Pierluigi Paganini
December 26, 2018
A critical vulnerability affects Schneider Electric electric vehicle charging stations, the EVLink Parking systems. EVlink Parking charging solutions are usually in parking environments, including offices, hotels, supermarkets, fleets, and municipals. According to the company, the issue is tied to a hard-coded credential bug that could be exploited by attackers to gain access to the system. […]
Pierluigi Paganini
December 26, 2018
Researchers at Menlo Labs uncovered a malicious email campaign targeting employees of banks and financial services companies abusing Google Cloud Storage. The campaign targeted organizations in the US and the UK, the attackers have been abusing Google Cloud Storage to deliver payload. The spam campaign uses messages including links that point to archivefiles such as .zip or .gz. Attackers […]
Pierluigi Paganini
December 25, 2018
Amnesty International warns of threat actors that are launching phishing attacks aimed at bypassing Gmail, Yahoo 2FA at scale Amnesty International published a report that details how threat actors are able to bypass 2FA authentication that leverages text message as a second factor. Attackers are using this tactic to break into Gmail and Yahoo accounts […]
Pierluigi Paganini
December 25, 2018
Threat actors are attempting to exploit a flaw in Orange LiveBox ADSL modems to retrieve their SSID and WiFi password in plaintext. Threat actors in the wild are attempting to exploit a vulnerability in LiveBox ADSL modems from Orange, the issue could be triggered to retrieve their SSID and WiFi password in plaintext by simply […]
Pierluigi Paganini
December 24, 2018
Researchers from Trustwave SpiderLabs discovered an unpatched kernel-level vulnerability in driver used by IBM Trusteer Rapport endpoint security tool. The issue affects endpoint security tool for MacOS, IBM released a patch but failed to address the vulnerability within the 120-day disclosure deadline. The IBM Trusteer Rapport endpoint security tool is a lightweight software component that […]
Pierluigi Paganini
December 24, 2018
Security researchers discovered some flaws in the Twinkly IoT lights that could be exploited display custom lighting effects and to remotely turn off them. Security researchers from MWR InfoSecurity have discovered some flaws in the Twinkly IoT lights that could be exploited to display custom lighting effects and to remotely turn off their Christmas brilliance. […]
Pierluigi Paganini
December 24, 2018
Some models of Huawei routers are affected by a flaw that could be exploited by attackers to determine whether the devices have default credentials or not. Ankit Anubhav, a principal researcher at NewSky Security, discovered a vulnerability in some models of Huawei routers that could be exploited by attackers to determine whether the devices have […]
Pierluigi Paganini
December 23, 2018
A new round of the weekly SecurityAffairs newsletter arrived! The best news of the week with Security Affairs. Let me inform you that my new book, “Digging in the Deep Web” is online with a special deal 20% discount Kindle Edition Paper Copy Once again thank you! Twitter fixed bug could have exposed Direct Messages […]
Pierluigi Paganini
December 22, 2018
Personal information belonging to over 500,000 students and 50 district employees were exposed in the San Diego School District (SDUSD) security breach. An attacker sent spear-phishing to SDUSD personnel with the intent of trick them into revealing credentials to access the district’s network services. The attacker accessed personal information of student and staff, including names, […]
Pierluigi Paganini
December 22, 2018
U.S. Authorities Take Down 15 DDoS-for-Hire Websites The Department of Justice (DoJ) announced that the FBI seized 15 domains associated with DDoS-for-hire services. The FBI has seized 15 domains associated with DDoS-for-hire services (aka booters or stressers) that were used by their customers to launch powerful DDoS attacks. The U.S. District Court for the Central […]
