Breaking News

Pierluigi Paganini November 15, 2016
CVE-2016-7461 code execution flaw affects VMware Workstation

VMware has patched a critical out-of-bounds memory access vulnerability, tracked as CVE-2016-7461, affecting its Workstation and Fusion products. The flaw, that resides in the affects the drag-and-drop function, can be exploited by attackers to execute arbitrary code on the host operating system running Fusion or Workstation. The security vulnerability affects Workstation Player and Pro 12.x, and […]

Pierluigi Paganini November 14, 2016
NIST Small Business Information Security guide for Small businesses

The NIST Small Business Information Security: The Fundamentals guide aims to provide basic cybersecurity recommendations to small businesses. I have always stressed the necessity to improve cyber security posture for small businesses that are most exposed to threat actors across the world. Now the National Institute of Standards and Technology has released a cybersecurity guide to […]

Pierluigi Paganini November 14, 2016
The hacker Kapustkiy continues to target embassies and universities

The hacker Kapustkiy is back and breached another embassy and two universities. He leaked data on Pastebin. The security pentester who goes online with the moniker Kapustkiy continues to target organizations and embassies across the world. Recently he breached the Paraguay Embassy of Taiwan (, while a few days ago the hacker and his friend Kasimierz (@Kasimierz_) hacked the Indian Embassies in […]

Pierluigi Paganini November 14, 2016
Russia is going to ban LinkedIn after court ruling. What’s next?

Russia is going to ban Linkedin after a court ruling that found the professional social network  to be in violation of the country’s data protection laws. violation of the country’s data protection laws. On Thursday, a Moscow court has confirmed the decision to ban the professional social network LinkedIn in Russia. LinkedIn is violating the country’s data protection […]

Pierluigi Paganini November 14, 2016
Were the Recent Arrests in Ohio Part of ISIS ’ Catastrophic Plan for the US?

On November 7, Southern Ohio’s Joint Terrorism Task Force (JTTF) arrested Aaron Travis Daniels, of Ohio, on terror-related charges as he was attempting to travel to Libya to become an ISIS fighter. Daniels, age 20, who goes by the aliases Harun Muhammad and Abu Yusef, had allegedly “communicated his commitment to violent overseas jihad” in […]

Pierluigi Paganini November 13, 2016
AdultFriendFinder company data breach exposes 412 million accounts

The company that owns AdultFriendFinder and other adult websites has been hacked, data breach exposes 412 million accounts making this the largest 2016 hack Almost every account password was cracked, thanks to the company’s poor security practices. Even “deleted” accounts were found in the breach. A new massive data breach is in the headlines, the […]

Pierluigi Paganini November 13, 2016
BlackNurse attack, how to knock big servers offline with a laptop

BlackNurse attack allows to power massive DDoS attacks that are able to knock large servers offline with limited resources. Researchers discovered a simple method, called BlackNurse attack, to power massive DDoS attacks that could allow lone attackers to knock large servers offline with limited resources. “This attack is not based on pure flooding of the internet connection, […]

Pierluigi Paganini November 13, 2016
Donald Trump will control the NSA – what this means for your privacy

Earlier this week, Donald Trump won a stunning election victory that will put him in charge of the world’s most powerful mass surveillance infrastructure. Regardless of which side of the political spectrum you are on, Trump’s control over the NSA is now an indisputable fact, and we think it is worth taking a closer look […]

Pierluigi Paganini November 13, 2016
Security Affairs newsletter Round 86 – News of the week

A new round of the weekly SecurityAffairs newsletter arrived! The best news of the week with Security Affairs. First of all, let me inform you that at the #infosec16 SecurityAffairs was awarded as The Best European Personal Security Blog THANK YOU! Commercial Exaspy spyware used to target high-level executives Watch out! A new LinkedIn Phishing campaign […]

Pierluigi Paganini November 13, 2016
Pawn Storm APT conducted spear-phishing attacks before zero-days was fixed

The Pawn Storm APT group exploited some zero-days vulnerabilities in targeted attacks across the world before they get patched. The Pawn Storm APT group, also known as APT28 and Fancy Bear, exploited some zero-days flaw in targeted attacks before they get patched. The threat actors powered spear phishing attacks between the discovery of the zero-days […]