Security experts from Digital Shadows have conducted an interesting study about the technique adopted by crooks to infiltrate company emails, so-called BEC scam. According to the FBI, the number of business email account (BEC) and email account compromise (EAC) scam incidents worldwide reached 78,000 between October 2013 and May 2018. Business email compromise (BEC) and email account […]
Security experts discovered several vulnerabilities in WECON’s PI Studio HMI software, the company has verified the issues but has not yet released patches. Researchers Mat Powell and Natnael Samson discovered several vulnerabilities in WECON’s PI Studio HMI software, a software widely used in critical manufacturing, energy, metallurgy, chemical, and water and wastewater sectors. Both experts […]
Experts from Tenable Research have devised a new attack technique to fully compromise MikroTik Routers. MikroTik routers continue to be under attack, and the situation is getting worse because of the availability of a new PoC code. The new attack technique discovered by experts at Tenable Research could be exploited by remote attackers to execute […]
Researchers from Kaspersky Lab collected evidence that demonstrates overlaps between the activity of Russian APT groups Turla and Sofacy. In March, during the Kaspersky Security Analyst Summit held in Cancun, Kurt Baumgartner, Kaspersky principal security researcher, revealed the activity associated with Sofacy APT group appears to overlap with campaigns conducted by other cyber espionage groups. Baumgartner […]
The Git Project released a new version of the Git client, Github Desktop, or Atom. that addressed a critical remote code execution vulnerability in the Git. The Git Project addressed a critical remote code execution vulnerability in the Git command line client, Git Desktop, and Atom. The flaw tracked as CVE-2018-17456 could be exploited by malicious repositories to remotely […]
D-Link addresses several remote code execution and XSS vulnerabilities affecting the Central WiFiManager access point management tool. D-Link issued security patches to address several remote code execution and cross-site scripting (XSS) vulnerabilities affecting the Central WiFiManager access point management tool. The vulnerabilities have been reported by researchers at SecureAuth/CoreSecurity D-Link Central WiFiManager software controller helps network […]
Experts at FortiGuard Labs team discovered three vulnerabilities in eight Sony Bravia smart TVs, one of them rated as critical. Patch management is a crucial aspect for IoT devices, smart objects are surrounding us and represent a privileged target for hackers. Experts at FortiGuard Labs team discovered three vulnerabilities (a stack buffer overflow, a directory traversal, […]
The sales intelligence firm Apollo is the last victim of a massive data breach that exposed more than 200 million contact records. Apollo collects a lot of its information from public sources, including names, email addresses, and company contact information, it also gathers data by scraping Twitter and LinkedIn. The company already notified the security breach to […]
US DoJ indicted seven defendants working for the Russian Main Intelligence Directorate (GRU), for hacking, wire fraud, identity theft, and money laundering. The news of the day is that a US DoJ indicted seven defendants working for the Russian Main Intelligence Directorate (GRU), for hacking, wire fraud, identity theft, and money laundering. The defendants are […]
Cybaze ZLab spotted a new scam campaign that is targeting some of its Italian customers, crooks leverage credentials in Breach Compilation archive. Security experts from Cybaze ZLab have spotted a new scam campaign that is targeting some of its Italian customers. Crooks attempted to monetize the availability of a huge quantity of credentials available in […]