Pierluigi Paganini
April 27, 2019
Experts at Cisco Talos group disclosed a dozen vulnerabilities in Sierra Wireless AirLink gateways and routers, including several serious flaws. Researchers at Cisco Talos group disclosed a dozen vulnerabilities affecting Sierra Wireless AirLink gateways and routers, including several serious flaws. Some of the flaws could be exploited to execute arbitrary code, modify passwords, and change […]
Pierluigi Paganini
April 26, 2019
Experts discovered security flaws in the iLnkP2P peer-to-peer (P2P) system that exposes millions of IoT devices to remote attacks. Security expert Paul Marrapese discovered two serious vulnerabilities in the iLnkP2P P2P system that ìs developed by Chinese firm Shenzhen Yunni Technology Company, Inc. The iLnkP2P system allows users to remotely connect to their IoT devices […]
Pierluigi Paganini
April 26, 2019
Security experts uncovered a new cryptojacking campaign tracked as Beapy that leverages the NSA’s DoublePulsar backdoor and the EternalBlue exploit. Security experts at Symantec have uncovered a new cryptojacking campaign tracked as Beapy that leverages the NSA’s DoublePulsar backdoor and the EternalBlue exploit to spread a cryptocurrency malware on enterprise networks in Asia. “Beapy is […]
Pierluigi Paganini
April 25, 2019
Experts at Proofpoint discovered that free code repositories on GitHub have been abused since at least 2017 to host phishing websites. Researchers at Proofpoint reported that crooks are abusing free code repositories on GitHub to host phishing websites and bypass security defenses. Experts discovered that cybercriminals are abusing the GitHub service since at least mid-2017. […]
Pierluigi Paganini
April 25, 2019
Experts uncovered hacking campaigns exploiting two critical security vulnerabilities in the popular WordPress plugin Social Warfare. Social Warfare is a popular ĂąWordPress plugin with more than 900,000 downloads, it allows to add social share buttons to a WordPress website. Experts uncovered hacking campaigns exploiting two critical security vulnerabilities in the Social Warfare plugin to take […]
Pierluigi Paganini
April 25, 2019
A serious flaw in some of Rockwell Automation’s MicroLogix and CompactLogix PLCs can be exploited by a remote attacker to redirect users to malicious websites. Some of Rockwell Automation’s MicroLogix and CompactLogix PLCs are affected by a serious vulnerability can be exploited by a remote attacker to redirect users to malicious websites. The vulnerabilyt was […]
Pierluigi Paganini
April 24, 2019
Security experts are warning of a dangerous zero-day remote code vulnerability that affects the Oracle WebLogic service platform. Oracle WebLogic wls9_async and wls-wsat components are affected by a deserialization remote command execution zero-day vulnerability. This zero-day flaw affects all Weblogic versions, including the latest one, that have the wls9_async_response.war and wls-wsat.war components enabled. Oracle WebLogic Server is a Java EE application […]
Pierluigi Paganini
April 24, 2019
Security researchers at Yoroi-Cybaze ZLab uncovered a new campaign carried out by the Russian state-actor dubbed Gamaredon. Introduction Few days after the publication of our technical article related to the evidence of possible APT28 interference in the Ukrainian elections, we spotted another signal of a sneakier on-going operation. This campaign, instead, seems to be linked […]
Pierluigi Paganini
April 24, 2019
Iran-linked OilRig cyberespionage group is using the reconnaissance malware Karkoff along with DNSpionage in recent campaigns.Iran-linked OilRig cyberespione group is using the reconnaissance malware Karkoff along with DNSpionage in recent campaigns. The OilRig APT group, the threat actor behind the DNSpionage malware campaign, is carrying out a new sophisticated and targeted operation that infects victims […]
Pierluigi Paganini
April 24, 2019
Experts at Kaspersky Lab linked the recent supply-chain attack targeted ASUS users to the “ShadowPad” threat actor and the CCleaner incident. Security researchers at Kaspersky Lab linked the recent supply-chain attack that hit ASUS users (tracked as Operation ShadowHammer) to the “ShadowPad” threat actor. Experts also linked the incident to the supply chain attack that […]
