Pierluigi Paganini
April 08, 2017
Security researchers have spotted a new threat dubbed Brickerbot botnet that causes permanent damage to Internet of Things (IoT) devices. Months ago we anticipated the possible spike in the number of IoT botnets, at the beginning it was Mirai, but later other dangerous thingbot appeared in the wild such as the Leet Botnet and the Amnesia botnet. Now a […]
Pierluigi Paganini
April 08, 2017
Experts observed a new threat targeting WordPress install, the Sathurbot botnet attempts to bruteforce WordPress accounts. Once compromised a WordPress website, the Sathurbot botnet uses it to spread the malware. The Sathurbot leverages torrents as a delivery mechanism, once a website is compromised it is used to host fake movie and software torrents. When victims search for […]
Pierluigi Paganini
April 07, 2017
Wikileaks published a new batch of 27 documents detailing the Grasshopper framework used by its agents to create custom installers for Windows malware. WikiLeaks continues to disclose documents included in the CIA Vault 7 archive, on Friday published a new batch of 27 documents detailing a framework, dubbed Grasshopper, allegedly used to create custom installers for Windows malware. […]
Pierluigi Paganini
April 07, 2017
Apple fixed a vulnerability tracked as CVE-2017-2387 in the Apple Music for Android that could allow attackers to launch MitM attacks on the application. The update released Apple for the Apple Music application for Android fixes a certificate validation issue that can be exploited by an attacker to run MitM attacks and intercept user data. […]
Pierluigi Paganini
April 07, 2017
Security experts at Palo Alto Networks have discovered a new Linux/IoT botnet dubbed Amnesia botnet that has been targeting digital video recorders (DVRs). Amnesia exploited an unpatched remote code execution vulnerability that was disclosed more than one year ago by security researcher Rotem Kerner. “fraudsters are adopting new tactics in order to attack retailers. This new […]
Pierluigi Paganini
April 07, 2017
“Philadelphia” Ransomware Targets Healthcare Industry Security experts from Forcepoint have discovered a new strain of ransomware dubbed Philadelphia that is targeting organizations in the healthcare industry. The Philadelphia ransomware is a variant of the Stampado ransomware, a very cheap malware offered for sale on the Dark Web since June 2016 at just 39 USD for a lifetime license. Last month the popular expert Brian […]
Pierluigi Paganini
April 07, 2017
Cyber criminals exploited the recently patched Apache Struts 2 vulnerability CVE-2017-5638 in the wild to deliver the Cerber ransomware. A recently patched Apache Struts 2 vulnerability, tracked as CVE-2017-5638, has been exploited by crooks in the wild to deliver the Cerber ransomware. The remote code execution vulnerability affected the Jakarta-based file upload Multipart parser under Apache […]
Pierluigi Paganini
April 06, 2017
Security experts uncovered a widespread campaign tracked as Operation Cloud Hopper known to be targeting managed service providers (MSPs) worldwide. Chinese APT10 group is the main suspect. Security experts from PwC UK and BAE Systems have uncovered a widespread hacking campaign, tracked as Operation Cloud Hopper, targeting managed service providers (MSPs) in multiple countries worldwide. The experts […]
Pierluigi Paganini
April 06, 2017
Scottrade Bank confirmed that a technical incident has exposed 20,000 customer records. a 60GB MSSQL database was accidentally left open online. It is official, the Scottrade Bank suffered a data breach that affected thousands of its customers. Online brokerage Scottrade has admitted the data breach for sensitive loan applications from roughly 20,000 customers. The incident […]
Pierluigi Paganini
April 06, 2017
The Mobility Express Software shipped with Cisco Aironet 1830 Series and 1850 Series access points has a hard-coded admin-level SSH password. Yesterday I wrote about SCADA systems that are currently shipped with an unchangeable hard-coded password, and today I’m here to discuss you a similar problem. The Mobility Express Software developed by the IT giant […]
