Pierluigi Paganini
March 02, 2020
SurfingAttack is an attacking technique that allows to wake up mobile device and control them using voice commands encoded in ultrasonic waves. SurfingAttack is a hacking technique that sees voice commands encoded in ultrasonic waves silently activate a mobile phone’s digital assistant. The technique could be used to do several actions such as making phone […]
Pierluigi Paganini
March 02, 2020
Security experts uncovered an ongoing campaign delivering Nemty Ransomware via emails disguised as messages from secret lovers. Researchers from Malwarebytes and X-Force IRIS have uncovered an ongoing spam campaign distributing the Nemty Ransomware via messages disguised as messages from secret lovers. The attackers employed messages with several subject lines and attachment filenames composed to appear […]
Pierluigi Paganini
March 01, 2020
A new round of the weekly newsletter arrived! The best news of the week with Security Affairs Google sued by New Mexico attorney general for collecting student data through its Education Platform ISS reveals malware attack impacted parts of the IT environment ObliqueRAT, a new malware employed in attacks on government targets in Southeast Asia […]
Pierluigi Paganini
February 29, 2020
Threat actors are launching a hacking campaign aimed at taking over tens of thousands of WordPress sites by exploiting critical vulnerabilities. One of the issues exploited in the attacks is a zero-day vulnerability that affects several plugins and that could allow hackers to create admin accounts and take over the sites. Researchers at NinTechNet reported […]
Pierluigi Paganini
February 28, 2020
Ghostcat flaw affects all versions of Apache Tomcat and could be exploited by hackers to read configuration files or install backdoors on vulnerable servers. All versions of Apache Tomcat are affected by a vulnerability dubbed Ghostcat that could be exploited by attackers to read configuration files or install backdoors on vulnerable servers. The vulnerability, tracked as […]
Pierluigi Paganini
February 28, 2020
An interesting report published by RiskIQ on 2019 Mobile App Threat Landscape, lists the most dangerous mobile app store online. Mobile users downloaded over 200 billion apps in 2019 and the overall expense in app stores worldwide has been estimated in more than $120 billion. Threat actors don’t want to miss this amazing business opportunity […]
Pierluigi Paganini
February 28, 2020
Cisco released security patches for 11 vulnerabilities in its products, including the Cisco UCS Manager, FXOS, and the NX-OS software. The most severe vulnerabilities, rated as high severity, affect FXOS and NX-OS that could be exploited by an unauthenticated, adjacent attacker to execute arbitrary code as root. The exploitation of the flaw could trigger a denial […]
Pierluigi Paganini
February 27, 2020
Bad news for the controversial facial recognition startup Clearview AI, hackers gained “unauthorized access” to a list of all of its customers. The controversial facial-recognition company that contracts with law-enforcement agencies announced that attackers have gained unauthorized access to its entire client list. The company already informed its customers of the security breach. The startup came under […]
Pierluigi Paganini
February 27, 2020
After three months from the first detection, the Lampion origin was identified. A webserver named “portaldasfinancas” is available in Turkey and has been used to spread the threat in Portugal. Lampion malware is the most critical malware affecting Portuguese users’ last three months. From December 2019 it had spread, impersonating and using template emails from the Portuguese […]
Pierluigi Paganini
February 27, 2020
Hackers share SQL databases from unsecured AWS buckets, including the archive belonging to the BGR tech news site in India. Hackers are sharing SQL databases from unsecured Amazon S3 buckets, one of them belongs to the BGR tech news site in India. BGR, aka Boy Genius Report, is a popular technology-influenced website that covers topics […]
