it security

Pierluigi Paganini May 01, 2020
Over 800K WordPress sites are at risk due to a flaw in Ninja Forms plugin

The development team oh the Ninja Forms WordPress plugin fixed a high severity security flaw that can let attackers take over websites. The developers behind the Ninja Forms WordPress plugin have addressed a Cross-Site Request Forgery (CSRF) vulnerability that could lead to Stored Cross-Site Scripting (Stored XSS) attacks. Ninja Forms is a drag and drop form builder plugin […]

Pierluigi Paganini April 30, 2020
Chegg discloses the third data breach in the last two years

The American education technology firm Chegg discloses a security breach, it already sent notifications to its employees The US education technology company Chegg discloses a security breach that took place in early April, the firm already sent notifications to its employees. The data breach notification sent on April 28 inform the employee of a security […]

Pierluigi Paganini April 30, 2020
Group-IB uncovers PerSwaysion – sophisticated phishing campaign targeting executives worldwide

Group-IB uncovered a new sophisticated phishing campaign, tracked as PerSwaysion, against high-level executives of more than 150 companies worldwide.  Group-IB, a Singapore-based cybersecurity company, has identified a series of sophisticated successful phishing attacks against the management and executives of more than 150 companies around the world. The campaign, dubbed PerSwaysion due to the extensive abuse […]

Pierluigi Paganini April 30, 2020
Experts found critical flaws in 3 popular e-Learning WordPress Plugins

Security researchers from Check Point Research Team discovered critical vulnerabilities in three popular e-learning plugins for WordPress sites. Security researchers at Check Point Research Team are warning of recently discovered vulnerabilities in some popular online learning management system (LMS) WordPress plugins. The impact could be serious because these WordPress plugins are used for WordPress sites […]

Pierluigi Paganini April 29, 2020
Journalist Matthew Keys is now charged with an attack on a magazine

Matthew Keys, a former Reuters journalist, who was sentenced to 2 years in prison for hacking attacks on California media is now charged with an attack on a magazine. Matthew Keys is a former Reuters journalist who was convicted in October 2015 of supporting the Anonymous collective and that was sentenced to 24 months in prison for […]

Pierluigi Paganini April 29, 2020
Estonian intelligence reports foreign hackers breached Mail.ee email provider

State-sponsored hackers have compromised a small number of accounts of the Estonian email provider Mail.ee belonging to high-profile people. Alleged state-sponsored hackers have hijacked a small number of accounts at the Estonian email provider Mail.ee, they exploited a zero-day vulnerability in the attack. According to the end-of-year report published this month by Estonian Internal Security […]

Pierluigi Paganini April 29, 2020
Google found zero-click vulnerabilities in Apple’s multimedia processing components

Google Project Zero white-hat hackers have disclosed zero-click vulnerabilities affecting multiple Apple operating systems. White-hat hackers at Google Project Zero team have discovered several zero-click vulnerabilities impacting multiple Apple’s multimedia processing components is several Apple operating systems. Multimedia processing components could be a privileges entry point for threat actos that attempt to hack into the […]

Pierluigi Paganini April 29, 2020
Adobe addresses several critical flaws in Illustrator, Bridge, and Magento

Adobe released security updates for Adobe Illustrator, Bridge, and Magento that fix several issues, including multiple remote code execution flaws. Adobe has released security updates that address multiple vulnerabilities in Adobe Illustrator, Bridge, and Magento, including some critical remote code execution flaws. The remote code execution flaws could be exploited by an attacker to execute commands […]

Pierluigi Paganini April 28, 2020
SANDMAN AND FINEPROXY BEHIND THE DDOS ATTACKS AGAINST TIMETV.LIVE

Timetv.live is the latest Azeri news site targeted by Denial of Service (DDoS) attacks launched by Sandman threat actor, the attack took place on March 21, 2020. Original Post by Qurium: *Qurium’s forensics report:* Sandman and Fineproxy behind the DDoSAttacks against TimeTV.Live https://www.qurium.org/alerts/azerbaijan/sandman-and-fineproxy-behind-the-ddos-attacks-against-timetv-live/ Timetv.live is the latest Azeri news site targeted by Denial of Service attacks. […]

Pierluigi Paganini April 28, 2020
Experts warn of deliveries scams that use a COVID-19 theme

Kaspersky experts uncovered a new wave of phishing scams that use a COVID-19 theme and impersonate shipping carriers, including FedEx, UPS, and DHL. The COVID-19 outbreak is forcing people to work from home and make shopping online causing a consequent increase in the number of home deliveries. Crooks are attempting to exploit the crisis and […]