Pierluigi Paganini
March 24, 2015
Security experts discovered a CSRF vulnerability in the Hilton website that could be exploited by attackers to take over every Hilton Honors account. Last Monday we discovered that the Hilton’s website was affected by a flaw that allowed for anyone that had an Honors account to hack into another account by just guessing a 9-digit […]
Pierluigi Paganini
March 24, 2015
Google security team has recently discovered and blocked fraudulent digital certificates issued for several Google domains by a Chinese CA. On March 20, Google security team has discovered and blocked fraudulent digital certificates issued for several Google domains. The investigation revealed that a Chinese certificate authority was using an intermediate CA, MCS Holdings, that issued the bogus […]
Pierluigi Paganini
March 24, 2015
Thousands of routers exposed on the Internet by the ISPs are vulnerable to hacking and consequence of attacks on a large scale could be dramatic. ISPs have provided at least 700,000 ADSL routers to the public and unfortunately these kinds of routers have been really vulnerable to every possible hacker who wants to gain the […]
Pierluigi Paganini
March 24, 2015
Security experts discovered that the Adobe CVE-2011-2461 vulnerability is exploitable by at least four years despite the company has issued a patch. Four years ago Adobe released a patch for the vulnerability CVE-2011-2461 that was affecting the Adobe Flex SDK 3.x and 4.x. The flaw was a cross-site scripting (XSS) vulnerability that allowed remote attackers to inject arbitrary […]
Pierluigi Paganini
March 23, 2015
Chris Watts discovered a security flaw affecting some models of Cisco IP Phones that could be exploited to eavesdrop on conversations and make phone calls. Some models of Cisco IP phones for small businesses are affected by a vulnerability, coded as CVE-2015-0670 that could be exploited by a remote attacker to eavesdrop on conversations and make phone calls […]
Pierluigi Paganini
March 23, 2015
A group of researchers from Voidsec have found six vulnerabilities in the Ghost blogging platform that allow privilege editing and DoS. Six vulnerabilities have been found affecting Ghost, the blogging platform coded in the Node.js born on October 2013. These vulnerability were discovered on January 26 by a group of researcher from Voidsec (voidsec, bughardy […]
Pierluigi Paganini
March 23, 2015
Security experts at Proofpoint have discovered a new phishing campaign that exploits a Dridex variant that evades detection with AutoClose function. Criminal crews behind the Dridex banking malware are very prolific and are improving the popular malicious code. Recently we have discussed about a Dridex variant which was spread through phishing messages with Microsoft Office documents embedding malicious macros. The attackers exploited social engineering technique to lure […]
Pierluigi Paganini
March 23, 2015
A cell of the ISIS has called on its members and backers in the US to kill 100 service members whose names, photos and addresses it posted online. The ISIS continues to scare the West, its operations are supported by a very aggressive media campaign that shares proclamations and recruit new followers in the name […]
Pierluigi Paganini
March 22, 2015
Findings reveal that there is a clear lack of appropriate security measures to protect drivers of a connected car against hackers. âFindings reveal that there is a clear lack of appropriate security measures to protect drivers against hackers who may be able to take control of a vehicle or against those who may wish to […]
Pierluigi Paganini
March 22, 2015
Cisco Security Team has spotted in the wild a new Point-of-Sale malware dubbed PoSeidon that is more sophisticated than previously detected PoS malware. Expert at Cisco have discovered a new Point-of-Sale (PoS)  malware dubbed PoSeidon. The experts have discovered many similarities with the popular Zeus Trojan and use sophisticated methods to find card data respect other POS malware like BlackPoS, which was used […]
