Breaking News

Pierluigi Paganini November 02, 2016
Recent Windows Kernel zero-day exploited by hackers behind the DNC hack

Executive vice president of Microsoft’s Windows and Devices group revealed that Windows Kernel zero-day recently disclosed was used by the Fancy Bear APT. On Oct. 31, the Google Threat Analysis Group publicly disclosed a vulnerability in the Windows kernel that is actively being exploited by threat actors in the wild. The zero-day could be exploited […]

Pierluigi Paganini November 02, 2016
An information disclosure flaw still impacts SAP Systems to the Internet

Experts from ERPScan revealed that a SAP flaw patched in September still impacts more than 900 SAP systems exposed to the Internet. An information disclosure vulnerability in SAP that was patched in September impacts more than 900 SAP systems that are exposed to the Internet. According to the expert Sergiu Popa from Quenta Solutions who reported the […]

Pierluigi Paganini November 01, 2016
Philip Hammond invokes an active defence of UK hacking back the attackers

The British Government announces an active defence posture in response to nation-state cyber attacks, Chancellor warns UK will retaliate against attacks. Hacking back, or “active defence” as security experts prefer to call it, is becoming a high debated argument. While the number of cyber attacks continues to increase and attackers are using even more sophisticated techniques, many Governments […]

Pierluigi Paganini November 01, 2016
Google discloses Windows zero-day that has been exploited in the wild

Google has disclosed a Windows zero-day vulnerability after 7-day deadline it gives vendors when the flaw is actively exploited in the wild by hackers. Google has once again publicly disclosed a zero-day vulnerability affecting current versions of Windows operating system  and Microsoft still hasn’t issued a patch. Yes, you’ve got it right! There is a […]

Pierluigi Paganini November 01, 2016
PanelShock 0-day Vulnerability Puts Thousands of Schneider Electric HMI Panels, Industrial Control Systems and Critical Infrastructure at Risk

Security researchers at CRITIFENCE cyber security labs publicly announced this morning (November 1, 2016) major cyber security vulnerabilities affecting one of the world’s largest manufacturers of SCADA and Industrial Control Systems, Schneider Electric.   The zero-day vulnerabilities dubbed PanelShock, found earlier this year by Eran Goldstein, CTO and Founder of CRITIFENCE, a leading Critical Infrastructure, […]

Pierluigi Paganini November 01, 2016
Office of the Comptroller of the Currency reported a former employee stolen data from office

A former employee of the Office of the Comptroller of the Currency downloaded 10,000 records onto thumb drives before his retirement in November 2015. On Friday, the US banking regulator told Congress about a potential “major information security incident” after it discovered that a former employee has downloaded a large number of files onto thumb drives […]

Pierluigi Paganini October 31, 2016
NSA Hackers The Shadow Brokers leaked another dump with NSA targets

The ShadowBrokers hacker group leaked a fresh dump containing a list of servers that were hacked by the NSA-linked group known as Equation Group. The notorious Shadow Brokers hacker group has posted a fresh dump containing a list of servers that were hacked by the NSA-linked group known as Equation Group. The hackers disclosed the […]

Pierluigi Paganini October 31, 2016
Mass Surveillance of Cell Phone Data by AT&T Service Provider

AT&T has been data-mining and willingly sharing user phone data, through its “Hemisphere” Project, which is essentially a mass surveillance program. The NSA may be the well-known governmental entity notorious for conducting spy surveillance of its citizens and its massive record retention program, but the private sector is also capitalizing on such opportunities.  AT&T, a […]

Pierluigi Paganini October 31, 2016
Lotus Blossom Chinese cyberspies leverage on fake Conference Invites in the last campaign

The Chinese APT Lotus Blossom is trying to lure victims with fake invitations to Palo Alto Networks’ upcoming Cybersecurity Summit. The Chinese APT Lotus Blossom, also known as Elise and Esile, is behind a new cyber espionage campaign that is trying to lure victims with fake invitations to Palo Alto Networks’ upcoming Cybersecurity Summit. With this […]

Pierluigi Paganini October 31, 2016
Massive hacking campaign on Joomla sites via recently patched flaws

Experts from the firm Sucuri observed a spike in the number of attacks in less than 24 hours after Joomla released patches for two critical flaws. On October 25, Joomla released the version 3.6.4 to fix two high severity vulnerabilities, CVE-2016-8870, and CVE-2016-8869. The first flaw, tracked as CVE-2016-8870, could be exploited by attackers to create user accounts even if […]