Pierluigi Paganini
August 23, 2018
Supply Chain Attack Hits South Korean Firms Security researchers from Trend Micro have uncovered a supply chain attack, tracked as Operation Red Signature, against organizations in South Korea. The Operation Red Signature aimed at delivering a remote access Trojan (RAT) used by attackers to steal sensitive information from the victims. Threat actors compromised update server of a remote support […]
Pierluigi Paganini
August 22, 2018
Maintainers of the Apache Struts 2 open source development framework has released security updates to address a critical remote code execution vulnerability. Security updates released this week for the Apache Struts 2 open source development framework addressed a critical RCE tracked as CVE-2018-11776. The vulnerability affects Struts versions from 2.3 through 2.3.34, Struts 2.5 through 2.5.16, and […]
Pierluigi Paganini
August 22, 2018
The popular Google Project Zero white hat hacker Tavis Ormandy has found a critical remote code execution (RCE) vulnerability in Ghostscript. Ghostscript is an open source suite of software based on an interpreter for Adobe Systems’ PostScriptand Portable Document Format (PDF) page description languages. Ghostscript is a multiplatform software written in C language, it allows to convert PostScript language files (or EPS) to […]
Pierluigi Paganini
August 22, 2018
Yesterday Adobe released security updates for two critical code execution vulnerabilities affecting Windows and macOS versions of Photoshop CC. Adobe released updates to address two critical code executions flaws that affect Photoshop for Windows and macOS versions of Photoshop CC. The vulnerabilities, tracked as CVE-2018-12810 and CVE-2018-12811, are memory corruption issues that could be exploited […]
Pierluigi Paganini
August 22, 2018
Hackers claim to have stolen the personal details of almost 20,000 Superdrug customers who shopped online at the cosmetics retailer. The British Superdrug is the last victim of a security breach, hackers claim to have stolen the personal details of almost 20,000 people who shopped online at the cosmetics retailer. Hackers accessed customers’ names, addresses and in some cases […]
Pierluigi Paganini
August 21, 2018
Cybersecurity firm NCC Group has released an open source tool for penetration testers that allows carrying out DNS rebinding attacks. Security firm NCC Group has released an open source tool for penetration testing dubbed Singularity of Origin that allows carrying out DNS rebinding attacks. Singularity also aims to raise awareness on how DNS rebinding attacks work and […]
Pierluigi Paganini
August 21, 2018
Anonymous targeted many governments websites in Spain to protest against the Government’s efforts to block Catalonia ‘s separatist wave. Members of the notorious Anonymous collective claimed responsibility for bringing down several government websites in Spain on Monday to protest against the decision of the government to block Catalonia’s separatist drive. Anonymous brought down the websites of the […]
Pierluigi Paganini
August 20, 2018
Major Internet service providers (ISPs) in Canada were impacted by a local file disclosure flaw in the SOLEO IP Relay service that was recently addressed. Almost all major Internet service providers (ISPs) in Canada were impacted by a local file disclosure vulnerability in the SOLEO IP Relay service that was recently addressed. Telecommunications relay services (TRSs) developed by Soleo […]
Pierluigi Paganini
August 20, 2018
Researchers from Trustwave have uncovered a malspam campaign targeting banks with the FlawedAmmyy RAT. The peculiarity of this malspam campaign is the unusual use of a Microsoft Office Publisher file to infect victims’ systems. Experts noticed an anomalous spike in the number of emails with a Microsoft Office Publisher file (a .pub attachment) and the subject line, “Payment Advice,” that was sent to domains belonging […]
Pierluigi Paganini
August 19, 2018
A new round of the weekly SecurityAffairs newsletter arrived! The best news of the week with Security Affairs. Let me inform you that my new book, “Digging in the Deep Web” is online with a special deal 20% discount Kindle Edition Paper Copy Once again thank you! · DNS Hijacking targets Brazilian financial institutions · […]
