Hacking

Pierluigi Paganini December 16, 2017
Pre-Installed Keeper Password Manager on Windows 10 exposes systems to passwords stealing

White hat hacker discovered some Windows 10 versions come with a pre-installed version of Keeper Password Manager that exposes systems to passwords stealing. I was reading Tweets when I noticed the following post: I don't want to hear about how even a password manager with a trivial remote root that shares all your passwords with […]

Pierluigi Paganini December 16, 2017
19 Million California Voter records held for ransom attack on a MongoDB instance

Voter registration data for more than 19 million California residents stored in an unsecured MongoDB instance has been deleted and held for ransom. Voter registration data for more than 19 million California residents that was stored in an unsecured MongoDB database has been deleted and held for ransom by attackers. The incident was discovered by researchers at […]

Pierluigi Paganini December 15, 2017
Lazarus APT Group targets a London cryptocurrency company

Security experts from Secureworks revealed the Lazarus APT group launched a spearphishing campaign against a London cryptocurrency company. The dreaded Lazarus APT group is back and launched a spearphishing campaign against a London cryptocurrency company to steal employee credentials. The activity of the Lazarus Group surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks […]

Pierluigi Paganini December 15, 2017
The cybersecurity firm Fox-IT disclosed a security breach that affected its infrastructure

For Fox-IT disclosed a security breach that affected its infrastructure and demonstrated how to manage it in an outstanding way. The cybersecurity firm Fox-IT, one of the top security companies currently owned by the UK giant NCC Group, disclosed a security breach that affected its infrastructure. According to the firm, on September 19 an unknown attacker carried […]

Pierluigi Paganini December 14, 2017
New Triton malware detected in attacks against a Critical Infrastructure operator

Triton malware – A new strain of malware specifically designed to target industrial control systems (ICS) system has been spotted by researchers at FireEye A new strain of malware dubbed Triton specifically designed to target industrial control systems (ICS) has been spotted by researchers at FireEye. The Triton malware has been used in attacks aimed at an unnamed critical […]

Pierluigi Paganini December 14, 2017
FortiClient improper access control exposes users’ VPN credentials

FortiClient for Linux, Mac OSX and Windows stores encrypted VPN authentication credentials in improperly secured locations. Fortinet provided security updates for its next-generation endpoint protection FortiClient product that address a serious information disclosure vulnerability. The flaw, tracked as CVE-2017-14184, could be exploited by an attacker to obtain VPN authentication credentials. FortiClient is a powerful product that includes […]

Pierluigi Paganini December 14, 2017
Experts disclosed an unpatched zero-day vulnerability in the firmware of AT&T DirecTV WVB kit

Security researchers at Trend Micro have publicly disclosed an unpatched zero-day flaw in the firmware of AT&T DirecTV WVB kit after manufactured failed to patch it Security researchers at Trend Micro have discovered an unpatched zero-day vulnerability in the firmware of AT&T DirecTV WVB kit after the manufacturer failed to patch this flaw over the past few months. […]

Pierluigi Paganini December 13, 2017
ROBOT Attack: RSA TLS crypto attack worked against Facebook, PayPal, and tens of 100 top domains

ROBOT ATTACK – Security experts have discovered a 19-year-old flaw in the TLS network security protocol that affects many software worldwide. The security researchers Hanno Böck and Juraj Somorovsky of Ruhr-UniversitĂ€t Bochum/Hackmanit, and Craig Young of Tripwire VERT, have discovered a 19-year-old vulnerability in the TLS network security protocol in the software several tech giants […]

Pierluigi Paganini December 13, 2017
December Microsoft Patch Tuesday addresses 19 Critical browser issues

Microsoft released Patch Tuesday updates for December 2017 that address more than 30 vulnerabilities, including 19 Critical browser issues. Microsoft has released its Patch Tuesday updates for December 2017 that address more than 30 vulnerabilities, including 19 critical flaws affecting the Internet Explorer and Edge web browsers. Microsoft addressed several memory corruption flaws that can be exploited […]

Pierluigi Paganini December 12, 2017
Smart Shield Detector allows thieves to discover if the ATM is protected by anti-skimming technology

Crooks are now involving a small, battery-powered device dubbed Smart Shield Detector that is able to detect digital anti-skimming technology used by ATMs. ATM skimmers are widely adopted by crooks to steal payment card data, in the last months, experts observed an increase in the number of cyber attacks against ATM involving so-called ‘insert skimmers.’ In response, […]