Pierluigi Paganini
April 05, 2019
ZLab Yoroi-Cybaze dissected another attack wave of Ursnif Trojan, aka Gozi ISFB, an offspring of the original Gozi which source code was leaked in 2014. ZLab Yoroi-Cybaze dissected another attack wave of Ursnif Trojan, aka Gozi ISFB, an offspring of the original Gozi which source code was leaked in 2014. Introduction A few days ago, […]
Pierluigi Paganini
April 05, 2019
If you use a Xiaomi smartphone you should be aware that a pre-installed security software could be abused for malicious activities. Bad news for the owners of Xiaomi smartphones, a pre-installed security application could be used as a backdoor by hackers. Security experts at CheckPoint have discovered that a security app, called Guard Provider, that […]
Pierluigi Paganini
April 05, 2019
Malware researcher and founder of Yoroi Marco Ramill described a step-by-step procedure that shows how to dissect an Office dropper. During the past few weeks, I received several emails asking how to dissect Office Payloads. While I was thinking about how to answer to such questions I received a MalSpam with a Microsoft Office document […]
Pierluigi Paganini
April 05, 2019
Security experts at Rapid7 have discovered that over 2 million Apache HTTP servers are still affected by the CVE-2019-0211 critical privilege escalation flaw. An important privilege escalation vulnerability (CVE-2019-0211) affecting the Apache HTTP server could be exploited by users with the right to write and run scripts to gain root on Unix systems via scoreboard […]
Pierluigi Paganini
April 04, 2019
On Thursday Cisco announced new security patches to definitively address two vulnerabilities in Small Business RV320 and RV325 routers. Last week Cisco revealed that security patches released in January to address vulnerabilities in Small Business RV320 and RV325 routers were incomplete. “The initial fix for this vulnerability was found to be incomplete. Cisco is currently […]
Pierluigi Paganini
April 04, 2019
NSA released the complete source code for its GHIDRA suite, the version 9.0.2 is available on the Agency’s Github repository. In January 2019, the National Security Agency (NSA) announced the release at the RSA Conference of the free reverse engineering framework GHIDRA. GHIDRA is a multi-platform reverse engineering framework that runs on major OSs (Windows, […]
Pierluigi Paganini
April 04, 2019
The German chemicals giant Bayer confirmed that of a cyber attack, it confirmed the incident but clarified that no data has been stolen. The chemicals giant Bayer is the last victims of a cyber attack, it confirmed the incident, but pointed out the hackers haven’t stolen any data. According to the company, at the beginning […]
Pierluigi Paganini
April 04, 2019
Security experts at Trend Micro spotted a new variant of the XLoader Trojan that is targeting Android devices by posing as a security application. Trend Micro discovered a new variant of the XLoader Trojan that is targeting Android devices by posing as a security application, the malware also attempts to infect Apple devices (iPhones and […]
Pierluigi Paganini
April 04, 2019
Industrial automation firm Advantech addressed several serious vulnerabilities in its WebAccess SCADA software. WebAccess is a browser-based software package for human-machine interfaces (HMI) and SCADA systems developed by Advantech. The vulnerabilities affect WebAccess/SCADA Versions 8.3.5 and prior. The software is widely adopted in many sectors worldwide, such as critical manufacturing, energy, and water and wastewater. […]
Pierluigi Paganini
April 03, 2019
The huge trove of Facebook user data was amassed and stored online on unprotected cloud servers by third-party Facebook app developers. Definitively I can tell you that this is an awful period for Facebook and its users. We first read about an embarrassing incident involving the social network giant that asked some newly-registered users to […]
Cyber Crime / December 08, 2025
