it security

Pierluigi Paganini March 02, 2020
SurfingAttack – hacking phones via ultrasonic waves

SurfingAttack is an attacking technique that allows to wake up mobile device and control them using voice commands encoded in ultrasonic waves. SurfingAttack is a hacking technique that sees voice commands encoded in ultrasonic waves silently activate a mobile phone’s digital assistant. The technique could be used to do several actions such as making phone […]

Pierluigi Paganini March 02, 2020
Venezuela – Power outage knocked out part of the internet connectivity

A power outage and fluctuations in supply across Venezuela 1 March 2020, knocked out approximately 35% of the country’s telecommunications infrastructure. The NetBlocks internet observatory, which tracks disruptions and shutdowns, reported that yesterday (March 1, 2020) a massive power outage across Venezuela that knocked out a large part of the country’s connectivity to the Internet. The […]

Pierluigi Paganini March 02, 2020
$1B to help telecom carriers to “rip and replace” Huawei and ZTE equipment

US Congress passed legislation offering $1 billion to help telecom carriers “rip and replace” equipment from Chinese giants Huawei and ZTE. On Thursday, US lawmakers have passed legislation that plans to give $1 billion to telecom carriers to “rip and replace” equipment from Chinese tech giants Huawei and ZTE. The measure approved by the Senate […]

Pierluigi Paganini March 02, 2020
Nemty ransomware “LOVE_YOU” malspam campaign

Security experts uncovered an ongoing campaign delivering Nemty Ransomware via emails disguised as messages from secret lovers. Researchers from Malwarebytes and X-Force IRIS have uncovered an ongoing spam campaign distributing the Nemty Ransomware via messages disguised as messages from secret lovers. The attackers employed messages with several subject lines and attachment filenames composed to appear […]

Pierluigi Paganini March 01, 2020
49 million unique email addresses of Straffic Marketing firm exposed online

The Israeli marketing firm Straffic accidentally exposed 49 million unique email addresses stored in an Elasticsearch database. The Israeli marketing firm Straffic exposed 49 million unique email addresses due to mishandled credentials for an Elasticsearch database. The credentials for the company archive were stored in plain text on an unprotected web server. Straffic notified the […]

Pierluigi Paganini March 01, 2020
Russian spies are attempting to tap transatlantic undersea cables

This week, several media reported that agents of the Russian intelligence reportedly went to Ireland to inspect the undersea cables. The Sunday Times reported that Russian intelligence agents have been sent to Ireland to gather detailed information on the undersea cables that connect Europe to North America. The news is alarming, intelligence agencies fear that […]

Pierluigi Paganini March 01, 2020
Security Affairs newsletter Round 253

A new round of the weekly newsletter arrived! The best news of the week with Security Affairs Google sued by New Mexico attorney general for collecting student data through its Education Platform ISS reveals malware attack impacted parts of the IT environment ObliqueRAT, a new malware employed in attacks on government targets in Southeast Asia […]

Pierluigi Paganini February 29, 2020
Sodinokibi Ransomware gang threatens to disclose data from Kenneth Cole fashion firm

Not only Maze ransomware gang, the operators behind Sodinokibi Ransomware allegedly leaked the data of Kenneth Cole Productions. The operators behind Sodinokibi Ransomware have published the download links to archives containing data allegedly stolen from the US firm Kenneth Cole Productions. The news was first reported by the Under the Breach research group. Sodinokibi (aka REvil) is […]

Pierluigi Paganini February 29, 2020
Crooks are attempting to take over tens of thousands of WordPress sites

Threat actors are launching a hacking campaign aimed at taking over tens of thousands of WordPress sites by exploiting critical vulnerabilities. One of the issues exploited in the attacks is a zero-day vulnerability that affects several plugins and that could allow hackers to create admin accounts and take over the sites. Researchers at NinTechNet reported […]

Pierluigi Paganini February 29, 2020
US Railroad firm RailWorks discloses a data breach after a ransomware attack

RailWorks Corporation, one of the leading railroad track and transit system providers in North America, disclosed a ransomware attack. RailWorks Corporation, one of the leading providers of rail infrastructure solutions in North America, disclosed a ransomware attack. The security breach may have also exposed personally identifiable information (i.e. Government-issued IDs, Social Security numbers, dates of birth, dates of hire/termination […]