Pierluigi Paganini
November 14, 2018
Kaspersky revealed that the CVE-2018-8589 Windows 0-day fixed by Microsoft Nov. 2018 Patch Tuesday has been exploited by at least one APT group in attacks in the Middle East. Kaspersky Lab experts revealed that the CVE-2018-8589 Windows zero-day vulnerability addressed by Microsoft November 2018 Patch Tuesday has been exploited by an APT group in targeted attacks against entities in the Middle East. Kaspersky […]
Pierluigi Paganini
November 14, 2018
Adobe Patch Tuesday updates for November 2018 addresses three flaws in Flash Player, Acrobat and Reader, and Photoshop CC. Adobe Patch Tuesday updates for November 2018 fixes three flaws in Flash Player, Acrobat and Reader, and Photoshop CC. The most severe issue is an information disclosure vulnerability, tracked as CVE-2018-15979, due to the availability of the proof-of-concept […]
Pierluigi Paganini
November 14, 2018
Experts at Yoroi’s Cyber Security Defence Center along with Fincantieri’s security team investigated the recently discovered Martymcfly malware attacks. Background On October 17th we disclosed the ‘MartyMcFly’ Threat (Rif. Analysis) where unknown attackers were targeting Italian naval industries. The analysis was cited by Kaspersky’s ICS CERT who exposed a wider threat extension across multiple countries such as: […]
Pierluigi Paganini
November 14, 2018
Security experts from Imperva reported a new Facebook flaw that could have exposed private info of users and their friends A new security vulnerability has been reported in Facebook, the flaw could have been exploited by attackers to obtain certain personal information about users and their network of contacts. The recently discovered issue raises once again […]
Pierluigi Paganini
November 13, 2018
Microsoft’s Patch Tuesday updates for November 2018 fixed more than 60 vulnerabilities, including an actively exploited Windows flaw. Microsoft’s Patch Tuesday updates for November 2018 addressed 63 vulnerabilities, including an actively exploited Windows privilege escalation vulnerability. Twelve of the flaws were rated as “Critical”, 49 are rated Important, two vulnerabilities were publicly known at the time […]
Pierluigi Paganini
November 13, 2018
Security firm Cylance has uncovered a sophisticated state-sponsored campaign, tracked as Operation Shaheen, against the Pakistan Air Force. According to the experts the campaign was carried out by a nation-state actor tracked as the White Company with access to zero-day exploits and exploit developers. “The preliminary findings detail one of the group’s recent campaigns, a year-long espionage effort […]
Pierluigi Paganini
November 13, 2018
Cathay Pacific has admitted that it was under attack for three months and it took six months to disclose the data breach. At the end of October, Cathay Pacific Airways Limited, the flag carrier of Hong Kong, announced that had suffered a major data breach affecting up to 9.4 million passengers. Exposed data includes passport numbers, identity […]
Pierluigi Paganini
November 13, 2018
Google services were partially inaccessible on Monday due to a BGP leak that caused traffic redirection through Russia, China, and Nigeria. A BGP leak caused unavailability of Google service on Monday, the traffic was redirected through Russia, China, and Nigeria. At the time it is not clear if the incident was the result of an […]
Pierluigi Paganini
November 13, 2018
David Wells, a security expert from Tenable, devised a method to bypass Windows’ User Account Control (UAC) by spoofing the execution path of a file in a trusted directory. A security researcher from Tenable has discovered that is possible to bypass Windows’ User Account Control (UAC) by spoofing the execution path of a file in a trusted […]
Pierluigi Paganini
November 12, 2018
The author of an IoT botnet is distributing a backdoor script for ZTE routers that also includes his own backdoor to hack script kiddies A weaponized IoT exploit script is being used by script kiddies, making use of a vendor backdoor account to hack the ZTE routers. Ironically, this is not the only backdoor in […]
