
Security Affairs newsletter Round 179 – News of the week

A new round of the weekly SecurityAffairs newsletter arrived! The best news of the week with Security Affairs. Let me inform you that my new book, “Digging in the Deep Web” is online with a special deal 20% discount Kindle Edition Paper Copy Once again thank you! ·      John McAfees Bitfi cryptocurrency wallet was hacked by […]

Pierluigi Paganini September 09, 2018
Domestic Kitten – An Iranian surveillance operation under the radar since 2016

CheckPoint uncovered an extensive surveillance operation conducted by Iranian APT actor and tracked as Domestic Kitten aimed at specific groups of individuals. Researchers at security firm CheckPoint uncovered an extensive surveillance operation conducted by Iranian APT actor and tracked as Domestic Kitten aimed at specific groups of individuals. Cyber spies used malicious mobile apps that […]

Pierluigi Paganini September 08, 2018
Apple removed the popular app Adware Doctor because steals user browsing history

Apple has removed one of the most popular anti-malware app called Adware Doctor:Anti Malware &Ad from the official macOS App Store Apple has removed one of the most popular anti-malware app called Adware Doctor:Anti Malware &Ad from the official macOS App Store because it was gathering users’ browser histories and other sensitive data and then upload them to a […]

Pierluigi Paganini September 07, 2018
Flaw in update process for BMCs in Supermicro servers allows to deliver persistent malware or brick the server

A team of security researchers discovered a vulnerability in the baseboard management controller (BMC) hardware used by Supermicro servers. Researchers from security firm Eclypsium have discovered a vulnerability in the firmware update mechanism that could be exploited by hackers to deliver persistent malware, completely wipe and reinstall of the operating system. “Using the vulnerabilities we discovered, it […]

Pierluigi Paganini September 06, 2018
British Airways hacked, attackers stole details of 380,000 customers

Personal and payment card information of 380,000 British Airways customers were stolen by attackers, stolen data did not include travel or passport details. British Airways was hacked, customer personal and payment card information of 380,000 were stolen by attackers, the stolen data did not include travel or passport details. The company published a data breach notification […]

Pierluigi Paganini September 06, 2018
Recently uncovered PowerPool Group used recent Windows Zero-Day exploit

Security experts from ESET observed a treat actor, tracked as PowerPool, exploiting the recently disclosed Windows zero-day flaw in targeted attacks. The vulnerability was publicly disclosed on August 27 by the security expert “@SandboxEscaper,” the researcher also published the exploit code for the vulnerability. The vulnerability affects Microsoft’s Windows operating systems that could be exploited by a […]

Pierluigi Paganini September 06, 2018
New OilRig APT campaign leverages a new variant of the OopsIE Trojan

The Iran-linked APT group OilRig was recently observed using a new variant of the OopsIE Trojan that implements news evasion capabilities. Experts at Palo Alto Networks observed a new campaign carried out by the Iran-linked APT group OilRig that was leveraging on a new variant of the OopsIE Trojan. The OilRig hacker group is an Iran-linked APT that has been […]

Pierluigi Paganini September 06, 2018
MEGA Chrome browser extension hacked, bogus version stole users’ credentials

The MEGA Chrome browser extension had been hacked and replaced with a one that steals users’ credentials for popular web services Are you using the MEGA Chrome browser extension? Uninstall it now because the Chrome extension for MEGA file storage service had been hacked and replaced with a one that steals users’ credentials for popular […]