Hacking

Pierluigi Paganini July 30, 2019
LAPD data breach exposes personal info of thousands of officers

While Capital One incident is making the headlines, another incident may have severe consequences, the Los Angeles Police Department (LAPD) also suffered a data breach. The Los Angeles Police Department (LAPD) suffered a data breach that exposed the names, email addresses, passwords, and birth dates for thousands of police officers and applicants. The NBCLosAngeles confirmed that […]

Pierluigi Paganini July 30, 2019
Malware researchers analyzed an intriguing Java ATM Malware

Experts spotted a Java ATM malware that was relying on the XFS (EXtension for Financial Service) API to “jackpot” the infected machine Introduction Recently our attention was caught by a really particular malware sample most probably linked toa recent cybercriminal operation against the banking sector. This piece of malicious code is a so-called ‘ATM malware‘: […]

Pierluigi Paganini July 30, 2019
Capital One data breach: hacker accessed details of 106M customers before its arrest

Capital One, one of the largest U.S. –card issuer and financial corporation suffered a data breach that exposed personal information from more than 100 million credit applications. A hacker that goes online with the handle “erratic” breached the systems at Capital One and gained access to personal information from 106 million Capital One credit applications. […]

Pierluigi Paganini July 30, 2019
Critical zero-days discovered in VxWorks RTOS, billions of devices at risk

Security experts at Armis have discovered a dozen zero-day vulnerabilities affecting the VxWorks real-time operating systems (RTOS) for embedded devices. Researchers at Armis Labs have discovered a dozen zero-day flaws in the VxWorks real-time operating systems (RTOS) for embedded devices. The collection of vulnerabilities was dubbed URGENT/11, it includes 11 flaws, 6 of which are […]

Pierluigi Paganini July 29, 2019
WordPress Plugin Facebook Widget affected by authenticated XSS

Security experts at Plugin Vulnerabilities have discovered an authenticated Persistent Cross-Site Scripting (XSS) flaw in Facebook Widget. Researchers at Plugin Vulnerabilities have discovered an authenticated Persistent Cross-Site Scripting (XSS) flaw in the Facebook Widget (Widget for Facebook Page Feeds). The plugin is one of the 1,000 most popular plugins and it was closed on the […]

Pierluigi Paganini July 29, 2019
Sonicwall warns of a spike in the number of attacks involving encrypted malware and IoT malware

According to experts at Sonicwall, scanning of random ports and the diffusion of encrypted malware are characterizing the threat landscape. In 2018, global malware volume recorded by SonicWall hit a record-breaking 10.52 billion attacks. The situation is better in the first half of 2019, when SonicWall recorded 4.8 billion attacks, a 20% drop compared to […]

Pierluigi Paganini July 29, 2019
Android devices could be hacked by playing a video due to CVE-2019-2107 flaw

Watch out! Playing a video on Android devices could be a dangerous operation due to a critical CVE-2019-2107 RCE flaw in Android OS between version 7.0 and 9.0. Playing a specially-crafted video on devices with the Android’s native video player application could allow attackers to compromise them due to a dangerous critical remote code execution […]

Pierluigi Paganini July 28, 2019
Jessica Alba ‘s Twitter account hacked, it posted racist and homophobic messages

Over the weekend, Jessica Alba’s Twitter account was hacked, the miscreants posted homophobic, racist and Nazi-sympathizing messages. On Saturday evening, miscreants hacked the Twitter account of the actress Jessica Alba and posted hateful, homophobic, and racist messages that remained live for hours. One of the messages posted by the hackers reads “Nazi Germany Did Nothing […]

Pierluigi Paganini July 28, 2019
Crooks used rare Steganography technique to hack fully patched websites in Latin America

Experts at Trustwave observed threat actors using a rare technique to compromise fully patched websites. Security experts at Trustwave observed threat actors using a rare steganography technique, attackers are hiding PHP scripts in Exchangeable Image Format (EXIF) headers of JPEG images that are uploaded on the website. The Exchangeable image file format is a standard […]

Pierluigi Paganini July 28, 2019
Security Affairs newsletter Round 224 – News of the week

A new round of the weekly SecurityAffairs newsletter arrived! The best news of the week with Security Affairs. Kindle Edition Paper Copy Once again thank you! Emsisoft releases a second decryptor in a few days, this time for ZeroFucks ransomware Hackers breach 62 US colleges by allegedly exploiting Ellucian Banner Web flaw Twitter account of […]