Pierluigi Paganini

Pierluigi Paganini December 09, 2020
Crooks hide software skimmer inside CSS files

Security researchers have uncovered a new technique to inject a software skimmer onto websites, the malware hides in CSS files. Security researchers have uncovered a new technique used by threat actors to inject a software skimmer onto websites, the attackers hide the malware in CSS files. Security experts have analyzed multiple Magecart attack techniques over […]

Pierluigi Paganini December 09, 2020
Microsoft December 2020 Patch Tuesday fixes 58 bugs, 9 are critical

Microsoft December 2020 Patch Tuesday security update address 58 vulnerabilities, 22 of them are remote code execution vulnerabilities. Microsoft December 2020 Patch Tuesday security update address 58 vulnerabilities, 22 of them are remote code issues. The flaws impact multiple products including Microsoft Windows, Edge (EdgeHTML-based), ChakraCore, Microsoft Office and Office Services and Web Apps, Exchange […]

Pierluigi Paganini December 09, 2020
The importance of computer identity in network communications: how to protect it and prevent its theft

The importance of computer identity in network communications: how to protect it and prevent threat actors from spying or stealing on online communications When you fill out a registration form to take advantage of a web service, a virtual personal profile is generated, creating your own IT identity characterized by specific attributes. Even those who […]

Pierluigi Paganini December 09, 2020
Apache Software Foundation fixes code execution flaw in Apache Struts 2

The Apache Software Foundation addressed a possible remote code execution vulnerability in Struts 2 related to the OGNL technology.  The Apache Software Foundation has released a security update to address a “possible remote code execution” flaw in Struts 2 that is related to the OGNL technology.  The remote code execution flaw, tracked as CVE-2020-17530, resides in […]

Pierluigi Paganini December 08, 2020
Top cybersecurity firm FireEye hacked by a nation-state actor

The cyber security giant FireEye announced that it was hacked by nation-state actors, likely Russian state-sponsored hackers. The cybersecurity firm FireEye is one of the most prominent cybersecurity firms, it provides products and services to government agencies and companies worldwide. The company made the headlines because it was the victim of a hack, and experts blame […]

Pierluigi Paganini December 08, 2020
OpenSSL is affected by a ‘High Severity’ security flaw, update it now

The OpenSSL Project disclosed a serious security vulnerability in TLS/SSL toolkit that exposes users to denial-of-service (DoS) attacks. The OpenSSL Project warned of a ‘high-severity’ security vulnerability in the TLS/SSL toolkit that exposes users to denial-of-service (DoS) attacks. The flaw is a null pointer dereference, successful exploitation could trigger denial-of-service conditions. The vulnerability was reported […]

Pierluigi Paganini December 08, 2020
Russian Alexander Vinnik sentenced in Paris to five years in prison for money laundering

Russian citizen Alexander Vinnik was sentenced in Paris to five years in prison for money laundering and ordered to pay 100,000 euros in fines. Russian citizen Alexander Vinnik was sentenced in Paris to five years in prison for money laundering and ordered to pay 100,000 euros in fines. The man went on trial in Paris for having […]

Pierluigi Paganini December 08, 2020
Expert discloses zero-click, wormable flaw in Microsoft Teams

Security expert disclosed technical details about a wormable, cross-platform flaw in Microsoft Teams that could allow stealth attacks. Security researcher Oskars Vegeris from Evolution Gaming has published technical details on a wormable, cross-platform vulnerability in the business communication platform Microsoft Teams. The flaw is a cross-site scripting (XSS) issue that impacts the ‘teams.microsoft.com’ domain, it […]

Pierluigi Paganini December 08, 2020
Critical remote code execution fixed in PlayStation Now

Security flaws in the PlayStation Now cloud gaming Windows application allowed hackers to execute arbitrary code on Windows systems. Bug bounty hunter Parsia Hakimian discovered multiple security flaws in the PlayStation Now (PS Now) cloud gaming Windows application that allowed hackers to execute arbitrary code on Windows devices running vulnerable app versions. The bugs affected PS Now version […]

Pierluigi Paganini December 08, 2020
QNAP fixed eight flaws that could allow NAS devices takeover

Network-attached storage (NAS) vendor QNAP addressed vulnerabilities that could enable attackers to take over unpatched NAS devices. The Taiwanese vendor QNAP has released security updates to fix eight vulnerabilities that could be exploited by attackers to over unpatched NAS devices. The list of vulnerabilities addressed by QNAP is available here, it includes XSS and command injection issues. […]