Pierluigi Paganini
July 24, 2018
It is common for developers to use debugging tools with elevated privileges while they are trying to troubleshoot their code. But crooks can abuse them too. In an ideal world, all of the security controls are applied and all of the debugging tools are removed or disabled before the code is released to the public. […]
Pierluigi Paganini
July 24, 2018
The US Government is warning of continuous intrusions in National critical infrastructure and it is blaming the Kremlin for the cyber attacks. According to the US Department of Homeland Security, Russia’s APT groups have already penetrated America’s critical infrastructure, especially power utilities, and are still targeting them. These attacks could have dramatic consequence, an attack against […]
Pierluigi Paganini
July 24, 2018
Researchers from the University of California, Riverside (UCR) have devised a new Spectre CPU side-channel attack called SpectreRSB. SpectreRSB leverage the speculative execution technique that is implemented by most modern CPUs to optimize performance. Differently, from other Spectre attacks, SpectreRSB recovers data from the speculative execution process by targeting the Return Stack Buffer (RSB). “rather than exploiting the […]
Pierluigi Paganini
July 24, 2018
Sony fixed 2 remotely exploitable flaws in Sony IPELA E Series Network Camera products that could be exploited to execute commands or arbitrary code. Sony addressed two remotely exploitable flaws in Sony IPELA E Series Network Camera products that could be exploited to execute commands or arbitrary code on affected devices. The first vulnerability, tracked as CVE-2018-3937, is a […]
Pierluigi Paganini
July 22, 2018
Proofpoint uncovered a massive malspam campaign leveraging emails delivering weaponized PDF documents containing malicious SettingContent-ms files. Security experts from Proofpoint have uncovered a massive malspam campaign, crooks sent hundreds of thousands of emails delivering weaponized PDF documents containing malicious SettingContent-ms files. Experts attributed the malspam campaign to the cybercriminal group tracked as TA505, the attackers […]
Pierluigi Paganini
July 21, 2018
F5 experts observed a spike in the attacks in the days prior to the Trump-Putin meeting on July 16 that was held in Helsinki, Finland. Important events represent an element of attraction for cyber attacks, in June we discussed the Trump-Kim summit and the way Singapore that held it was hit by an unprecedented number of attacks […]
Pierluigi Paganini
July 20, 2018
SingHealth, the largest healthcare group in Singapore, suffered a massive data breach that exposed 1.5 Million patient records. The largest healthcare group in Singapore, SingHealth, has suffered a massive data breach that exposed personal information of 1.5 million patients who visited the clinics of the company between May 2015 and July 2018. Stolen records include […]
Pierluigi Paganini
July 20, 2018
Positive Technologies discovered two flaws affecting Dongguan Diqee 360 smart vacuums that can be used to perform video surveillance. Security researchers from Positive Technologies have discovered two vulnerabilities affecting Dongguan Diqee 360 smart vacuum cleaners that could be exploited by an attacker to run malicious code on a device with superuser privileges. The flaws likely affect smart vacuum cleaners […]
Pierluigi Paganini
July 20, 2018
The cybersecurity firm Group-IB is involved in the incident response on an attack on the Russian PIR Bank conducted by MoneyTaker hacking group. MoneyTaker hacker group has stolen 1 million US dollars from the Russian bank, the cyber heist occurred on July 3 through the Russian Central Bank’s Automated Workstation Client (an interbank fund transfer system similar […]
Pierluigi Paganini
July 19, 2018
Thousands of account credentials associated with the popular file storage service Mega have been published online, The former NSA hacker Patrick Wardle, co-founder at Digita Security, discovered in June a text file containing over 15,500 usernames, passwords, and files names. 😢 Found file on VirusTotal w/ 15K+ Mega accounts (user names/passwords & users' file listings) 😥🤬 […]
APT / February 05, 2026
