Breaking News

Pierluigi Paganini March 26, 2015
Vawtrak malware uses steganography to hide update files in favicons

A new strain of Vawtrak malware implements capabilities to send and receive data through encrypted favicons distributed over the Tor network. A new powerful variant of the Vawtrak malware, also known as Neverquest or Snifula, appeared in the wild. Vawtrak is considered by malware researchers one of the most dangerous malicious code that is threatening systems worldwide. The […]

Pierluigi Paganini March 25, 2015
BitWhisper – hacking Air-Gapped PCs through heat emissions

Israeli Researchers have defined a new exfiltration technique dubbed BitWhisper that is based on the heat emissions and built-in thermal sensors. According researchers at the Ben Gurion University in Israel, by detecting the heat from one computer to an adjacent computer, is possible to establish a channel that can  claiming can facilitate the spread of keys, malicious […]

Pierluigi Paganini March 25, 2015
Instagram API could be exploited to serve malicious links

A security researcher has discovered a reflected filename download vulnerability affecting the Instagram API that could be exploited to share malicious links. The security researcher David Sopas from WebSegura has discovered a serious vulnerability in the Instagram API that could be exploited by hackers to post a link to a web resource they manage. By exploiting […]

Pierluigi Paganini March 25, 2015
The Installer Hijacking vulnerability exposes 1 of 2 Android users to attack

Experts at Palo Alto Networks discovered the Installer Hijacking vulnerability that exposes half of Android users to attack via Installation Vulnerability. The security researcher Zhi Xu from Palo Alto Networks discovered a critical vulnerability, dubbed Android Installer Hijacking, affecting the Android PackageInstaller system service. By exploiting the flaw, an attacker can gain unlimited permissions on compromised smartphone and data […]

Pierluigi Paganini March 24, 2015
Hilton Honors accounts exposed due to a CRFS flaw

Security experts discovered a CSRF vulnerability in the Hilton website that could be exploited by attackers to take over every Hilton Honors account. Last Monday we discovered that the Hilton’s website was affected by a flaw that allowed for anyone that had an Honors account to hack into another account by just guessing a 9-digit […]

Pierluigi Paganini March 24, 2015
Chinese CA issued bogus digital certificates for Google domains

Google security team has recently discovered and blocked fraudulent digital certificates issued for several Google domains by a Chinese CA. On March 20, Google security team has discovered and blocked fraudulent digital certificates issued for several Google domains. The investigation revealed that a Chinese certificate authority was using an intermediate CA, MCS Holdings, that issued the bogus […]

Pierluigi Paganini March 24, 2015
A Large Number of Hacking Vulnerable Routers Have Been Released to the Public

Thousands of routers exposed on the Internet by the ISPs are vulnerable to hacking and consequence of attacks on a large scale could be dramatic. ISPs have provided at least 700,000 ADSL routers to the public and unfortunately these kinds of routers have been really vulnerable to every possible hacker who wants to gain the […]

Pierluigi Paganini March 24, 2015
Adobe CVE-2011-2461 flaw is exploitable by 4 years although it was fixed

Security experts discovered that the Adobe CVE-2011-2461 vulnerability is exploitable by at least four years despite the company has issued a patch. Four years ago Adobe released a patch for the vulnerability CVE-2011-2461 that was affecting the Adobe Flex SDK 3.x and 4.x. The flaw was a cross-site scripting (XSS) vulnerability that allowed remote attackers to inject arbitrary […]

Pierluigi Paganini March 23, 2015
Some models of Cisco IP Phones vulnerable to eavesdropping

Chris Watts discovered a security flaw affecting some models of Cisco IP Phones that could be exploited to eavesdrop on conversations and make phone calls. Some models of Cisco IP phones for small businesses are affected by a vulnerability, coded as CVE-2015-0670 that could be exploited by a remote attacker to eavesdrop on conversations and make phone calls […]

Pierluigi Paganini March 23, 2015
Ghost blogging platform affected by multiple vulnerabilities

A group of researchers from Voidsec have found six vulnerabilities in the Ghost blogging platform that allow privilege editing and DoS. Six vulnerabilities have been found affecting Ghost, the blogging platform coded in the Node.js born on October 2013. These vulnerability were discovered on January 26 by a group of researcher from Voidsec (voidsec, bughardy […]