Breaking News

Pierluigi Paganini October 06, 2017
Apple file system flaw, macOS shows encrypted drive’s password in the hint box

Apple released a patch for macOS High Sierra 10.13 that address also a flaw in Apple file system that exposes encrypted drive’s password in the hint box. Apple yesterday released a security patch for macOS High Sierra 10.13 to fix vulnerabilities in the Apple file system (APFS) volumes and Keychain software. The vulnerability in the Apple file system was first […]

Pierluigi Paganini October 06, 2017
Russian spies pilfered data from NSA Contractor’s home PC running a Kaspersky AV

Russian hackers allegedly exploited Kaspersky AV to hack into NSA contractor and steal the NSA exploit code. It complicates Kaspersky’s position. Anonymous sources have claimed Russian intelligence extracted NSA exploits from a US government contractor’s home PC using Kaspersky Lab software. Sources told the Wall Street Journal that a malicious code allowed cyber spies to exfiltrate classified code, […]

Pierluigi Paganini October 05, 2017
Experts discovered a SYSCON Backdoor using FTP Server as C&C

Security researchers with Trend Micro discovered a backdoor dubbed SYSCON that uses an FTP server for command and control (C&C) purposes. The SYSCON backdoor is spreading through tainted documents that refer North Korea and target individuals connected to the Red Cross and the World Health Organization. The use of an FTP server as C&C is uncommon for […]

Pierluigi Paganini October 05, 2017
Russian firm provides North Korea with second Internet route

Dyn Research discovered traffic coming from North Korea running over the Russian TransTeleCom network, this is the second internet route of the regime. North Korea gets a second Internet connection thanks to the support of a state-owned Russian firm. From the perspective of security analysts, this second connection will improve in a significant way the cyber […]

Pierluigi Paganini October 05, 2017
CVE-2017-12617 Code Execution flaw patched in Apache Tomcat

Several security vulnerabilities have been patched in recent weeks in Apache Tomcat, including the CVE-2017-12617 Code Execution vulnerability. Several security vulnerabilities have been patched in recent weeks in Apache Tomcat. The list of fixed flaws recently addressed also included code execution vulnerabilities. Apache Tomcat is the most widely used web application server, with over one million downloads […]

Pierluigi Paganini October 05, 2017
CSE CybSec ZLAB Malware Analysis Report: APT28 Hospitality malware

The CSE CybSec Z-Lab Malware Lab analyzed the Hospitality malware used by the Russian APT28 group to target hotels in several European countries. The Russian hacker group APT28, also known as Sofacy or Fancy Bear, is believed to be behind a series of attacks in last July against travelers staying in hotels in Europe and Middle […]

Pierluigi Paganini October 04, 2017
Which are most frequently blacklisted apps by enterprises?

Mobile security firm Appthority published an interesting report that revealed which Android and iOS applications are most frequently blacklisted by enterprises. The company Appthority has published an interesting report that reveals which mobile apps, both Android and iOS, are most frequently blacklisted by enterprises. “The mobile ecosystem in an enterprise comprises apps from managed devices, BYOD and COPE. Appthority compiled […]

Pierluigi Paganini October 04, 2017
Intezer researchers link CCleaner hack to Chinese APT17 hackers

Researchers from security firm Intezer speculate that the attack was powered by nation-state actor, likely the Chinese APT17 group. Security experts continue to investigate the recent attack against the supply chain of the popular software CCleaner. The hackers first compromised in July a CCleaner server, then exploited it to deliver a backdoored version of the 32-bit CCleaner […]

Pierluigi Paganini October 04, 2017
Yahoo hack – All 3 Billion Yahoo accounts were hacked in 2013 attack

The Yahoo hack occurred in 2013 is bigger than originally stated, Verizon confirmed that all 3 Billion Yahoo accounts were hacked in the attack. The Yahoo hack occurred in 2013, the biggest known data breach suffered by a tech company, is bigger than originally stated. Verizon Communications, which acquired Yahoo for $4.48 billion in June, […]

Pierluigi Paganini October 04, 2017
A new Ethereum ICO was hacked, the victim is Etherparty

The Etherparty website is the last victim in order of time of a cyber attack involving an Ethereum ICO (Initial Coin Offering). Another hack involving an Ethereum ICO (Initial Coin Offering) made the headlines, the victim is the Etherparty website that sells tokens for a blockchain-based smart contract tool. The attackers replaced the legitimate address for sending funds to […]