Cozy Bear launched new spear-phishing attacks against US policy think-tanks aiming to infect their systems with a malware. Trump is the new US President, a few hours after he won the election, a hacking crew powered several spear-phishing attacks against US policy think-tanks aiming to infect their systems with a malware. The security experts believe […]
Once again the hacker Kapustkiy breached an embassy and leaked data on Pastebin, this time the victim is the Paraguay Embassy of Taiwan. The security pentester who goes online with the moniker Kapustkiy breached the Paraguay Embassy of Taiwan (www.embapartwroc.com.tw). A few days ado the hacker and his friend Kasimierz (@Kasimierz_) hacked the Indian Embassies in Switzerland, Mali, […]
Telecrypt ransomware is a new malware that abuses the instant messaging service Telegram for command and control (C&C) communications. Security experts from Kaspersky Lab have spotted a new Ransomware, called Telecrypt (Trojan-Ransom.Win32.Telecrypt), that abuses the Telegram instant messaging service for communications with command and control (C&C). The Delphi-written Trojan, which is currently targeting only Russian users, it exploits […]
The Legendary Blog of MalwareMustDie is closed for protest against NSA hacking trace of educational and public servers of harmless countries. The Shadow Brokers, the hacker group that hacked NSA hackers, who have previously released NSA hacking tools for anyone to download, published more files containing the IP address of 49 countries that have been […]
Siemens released security updates and temporary fixes to fix a privilege escalation flaw, tracked CVE-2016-7165, that affects several industrial products. Siemens has released security updates and temporary fixes to address a privilege escalation vulnerability, tracked CVE-2016-7165, that affects several industrial products. The flaw could be exploited by attackers to escalate their privileges if the flawed products […]
The effects of cyber-attacks against SCADA/ICS are well known, however, there is a great confusion when dealing with mitigation techniques. The Majority are aware of the impact cyber-attacks can have on Industrial Control Systems however, the reality in terms of mitigation techniques are shrouded with confusion and a reactive approach. Recent 0-day vulnerability dubbed as […]
Kaspersky discovered a new strain of the Svpeng Trojan delivered through popular news websites using Google’s AdSense via a zero-day in Chrome. Crooks exploited a Chrome Zero-Day vulnerability to deliver the Android Svpeng Trojan to Android users via Google AdSense. The Svpeng Trojan is not a new threat, it was first spotted by Kaspersky Lab in July 2013 when threat […]
Microsoft has issued a security patch that fixes the zero-day vulnerability tracked as CVE-2016-7255 exploited by Russian hackers. Microsoft has issued security patches that fixed also the zero-day vulnerability exploited by Russian hackers. One of the zero-days tracked as CVE-2016-7255 has been patched in the MS16-135 bulletin that also addresses two information disclosure and three […]
Carnegie-Mellon CERT warns of a flawed implementation of HNAP in D-Link routers (CVE-2016-6563) that could be exploited for remote execute code. According to the Carnegie-Mellon CERT the implementation of the Home Network Automation Protocol (HNAP) of D-Link routers is affected by a stack-based buffer overflow vulnerability tracked as CVE-2016-6563. The flaw could be exploited by a […]
A group of researchers from Nokia Bell Labs and Aalto University in Finland demonstrated how to hack protocols used in the LTE networks. We discussed several times the rule of the SS7 signaling protocol in mobile communications and how to exploit its flaws to track users. When mobile users travel between countries, their mobile devices connect to the infrastructure of a […]