Hacking

Pierluigi Paganini March 24, 2017
QNAP QTS Domain Privilege Escalation Vulnerability

The vulnerability allows any local user, such as “httpdusr” used to run web application, to escalate to Domain Administrator if the NAS is a domain member. Pasquale ‘sid’ Fiorillo from ISGroup (www.isgroup.biz), an Italian Security Company, and Guido ‘go’ Oricchio of PCego (www.pcego.com), a System Integrator, have just released a critical security advisory for any […]

Pierluigi Paganini March 23, 2017
Data breach – Are you an Android Forums user? Resets your passwords now.

Android Forums notified a data breach, according to the moderators at the site roughly 2.5 percent of users have been affected. Android Forums is the last victim of a data breach, roughly 2.5 percent of users have been affected. The moderators at the Android Forums confirmed they’ve been able to identify the alleged compromised accounts, in response […]

Pierluigi Paganini March 23, 2017
Machete espionage campaign continues to target LATAM countries

The threat group behind the Machete cyber espionage campaign first spotted in 2014 continues to target entities in Spanish-speaking countries. According to the researchers at security firm Cylance Threat actors behind the cyber espionage campaign dubbed Machete continue to target entities in Spanish-speaking countries. The Machete campaign was first uncovered by the researchers at Kaspersky in August 2014 and […]

Pierluigi Paganini March 23, 2017
Turkish Crime Family group will remotely wipe hundreds of millions of iPhones unless Apple pays ransom

Hackers belonging to the Turkish Crime Family group threaten to remotely wipe hundreds of millions of iPhones unless Apple pays a ransom. Crooks are claiming to have over 627 millions of iCloud credentials and intend to wipe date from iPhones, iPads and Macs if the Apple does not pay $150,000 within two weeks. Members of […]

Pierluigi Paganini March 22, 2017
Vulnerabilities in LastPass allowed attackers to steal passwords

The notorious Google Project Zero hacker Tavis Ormandy discovered numerous vulnerabilities in the Chrome and Firefox extensions of the LastPass password manager. The Security expert at Google Project Zero Tavis Ormandy discovered several vulnerabilities in Chrome and Firefox extensions of the LastPass password manager that can be exploited to steal passwords. The expert also wrote PoC exploit for the flaw […]

Pierluigi Paganini March 22, 2017
New Metasploit RFTransceiver extension allows testing IoT sevices

Metasploit RFTransceiver extension implements the Hardware Bridge API that will allow organizations to test wireless devices operating outside 802.11 spec. Recently we reported the news of the availability of a new hardware bridge for Metasploit extension to test hardware, including IoT devices. We have to consider that IoT devices are pervading our day life such as into […]

Pierluigi Paganini March 21, 2017
Exclusive: Dirty Political Spying Attempt behind the FHAPPI Campaign: all the details in the interview with @unixfreaxjp

The role of China (PRC) in the worldwide cyber espionage game of conditioning political life: when reserved information are brandished against the political opponent. In the days of testimony of U.S. Federal investigators about the role played during the last year by Russians, their alleged cyber operation is once again under examination. The mainstream media […]

Pierluigi Paganini March 21, 2017
Over 20 million Gmail and 5 million Yahoo accounts available for sale on the Dark Web

The vendor “SunTzu583” is offering for sale over 20 million Gmail and 5 million Yahoo login credentials on the Dark Web A vendor with the online moniker “SunTzu583” is reportedly selling millions of login credentials for Gmail and Yahoo accounts on a black market in the dark web. Over 20 million Gmail accounts and 5 million […]

Pierluigi Paganini March 21, 2017
McDonald’s McDelivery app leaks details of over 2.2 million customers

The McDelivery application used by McDonald’s customers in India was found to be leaking the personal data of more than 2.2 million users. McDelivery is a web application used by McDonald’s customers in India that was found to be leaking the personal information of more than 2.2 million users. The issue was discovered by researchers at security […]

Pierluigi Paganini March 20, 2017
CIA Vault7 Leak – Cisco IOS and IOS XE Software Cluster Management Protocol Remote Code Execution flaw

After the leak of the CIA Vault7 archive, experts from CISCO warn of Cisco IOS and IOS XE Software Cluster Management Protocol Remote Code Execution flaw. Recently Wikileaks announced it is planning to share with IT firms details about vulnerabilities in a number of their products, the flaw are exploited by the hacking tools and […]