Cyber Crime

Pierluigi Paganini April 05, 2014
Persistent XSS in Top Website enables large-Scale DDoS attack

Incapsula firm discovered the exploitation of a persistent XSS vulnerability in one of the world most popular website to run a large scale DDoS attack. Recently Cloud-based security service provider Incapsula detected an application layer DDoS attack conducted hijacking a huge volume of traffic to victims website. The website of Incapsula customer was flooded by a DDoS attack, over […]

Pierluigi Paganini April 03, 2014
F-Secure has discovered MiniDuke malware samples in the wild

Security Experts at F-Secure discovered a collection of pdf documents, that had references to Ukraine, containing MiniDuke malware samples. MiniDuke is the name of a sophisticated cyber espionage campaign discovered more than one year ago by experts at Kaspersky Lab and Hungary’s Laboratory of Cryptography and System Security (CrySyS). The malicious code was used by unknown hackers to […]

Pierluigi Paganini March 29, 2014
Reading the Global Threat Intelligence Report (GTIR)

The Global Threat Intelligence Report (GTIR) addresses the security challenges of organizations globally analyzing 3 billion worldwide attacks occurred in 2013. The NTT Innovation Institute has released the new Global Threat Intelligence Report (GTIR), a document structured to raise awareness of the rapidly evolving global threat landscape. The GTIR was based on threat intelligence and attack data from […]

Pierluigi Paganini March 28, 2014
Netcraft stats on the increasing abuse for WordPress installations

More than 12,000 phishing sites analyzed by Netcraft are hosted on compromised WordPress installations, the websites were used also to serve malicious code. Netcraft internet services company published a statistic which shows that nearly 12,000 WordPress instances were compromised in February, the attackers used the popular CMS to conduct phishing campaigns against targeted family of users, […]

Pierluigi Paganini March 27, 2014
Gameover ZeuS is Targeting recruitment websites

Security experts at F-Secure have detected a new variant of Gameover ZeuS financial Trojan which is targeting recruitment websites. Zeus Trojan is probably one of the most prolific and long-lived malware, security firms have discovered in the last years numerous variant even more sophisticated. After the public release of it source code, principal security firms have […]

Pierluigi Paganini March 27, 2014
FireEye uncovered APTs exploiting interest on Malaysian Flight MH370

Security experts at FireEye uncovered a cyber espionage campaign based on multiple MH370 themed spear phishing emails. Security researchers at FireEye have revealed a link between a recent spear phishing campaign on Malaysian Airlines flight MH370 and the attacks conducted by some advanced persistent threat (APT) attackers. The mysterious skyjacking of the Boeing 777-200 aircraft of Malaysian Airlines, flight MH370, is considered one of the events […]

Pierluigi Paganini March 26, 2014
Evolution of the offer in the underground market

RAND nonprofit and Juniper Networks firm published an interesting research on the evolution of the offer in the underground market. The cybercriminal underground is a prolific market able to provide any kind of tools and services for illicit ecosystem, one of the most requested articles is the exploits to compromise Internet users’ machines. Russian-language forums are […]

Pierluigi Paganini March 26, 2014
How to rob ATMs with a couple of SMS messages

Symantec experts demonstrated how to rob ATMs using a mobile device and sending a couple of SMS. Cybercriminals are increasing sophistication of attacks. What will happen after that Microsoft will stop supporting the Windows XP operating system on 8th April? The question was approached by numerous security experts on different media. The impact could be […]

Pierluigi Paganini March 24, 2014
Cisco on large-scale attacks against unpatched or not updated servers

Cisco observed 400 hosts were infected on daily base and more than 2,700 URLs have been used in a multistage attack against websites running older OS versions. In the last months a growing number of large-scale attacks hit systems all over the world, many of them, like the Snake campaign, are attributable to state-sponsored hackers […]

Pierluigi Paganini March 22, 2014
New variant of Zorenium Bot can infect iOS devices

Security analysts at SenceCy which are monitoring the advancement of a new Zorenium Bot discovered that it is able to infect also iOS devices. Security analysts at SenceCy are monitoring the evolution for the Zorenium Bot, a new and unknown malware which has been advertised in the underground since January 2014. This is the third […]