Breaking News

Pierluigi Paganini September 19, 2015
Discovered a Reflected Filename Download flaw in LinkedIn

The Security researcher David Sopas at WebSegura discovered a Reflected Filename Download vulnerability in the popular professional social network LinkedIn. He was analyzing another website when he discovered the following XHR request on Google Inspector on LinkedIn: https://www.linkedin.com/countserv/count/share?url=http://www.site_i_was_in.pt It seems a simple request to make by websites to count how many shares their site have on […]

Pierluigi Paganini September 19, 2015
D-Link firmware accidentally includes Code Signing Keys

The Taiwanese networking equipment manufacturer D-Link has accidentally published its private code signing keys in the source of one of its firmware update. According to the Dutch news site Tweakers, the Taiwan-based networking equipment manufacturer D-Link accidently published its private code signing keys inside its open source firmware packages. One of the readers of the Dutch news […]

Pierluigi Paganini September 19, 2015
w0rm hackers hacked another hacking crew

The popular group of hackers dubbed w0rm breached the hacking forum “Monopoly” offering for sale all data present in its database. This is the classic example of the lack of rules within underground communities, today we will speak about a group of hackers who targeted another group and is offering their data for sale at $500. […]

Pierluigi Paganini September 18, 2015
Bugzilla CVE-2015-4499 flaw, be aware hackers could know all your bugs

A Critical vulnerability affects Mozilla Bugzilla bug-tracking software could be exploited to access details of non-public vulnerabilities stored in its database. The open source Bugzilla bug-tracking system is used hundreds of thousands of software organizations that track the evolution of software bugs discovered in their applications. Development team urge to upgrade Bugzilla bug tracking system to fix the […]

Pierluigi Paganini September 18, 2015
Thousands of legitimate WordPress sites are serving malware

Sucuri has noticed a spike in the number of compromised websites as part of a malware campaign which relies on thousands of compromised WordPress sites. According to security experts at Sucuri, threat actors have hijacked thousands of websites running the WordPress CMS to serve malware. The technique is not new, legitimate compromised websites host malicious […]

Pierluigi Paganini September 18, 2015
The Differences between Targeted Attacks and Advanced Persistent Threats

Although Advanced Persistent Threats and Targeted Attacks are often confused, in their core these are two different things in the field of online security. Most businesses out there need only worry about one of these two types of attacks, focusing their efforts to remain thoroughly protected against both enemies and threats. Many people get confused over […]

Pierluigi Paganini September 18, 2015
MWZLesson POS Trojan borrows code from other malware

Security experts at Doctor Web have discovered a new PoS Trojan dubbed MWZLesson that borrows code from other popular malicious software. Security experts at Dr. Web have discovered a new PoS Trojan that was designed by mixing code from other malware. The new PoS Trojan, dubbed Trojan.MWZLesson, was designed reusing the code of other popular malware, including the Dexter PoS […]

Pierluigi Paganini September 17, 2015
Security issues in DHS systems potentially exposes confidential data at risk

Despite DHS components have strengthened coordination in performing their cyber missions a recent audit made by the OIG has found several security issues. Among the missions assigned to the DHS there is the coordination of activities related to the prevention, mitigation and recovery from cyber incidents, the Department also oversees the IT security of the […]

Pierluigi Paganini September 17, 2015
The DUKES APT – 7 years of Russian state sponsored hacking

F-Secure has published an interesting report on the cyber espionage operations conducted by the Dukes APT group, which appears linked to the Kremlin. Security researchers at F-Secure have published an interesting report detailing the cyber espionage operation of a Russian APT group, dubbed the Dukes, the experts speculate the group is backed by the Russian government. […]

Pierluigi Paganini September 17, 2015
Operation Iron Tiger, hackers target US Defense Contractors

Experts at Trend Micro uncovered the Operation Iron Tiger, a cyber espionage campaign carried out by Chinese hackers on United States Defense Contractors. Security experts at Trend Micro have uncovered a new targeted attack campaign dubbed Operation Iron Tiger. Threat actors behind the Operation Iron Tiger have stolen trillions of data from defense contractors in […]