A new round of the weekly SecurityAffairs newsletter arrived! The best news of the week with Security Affairs. First of all let inform you that at the #infosec16 SecurityAffairs was awarded as The Best European Personal Security Blog http://securityaffairs.co/wordpress/48202/breaking-news/securityaffairs-best-european-personal-security-blog.html THANK YOU! Old CVE-2014-3704 flaw in Drupal still exploited in attacks Sh0ping.su hacked, stolen card data and accounts […]
Is Two-factor authentication the solution for any kind of hacks? A text message could be used to take over your Google Account. Following the recent data breaches suffered by IT giants (e.g. MySpace, LinkedIn, Twitter) security experts are inviting users to avoid sharing login credentials on multiple websites and to enable two-factor authentication (2FA) when it […]
Experts from Cisco Talos team have improved their decryptor tool to allow the recovery of files encrypted by all the Teslacrypt Ransomware variants In May, criminals behind the TeslaCrypt ransomware leaked online the master encryption key that allowed security experts to develop a decryption tool for the last variant of the threat. “In surprising end to TeslaCrypt, […]
The Bolek banking Trojan is one of the successors of the notorious Carberp Trojan that targets both 32-bit and 64-bit Windows systems. When the source code of the Carberp Trojan was leaked online, numerous threat actors developed their own variants. This process allowed a significant evolution of the malware that increased its sophistication across the time. […]
CERT-Bund released a warning that corporate executives may be being targeted with malicious emails using data from the LinkedIn data breach. The cascading effects of the 2012 LinkedIn breach are still being felt throughout the business world. On Monday, CERT-Bund, Germany’s Computer Emergency Response Team for federal agencies, released a warning that corporate executives may […]
Twitter investigated account login credentials recently offered for sale on the dark web, locked the accounts and reset their passwords. This week a Russian hacker offered for sale more than 32 million Twitter account credentials on the Dark Web. The alleged Russian hacker offered Twitter account credentials for 10 Bitcoins (over $5,800). In response to the […]
The Necurs Botnet, one of the world’s largest malicious architecture, used to spread the dreaded threats appears to have vanished since June 1. In the last months, we have read a lot of news regarding the activities on one of the largest botnet in the wild that was used by crooks to deliver the Dridex […]
Experts have discovered several SQL injection vulnerabilities in the European Union Websites, the European Parliament and the European Commission sites The security experts Vulnerability Lab CEO Benjamin Kunz Mejri and Marco Onorati have discovered a number of SQL injection vulnerabilities in the websites of the European Parliament and the European Commission. The exploitation of the flaws in […]
EMC Data Domain OS and VMware NSX and vRealize are affected by security issues that could be exploited to gain unauthorized access to data. Both EMC and VMware are affected by security issues that could allow unauthorized access to attackers. An information disclosure vulnerability in the EMC Data Domain OS could potentially be exploited by malicious users […]
Security experts from the SANS observed that new CryptXXX ransomware campaigns are leveraging on the Neutrino Exploit Kit instead the Angler Exploit Kit. Crooks behind the CryptXXX ransomware have launched a new campaign leveraging on the Neutrino Exploit Kit instead the Angler Exploit Kit. It was a significant change in the attack chain that was discovered by the experts […]