it security

Pierluigi Paganini February 28, 2020
All versions of Apache Tomcat are affected by the Ghostcat flaw

Ghostcat flaw affects all versions of Apache Tomcat and could be exploited by hackers to read configuration files or install backdoors on vulnerable servers. All versions of Apache Tomcat are affected by a vulnerability dubbed Ghostcat that could be exploited by attackers to read configuration files or install backdoors on vulnerable servers. The vulnerability, tracked as […]

Pierluigi Paganini February 28, 2020
Twitter, Facebook, and Instagram blocked in Turkey as Idlib military crisis escalates

Network data collected by the NetBlocks internet observatory confirm that Turkey has blocked access to social media as Idlib military crisis escalates Network data collected by the NetBlocks internet observatory confirm that the Turkish authorities have blocked access to social media following allegations of an attack on Turkish troops in Idlib, Syria on Thursday 27 […]

Pierluigi Paganini February 28, 2020
Cisco addresses vulnerabilities in FXOS, UCS Manager and NX-OS Software

Cisco released security patches for 11 vulnerabilities in its products, including the Cisco UCS Manager, FXOS, and the NX-OS software. The most severe vulnerabilities, rated as high severity, affect FXOS and NX-OS that could be exploited by an unauthenticated, adjacent attacker to execute arbitrary code as root. The exploitation of the flaw could trigger a denial […]

Pierluigi Paganini February 27, 2020
Facial recognition firm Clearview AI reveals intruders stole its client list

Bad news for the controversial facial recognition startup Clearview AI, hackers gained “unauthorized access” to a list of all of its customers.  The controversial facial-recognition company that contracts with law-enforcement agencies announced that attackers have gained unauthorized access to its entire client list. The company already informed its customers of the security breach.  The startup came under […]

Pierluigi Paganini February 27, 2020
Lampion malware origin servers geolocated in Turkey

After three months from the first detection, the Lampion origin was identified. A webserver named “portaldasfinancas” is available in Turkey and has been used to spread the threat in Portugal. Lampion malware is the most critical malware affecting Portuguese users’ last three months. From December 2019 it had spread, impersonating and using template emails from the Portuguese […]

Pierluigi Paganini February 27, 2020
SQL Dump from popular Indian BGR tech site leaked online

Hackers share SQL databases from unsecured AWS buckets, including the archive belonging to the BGR tech news site in India. Hackers are sharing SQL databases from unsecured Amazon S3 buckets, one of them belongs to the BGR tech news site in India. BGR, aka Boy Genius Report, is a popular technology-influenced website that covers topics […]

Pierluigi Paganini February 27, 2020
New strain of Cerberus Android banking trojan can steal Google Authenticator codes

Experts found a new version of the Cerberus Android banking trojan that can steal one-time codes generated by the Google Authenticator app and bypass 2FA. Security researchers from ThreatFabric warn of a new Android malware strain can now steal one-time passcodes (OTP) generated through Google Authenticator that is used as part of 2FA to protect online […]

Pierluigi Paganini February 27, 2020
Threat actors scan Internet for Vulnerable Microsoft Exchange Servers

Experts warn that hackers are actively scanning the Internet for Microsoft Exchange Servers vulnerable in the attempt to exploit the CVE-2020-0688 RCE. Hackers are actively scanning the Internet for Microsoft Exchange Servers affected by the CVE-2020-0688 remote code execution flaw. The vulnerability resides in the Exchange Control Panel (ECP) component, the root cause of the […]

Pierluigi Paganini February 26, 2020
Kr00k Wi-Fi Encryption flaw affects more than a billion devices

A high-severity hardware vulnerability, dubbed Kr00k, in Wi-Fi chips manufactured by Broadcom and Cypress expose over a billion devices to hack. Cybersecurity researchers from ESET have discovered a new high-severity hardware vulnerability, dubbed Kr00k, that affects Wi-Fi chips manufactured by Broadcom and Cypress. The vulnerability could have a severe impact on the IT sector, the […]

Pierluigi Paganini February 26, 2020
Reading Municipal Light Department, an electric utility in Massachusetts, hit by ransomware

The Reading Municipal Light Department (RMLD), an electric utility in Massachusetts, announced it was hit by a ransomware attack. This week, the Reading Municipal Light Department (RMLD), an electric utility in Massachusetts, announced it was hit by a ransomware attack. Reading Municipal Light Department provides electricity to over 68,000 citizens that live in the towns […]