Akamai Technologies revealed that hackers are exploiting a 12-year-old bug in OpenSSH to hack into millions of IoT devices with SSHowDowN Proxy attacks. IoT devices are a privileged target for hackers, design flaws and wrong configurations open to the attackers. Recently we read about massive DDoS attacks powered by huge botnets powered by hundreds of […]
Tor Project and Mozilla are working together to improve the security of Tor users and make harder for attackers to unmask them. Intelligence and law enforcement agencies continue to invest in order to de-anonymize Tor users. In the past, we received news about several techniques devised by various agencies to track Tor users, from the correlation attacks to the hack […]
Cisco fixed a critical vulnerability in the Cisco Meeting Server, tracked as CVE-2016-6445, that allows remote attackers to impersonate legitimate users. A security vulnerability in Cisco Meeting Server, tracked as CVE-2016-6445, could be exploited by attackers to impersonate legitimate users. Experts from Cisco uncovered the vulnerability during a routine security audit of a customer. The hole resides […]
Dell issued the SonicWALL Email Security OS 8.3.2 release to address high severity issues that can be exploited to take control of the appliance. Security researchers at Digital Defense discovered multiple vulnerabilities while assessed the SonicWALL Email Security virtual appliance (Version 8.3.0.6149). According to the experts. The flaws could be exploited by attackers to conduct a wide […]
Attackers are exploiting a recently patched high-severity DoS flaw, tracked as CVE-2016-2776, in the in the popular DNS software in BIND. Last month a vulnerability in the popular DNS software BIND, tracked as CVE-2016-2776, has been patched. The flaw could be exploited by a remote attacker to trigger a DoS condition using specially crafted DNS packets. The […]
Blockchain.info, the world’s most popular Bitcoin wallet and Block Explorer service went down this week due to a DNS Hijacking attack. Crypto-currencies continue to be a privileged target of cyber criminals, Bitcoin wallets and services provided by many companies operating in the industries have been targeted by criminal organizations as never before. Blockchain.info, the world’s […]
Microsoft October security bulletins patch tens of vulnerabilities, including four Microsoft zero-day vulnerabilities that have been exploited in the wild. Microsoft has released its monthly Patch Tuesday update that includes a total of 10 security bulletins, five the flaws addressed by the updates are zero-day vulnerabilities affecting Internet Explorer, Edge, Windows and Office products. They could be exploited by […]
Cloudflare firm has published a report that analyzes two recent attacks that were powered by large IoT botnets based on the Mirai Threat. The IoT botnets represent one the most dangerous threats in the security landscape, recently we have assisted to cyber attacks powered by these infrastructures that reached magnitude never seen before. The recent DDoS attacks powered […]
The security research Dawid Golunski reported a Root Privilege Escalation in the Apache Tomcat (RedHat-based distros) tracked as CVE-2016-5425. Apache Tomcat packages provided by default repositories of RedHat-based distributions (i.e. CentOS, RedHat, OracleLinux, Fedora, etc.) create a tmpfiles.d configuration file with insecure permissions. The configuration file /usr/lib/tmpfiles.d/tomcat.conf could be modified by a member of the tomcat group or by a malicious […]
Kaspersky published a report on cyber espionage activities conducted by StrongPity APT that most targeted Italians and Belgians with watering holes attacks. Experts from Kaspersky Lab have published a detailed report on the cyber espionage activities conducted by the StrongPity APT. The group is very sophisticated, its operations leverage on watering holes attacks and malware to target users […]