Hacking

Pierluigi Paganini June 26, 2018
Misconfigured Java web server component Jolokia expose website at cyber attacks

Several websites using the misconfigured Java web server component Jolokia, including those operated by financial organizations. are exposed to cyber attacks. Websites using a misconfigured Java web server component are exposed to cyber attacks.  Several high-profile websites including those operated by financial organizations were affected by issues. The security researcher Mat Mannion discovered some flaws […]

Pierluigi Paganini June 26, 2018
Lazarus APT hackers leverages HWP Documents in a recent string of attacks

Security researchers at AlienVault uncovered a series of cyber attacks on cryptocurrency exchanges leveraging weaponized Hangul Word Processor HWP documents (Hangul Word Processor documents). The string of attacks involving the HWP documents has been attributed to the North Korea-linked Lazarus APT group, and includes the hack of the South Korean virtual currency exchange Bithumb. The hackers […]

Pierluigi Paganini June 25, 2018
China Tick APT group targeting air-gapped systems in Asia

Palo Alto Networks experts uncovered a new operation conducted by the cyber espionage group known as Tick APT that has been targeting a secure USB drive built by a South Korean defense company.  The Tick APT group has been active for at least a decade, tracked also as Bronze Butler, it was first spotted in 2016 by […]

Pierluigi Paganini June 25, 2018
Oracle issued security patches for recently discovered Spectre and Meltdown issues

Last week Oracle started releasing software and microcode updates for products affected by the recently disclosed variants of the Spectre and Meltdown flaws. In May, tech giants Intel, AMD, ARM, IBM, Microsoft and other tech firms teamed to disclose two new variants of both Meltdown and Spectre issues. The so-called Variant 4 (CVE-2018-3639) relies on a Speculative Store Bypass (SSB), […]

Pierluigi Paganini June 24, 2018
WannaSpam – Beware messages from WannaCry-Hack-Team, it is the last hoax

WannaSpam – Many users have received a mysterious message that claims their PC was infected by WannaCry Ransomware. Crooks ask victims to pay a ransom, but it’s a scam. Many users have received a mysterious message from a group that called itself the “WannaCry-Hack-Team” that claims that WannaCry Ransomware has returned. The mail informs the recipients that their computer has […]

Pierluigi Paganini June 24, 2018
Vulnerabilities in Fredi Wi-Fi baby monitor can be exploited to use it a spy cam

Vulnerabilities in Fredi Wi-Fi baby monitor could be exploited by a remote unauthenticated attacker to control it and spy on the family. Security researchers at SEC Consult reported discovered that vulnerabilities in Fredi Wi-Fi baby monitor could be exploited by a remote unauthenticated attacker to control it and spy on the family. The investigation started when […]

Pierluigi Paganini June 24, 2018
A hacker devised a method to unlock any iPhone and iPad device

A security researcher has devised a method to brute force a passcode on every Apple iPhone or iPad, even the up-to-date ones. Since iOS 8 rolled out in 2014, iPhone and iPad devices are protected with encryption, without providing passcode it is quite impossible to unlock the device. If the user enters more than 10 times […]

Pierluigi Paganini June 23, 2018
According to the experts, North Korea is behind the SWIFT attacks in Latin America

SWIFT hackers continue to target banks worldwide, the last string of attacks hit financial institutions across Latin America. According to three people with knowledge of the matter cited by Cyberscoop the attacks were carried by North Korea-linked APT groups that targeted also other banks Recent attacks hit Mexico’s Bancomext and Chile’s Bank of Chile, in both cases the attackers used a […]

Pierluigi Paganini June 23, 2018
Wavethrough CVE-2018-8235 flaw in Microsoft Edge leaks sensitive data

A flaw in the Edge browser, dubbed Wavethrough, addressed by latest Microsoft Patch Tuesday for June 2018 could be exploited to read restricted data. A bug in the Edge browser addressed by latest Microsoft Patch Tuesday for June 2018 could be exploited by attackers via malicious or compromised websites to read restricted data. The flaw was reported by […]

Pierluigi Paganini June 22, 2018
Crooks exploit CVE-2018-7602 Drupal flaw, aka Drupalgeddon3 to deliver Monero miner

Crooks are attempting to exploit a recently patched Drupal vulnerability, tracked as CVE-2018-7602, to drop Monero mining malware onto vulnerable systems. The CVE-2018-7602 flaw is a highly critical remote code execution issue, also known as Drupalgeddon3, that was addressed by the Drupal team in April with the release of versions 7.59, 8.4.8 and 8.5.3. The security patch for the […]