Hacking

Pierluigi Paganini March 29, 2017
Google hacker found a third flaw in the LastPass password manager in a few weeks

The Google hacker Tavis Ormandy discovered a third flaw in LastPass password manager in a few weeks, the expert provided a few details about the issue. A couple of weeks ago, the notorious Google Project Zero hacker Tavis Ormandy discovered numerous vulnerabilities in the Chrome and Firefox extensions of the LastPass password manager. Wrote a quick exploit […]

Pierluigi Paganini March 29, 2017
Industrial Sector ICSs under attack – Kaspersky Lab’s ICS-CERT

The report shows a disconcerting reality, the number of targeted attacks on the ICSs deployed in the Industrial sector continues to increase. The Kaspersky Lab’s ICS-CERT has published a report on the threat landscape for industrial automation systems (ICSs) related to second half of 2016. The report shows a disconcerting reality, the number of targeted attacks on […]

Pierluigi Paganini March 28, 2017
FBI Cyber Division warns the healthcare industry of FTP attacks

The Cyber Division of the U.S. Federal Bureau of Investigation (FBI) warns the companies in the healthcare industry of FTP attacks. The Cyber Division of the U.S. Federal Bureau of Investigation (FBI) warns the healthcare industry that malicious actors are actively targeting File Transfer Protocol (FTP) servers of medical and dental facilities that allow anonymous […]

Pierluigi Paganini March 28, 2017
APT29 group used domain fronting to evade detection long before these techniques were widely known

Experts at FireEye discovered the APT29 group adopted domain fronting long before these techniques were widely known in the IT security community. Security firm FireEye continues to follow APT29 group (aka The Dukes, Cozy Bear and Cozy Duke), on Monday it revealed that the cyber spies have been using a technique called “domain fronting” to make hard […]

Pierluigi Paganini March 27, 2017
Miele Professional PG 8528 washer-disinfector affected by a Web Server Directory Traversal

An Internet-Connected Medical Washer-Disinfector, the Miele’s model Professional PG 8528, is affected by a Web Server Directory Traversal. While the number of IoT devices continue to exponentially increase, the level of security of these smart objects is often not adequate end exposes users at risk of cyber attacks. The news of the say is a […]

Pierluigi Paganini March 26, 2017
How much costs a DDoS attack service? Which factors influence the final price?

How much costs a DDoS attack service? Kaspersky Lab published an analysis on the cost of a DDoS attack and services available in the black markets. The DDoS attacks continue to be a profitable business in the cyber criminal underground. Powering a DDoS attack against an organization is even cheaper, running an attack can cost […]

Pierluigi Paganini March 26, 2017
The Winnti Gang continues its activity and leverages GitHub for C&C Communications

Trend Micro discovered the Chinese threat actor Winnti has been abusing GitHub service for command and control (C&C) communications. Security experts at Trend Micro continue to monitor the activities of the Chinese Winnti hacker group, this time the hackers have been abusing GitHub for command and control (C&C) communications. “Recently, the Winnti group, a threat actor with […]

Pierluigi Paganini March 25, 2017
Malware posing as Siemens PLC application is targeting ICS worldwide

Findings of the MIMICS project conducted by Dragos Threat Operations Center show a malware posing as Siemens PLC application is targeting ICS worldwide. After the disclosure of the Stuxnet case, the security industry started looking at ICS malware with increasing attention. A malware that infects an industrial control system could cause serious damages and put in danger human lives. […]

Pierluigi Paganini March 25, 2017
CVE-2017-0022 Windows Zero-Day flaw used by AdGholas hackers and it was included in Neutrino EK

The recently patched CVE-2017-0022 Windows Zero-Day vulnerability has been exploited by threat actors behind the AdGholas malvertising campaign and Neutrino EK since July 2016. Microsoft has fixed several security flaws with the March 2017 Patch Tuesday updates. According to security experts at Trend Micro, the list of fixed vulnerabilities includes three flaws that had been exploited […]

Pierluigi Paganini March 24, 2017
US blames North Korea for the $81 million Bangladesh cyber heist

US federal prosecutors speculate the involvement of North Korea in the cyber heist of $81 million from Bangladesh’s account at the New York Federal Reserve Bank. The news was reported by The Wall Street Journal, prosecutors suspect the involvement of Chinese middlemen who helped the Government of Pyongyang to organize the cyber theft. In February 2016, unknown hackers transferred […]