Pierluigi Paganini
April 05, 2019
Security experts at Rapid7 have discovered that over 2 million Apache HTTP servers are still affected by the CVE-2019-0211 critical privilege escalation flaw. An important privilege escalation vulnerability (CVE-2019-0211) affecting the Apache HTTP server could be exploited by users with the right to write and run scripts to gain root on Unix systems via scoreboard […]
Pierluigi Paganini
April 04, 2019
NSA released the complete source code for its GHIDRA suite, the version 9.0.2 is available on the Agency’s Github repository. In January 2019, the National Security Agency (NSA) announced the release at the RSA Conference of the free reverse engineering framework GHIDRA. GHIDRA is a multi-platform reverse engineering framework that runs on major OSs (Windows, […]
Pierluigi Paganini
April 04, 2019
The German chemicals giant Bayer confirmed that of a cyber attack, it confirmed the incident but clarified that no data has been stolen. The chemicals giant Bayer is the last victims of a cyber attack, it confirmed the incident, but pointed out the hackers haven’t stolen any data. According to the company, at the beginning […]
Pierluigi Paganini
April 04, 2019
Security experts at Trend Micro spotted a new variant of the XLoader Trojan that is targeting Android devices by posing as a security application. Trend Micro discovered a new variant of the XLoader Trojan that is targeting Android devices by posing as a security application, the malware also attempts to infect Apple devices (iPhones and […]
Pierluigi Paganini
April 03, 2019
The OceanLotus APT group, also known as APT32 or Cobalt Kitty, leverages a steganography-based loader to deliver backdoors on compromised systems. Security researchers at Cylance discovered that the OceanLotus APT (also known as APT32 or Cobalt Kitty, group is using a loader leveragingsteganography to deliver a version of Denes backdoor and an updated version of […]
Pierluigi Paganini
April 03, 2019
Crime without punishment: Group-IB issues a new report on JS-sniffers that infected 2440 websites around the world Group-IB, an international company that specializes in preventing cyberattacks, has issued a new comprehensive report on the analysis of JavaScript-sniffers – a type of malware designed to steal customer payment data from online stores. 2440 infected ecommerce websites […]
Pierluigi Paganini
April 03, 2019
Security experts at Zscaler discovered that threat actors are using hidden “well-known” directories of HTTPS sites to store and deliver malicious payloads. Crooks are utilizing hidden “well-known” directories of HTTPS sites running WordPress and Joomla websites to store and serve malicious payloads. Hacked websites were used for several malicious purposes, experts observed compromised WordPress and […]
Pierluigi Paganini
April 02, 2019
The privilege escalation vulnerability (CVE-2019-0211) affecting the Apache HTTP server could be exploited by users with the right to write and run scripts to gain root on Unix systems An important privilege escalation vulnerability (CVE-2019-0211) affecting the Apache HTTP server could be exploited by users with the right to write and run scripts to gain […]
Pierluigi Paganini
April 02, 2019
Security expert discovered thousands of unsafe Kibana instances that are exposed online, the news was first reported by colleagues at THN. Kibana is an open source data visualization plugin for Elasticsearch. It provides visualization capabilities on top of the content indexed on an Elasticsearch cluster. Users can create bar, line and scatter plots, or pie charts and […]
Pierluigi Paganini
April 02, 2019
Cybaze-Yoroi ZLAB malware researchers decided to use the NSA Ghidra suite in a real case study, the analysis of the AZORult malware. Introduction One of the most expected moments in the infosec community during the last few months was, with no doubt, the Ghidra public release. On the 5th of March, at the RSA conference, […]
Hacking / October 07, 2025
