Hacking

Pierluigi Paganini February 13, 2017
Watering hole attacks on Polish Banks Linked to Lazarus Group

According to security experts from Symantec and BAE Systems, the recently discovered attacks aimed at Poland banks are linked to the Lazarus Group. Last week, several Polish banks confirmed their systems were infected with a malware after their staff visited the site of the Polish Financial Supervision Authority. The cyber attack was first reported by […]

Pierluigi Paganini February 12, 2017
A new serious DOS flaw affects BIND DNS software, updates it now

A new serious denial-of-service (DoS) vulnerability was patched this week by the Internet Systems Consortium (ISC) in the BIND DNS software. A security serious denial-of-service (DoS) vulnerability, tracked as CVE-2017-3135, was patched this week by the Internet Systems Consortium (ISC) in the BIND DNS software. The vulnerability in the BIND DNS software was reported by Ramesh Damodaran and Aliaksandr Shubnik of […]

Pierluigi Paganini February 12, 2017
Apple’s iCloud saved the deleted Safari browsing history over the years

According to the Russian forensic firm Elcomsoft the Apple iCloud saved deleted Safari browsing history over the years open the door to surveillance. According to digital forensics firm Elcomsof, Apple iCloud maintained deleted internet Safari browsing history over the years. The experts at Elcomsof discovered the issue while trying to extract records from iCloud accounts, they were able to retrieve supposedly deleted Safari browser […]

Pierluigi Paganini February 11, 2017
Sports Direct hacked but it still hasn’t disclosed the breach to its staff

Sports Direct, the UK’s largest sports retail business, was hacked last year, and still hasn’t disclosed the incident to its staff. The Register confirmed that the Sports Direct, the UK’s largest sports retail business, was hacked last year, and still hasn’t disclosed the incident to its staff. In the autumn a hacker broke into the internal systems […]

Pierluigi Paganini February 11, 2017
Privacy groups claim FBI hacking operation in the PlayPen case was unconstitutional

According to Privacy groups, the FBI search warrant used to hack into thousands of computers around the world in the PlayPen case was unconstitutional, Privacy groups are claiming the FBI hacking campaign against the Playpen child pornography community violated international law. According to the court documents, the FBI monitored the Playpen bulletin board Tor hidden service […]

Pierluigi Paganini February 11, 2017
Recent WordPress flaw exploited to deface more than 1.5 million web sites

According to security firm WordFence, the content injection flaw in WordPress recently disclosed has already been exploited to deface over 1.5M websites. A recently patched security vulnerability in the popular WordPress CMS has been exploited to deface roughly 1.5 million web pages. The vulnerability was discovered by a security researcher at firm Sucuri who explained that […]

Pierluigi Paganini February 10, 2017
Every website that uses jQuery Mobile, and has any open redirect is vulnerable to XSS

Every website that uses jQuery Mobile, and has any open redirect anywhere is vulnerable to cross-site scripting (XSS) attacks. The jQuery Foundation’s jQuery Mobile project is an HTML5-based framework that allows users to design a single responsive web site or application that will work on all popular mobile devices and desktop systems. According to the foundation, […]

Pierluigi Paganini February 09, 2017
Ticketbleed flaw in F5 Networks BIG-IP appliances exposed to remote attacks

F5 Networks BIG-IP appliances are affected by a serious vulnerability, tracked as CVE-2016-9244 and dubbed ‘Ticketbleed’ that exposes it to remote attacks The F5 Networks BIG-IP appliances are affected by a serious flaw, tracked as CVE-2016-9244 and dubbed ‘Ticketbleed’, that can be exploited by a remote attacker to extract the content of the memory, including sensitive […]

Pierluigi Paganini February 09, 2017
ENISA Threat Landscape Report 2016, who is attacking us, and how?

ENISA has issued the annual ENISA Threat Landscape Report 2016, a document that synthesizes the emerging trends in cyber security The European Union Agency for Network and Information Security (ENISA) is an EU Agency composed of security experts that work with these states, public organizations and private groups to develop advice and recommendations on good practice […]

Pierluigi Paganini February 08, 2017
Researchers at Dr Web spotted a Windows version of the Mirai bot

Researchers at the antivirus firm Dr.Web discovered a new strain of the Mirai bot, a Windows variant, targeting more ports. Security experts at the antivirus firm Dr.Web discovered a new strain of the Mirai bot targeting more ports, and it is a Windows version of the popular IoT malware. The Windows version of the Mirai bot […]