Hacking

Pierluigi Paganini September 14, 2017
Thousands of Elasticsearch installs compromised to host PoS Malware

Experts discovered 4,000 compromised installations on Amazon AWS of open source analytics and search tool Elasticsearch that were running PoS malware. Security researchers from the firm Kromtech have discovered 4,000 compromised instances of open source analytics and search tool Elasticsearch that were running PoS malware. According to Kromtech, this is just a portion of the overall number of compromised […]

Pierluigi Paganini September 14, 2017
Zerodium is offers $1 Million for Tor Browser Exploits

The company ZERODIUM announced it will pay up to $1 million for fully working zero day exploits for Tor Browser on Tails Linux and Windows OSs. The zero-day broker Zerodium offers $1 million for Tor Browser exploits with the intent to unmask Tor users. The controversial firm will then resell the zero-day exploit for Tor […]

Pierluigi Paganini September 13, 2017
Bashware attack, how to run Linux malware on Windows systems

Experts found a new alarming method dubbed Bashware attack that allows attackers to silently run malware to bypass even the most common security solutions, The new Windows 10 feature Windows Subsystem for Linux (WSL) that implements the Linux bash terminal in Microsoft operating system could be exploited by malware to run undetected. The feature was recently […]

Pierluigi Paganini September 12, 2017
Billions of mobile, desktop and IoT devices potentially exposed to BlueBorne Attack

Billions of mobile, desktop and IoT devices that use Bluetooth may be exposed to a new stealthy remote attack dubbed BlueBorne attack. Billions of mobile, desktop and IoT devices that use Bluetooth may be exposed to a new remote attack, even without any user interaction and pairing. The unique condition for BlueBorne attacks is that targeted devices […]

Pierluigi Paganini September 12, 2017
Brute Force 900k + Attempts on a New Server

Brute Force Attack Report – This article is going to cover an attack we have had on a new network from the second it was connected to the internet. Instantly we were collecting data showing the determination of people trying to gain “root” access to our Server. Our data shows us that on the 21/August/2017 […]

Pierluigi Paganini September 12, 2017
MongoDB improves security amid new wave of ransom-attacks

MongoDB company implements new data security features in response to the recent wave of ransom attacks that hit installations worldwide. You have to admit that the bad actors are very good at leveraging a vulnerability into a lucrative opportunity. The latest example comes from MongoDB,  a popular, open source database commonly deployed for big data applications on […]

Pierluigi Paganini September 11, 2017
Expert disclosed 10 zero-day vulnerabilities in D-Link DIR 850L wireless routers

The security researcher Pierre Kim has discovered ten critical zero-day vulnerabilities in D-Link DIR 850L routers and invites users to stop using them. The security researcher Pierre Kim has discovered ten critical zero-day vulnerabilities in routers from networking equipment manufacturer D-Link that open owners to cyber attacks. The flawed devices are the D-Link DIR 850L wireless AC1200 dual-band […]

Pierluigi Paganini September 11, 2017
Apache Foundation rejects allegation Equifax hackers exploited CVE-2017-9805 in Struts

Media and experts speculate Equifax Hack was the result of the exploitation of the recently discovered critical vulnerability CVE-2017-9805 in Apache Struts. Last week Equifax reported a huge data breach, hackers accessed its systems between mid-May and late July. The incident affected roughly 143 million U.S. consumers and some customers in the U.K. and Canada. […]

Pierluigi Paganini September 11, 2017
Hackers can remotely access Smiths Medical Syringe Infusion Pumps to kill patients

The US-CERT is warning of hackers can remotely access Smiths Medical Syringe Infusion Pumps to control them and kill patients. IoT devices continue to enlarge our surface of attack, and in some cases, their lack of security can put our lives in danger. Let’s thinks for example of medical devices that could be hacked by attackers […]

Pierluigi Paganini September 11, 2017
Toast Overlay attacks, a Cloak and Dagger with No Permissions, fixed by Google

Google just fixed a high-severity Android vulnerability, tracked as CVE-2017-0752, that ties with the Toast Overlay attacks. Security researchers with Palo Alto Networks Unit 42, warned of a high-severity Android vulnerability, tracked as CVE-2017-0752, that ties with the “toast attack” overlay vulnerability. The experts reported that it is possible to abuse Android’s toast notification, a feature […]