IT

Pierluigi Paganini May 13, 2020
Expert found 1,236 websites infected with Magecart e-skimmer

A security researcher is warning of a new wave of MageCart attackers, he has found over 1,000 domains infected with e-skimmers. MageCart gangs continue to be very active, security researcher Max Kersten discovered 1,236 domains hosting e-skimmer software. Hacker groups under the Magecart umbrella continue to target e-stores to steal payment card data with software skimmers. Security firms have […]

Pierluigi Paganini May 10, 2020
Coronavirus-themed attacks May 03 – May 09, 2020

This post includes the details of the Coronavirus-themed attacks launched from May 03 to May 09, 2020. Threat actors exploit the interest in the Coronavirus outbreak while infections increase worldwide, experts are observing new campaigns on a daily bases. Please give me your vote for European Cybersecurity Blogger Awards – VOTE FOR YOUR WINNERShttps://docs.google.com/forms/d/e/1FAIpQLSe8AkYMfAAwJ4JZzYRm8GfsJCDON8q83C9_wu5u10sNAt_CcA/viewform Below […]

Pierluigi Paganini April 05, 2020
Popular OGUsers hacking forum breached for the second time in a year

OGUsers, one of the most popular hacking forums, was hacked again, it is the second security breach it has suffered in a year. The popular hacking forum OGUsers was hacked again, it is the second security breach it has suffered in a year, the news was first reported by ZDNet. OGUsers is a black marketplace […]

Pierluigi Paganini March 31, 2020
Microsoft Edge will warn users if their credentials have been compromised

Microsoft announced that it will add an alerting feature to Edge to warn users if their credentials saved to autofill have been compromised. Microsoft announced several new features for its Edge browser, including a new alerting service to warn users if the credentials they have saved to autofill have been compromised in a third-party data […]

Pierluigi Paganini March 27, 2020
A missing authorization check in WordPre WPvivid plugin that can lead to the exposure of the database and all files

Researchers warn of a security flaw recently addressed in the WPvivid Backup Plugin that could be exploited to obtain all files of a WordPress website. WebARX experts warn of a missing authorization check recently addressed in the WPvivid Backup Plugin that could be exploited to obtain all files of a WordPress website. “There is a missing […]

Pierluigi Paganini March 22, 2020
Security Affairs newsletter Round 256

A new round of the weekly newsletter arrived! The best news of the week with Security Affairs BlackWater, a malware that uses Cloudflare Workers for C2 Communication Coronavirus-themed attacks February 1 – March 15, 2020 Massive cyber attack hit the town hall of Marseille ahead local election Noooo, now Ancient Tortoise BEC scammers are launching […]

Pierluigi Paganini March 16, 2020
MonitorMinor, the outstanding stalkerware can track Gmail, WhatsApp, Instagram, and Facebook

Security experts spotted a new stalkerware, dubbed MonitorMinor, that can track Gmail, WhatsApp, Instagram, and Facebook user activity. Security experts from Kaspersky Lab spotted a new stalkerware, dubbed MonitorMinor (Monitor.AndroidOS.MonitorMinor.c), that can track Gmail, WhatsApp, Instagram, and Facebook user activity. Stalkerware is commercial monitoring software or spyware that is used for stalking, it is usually […]

Pierluigi Paganini March 06, 2020
Virgin Media disclose data breach, over 900,000 Customers impacted

Virgin Media discloses a data breach that exposed the personal information of roughly 900,000 of its customers. Virgin Media discloses a data breach that exposed the personal information of approximately 900,000 customers (names, home, and email addresses and phone numbers). The company reported unauthorized access, on at least one occasion, to a misconfigured and unsecured marketing […]

Pierluigi Paganini March 05, 2020
Hundreds of Microsoft sub-domains open to hijacking

Security researchers demonstrated that hundreds of sub-domains belonging to Microsoft could potentially be hijacked and abused to deliver malware and for phishing attacks. Researchers have devised another way to carry out an attack, for example, inviting victims to download a fake update from an apparently trusted URL such as mybrowser.microsoft.com. Security researchers Numan Ozdemir and […]

Pierluigi Paganini March 03, 2020
Nemty ransomware operators launch their data leak site

The operators behind the Nemty ransomware set up a data leak site to publish the data of the victims who refuse to pay ransoms. Nemty ransomware first appeared on the threat landscape in August 2019, the name of the malware comes after the extension it adds to the encrypted file names. The ransomware deletes shadow copies of encrypted files […]