Pierluigi Paganini
May 29, 2018
A vulnerability tracked as CVE-2018-11518 could be exploited by attackers to power a phreaking attack on HCL legacy Interactive Voice Response systems that do not use VoIP. These IVR systems rely on various frequencies of audio signals; based on the frequency, certain commands and functions are processed. Since these frequencies are accepted within a phone call, an attacker can […]
Pierluigi Paganini
May 29, 2018
Security experts from the 360 Core Security Team have found and successfully exploited a buffer out-of-bounds write vulnerability in EOS node when parsing a WASM file. Vulnerability Description We found and successfully exploit a buffer out-of-bounds write vulnerability in EOS when parsing a WASM file. To use this vulnerability, attacker could upload a malicious smart […]
Pierluigi Paganini
May 29, 2018
Hacker stole $1.3 million from cryptocurrency startup Taylor, the development team will stop the launch of its trading app that was initially planned for this month. The author of the Taylor cryptocurrency trading app announced a security breach, an unknown hacker has stolen around $1.35 million worth of Ether from the wallets of the company. The […]
Pierluigi Paganini
May 29, 2018
Group-IB has released a new report on Cobalt group’s attacks against banks and financial sector organizations worldwide after the arrest of its leader. Threat intelligence firm Group-IB published an interesting report titiled “Cobalt: Evolution and Joint Operations” on the joint operations of Cobalt and Anunak (Carbanak) groups after the arrest of the leader in March 2018. Researchers reported that […]
Pierluigi Paganini
May 28, 2018
On Thursday 24th May, hackers defaced the screens at the Mashhad airport in Iran to protest ùthe Government and the military’s activities in the Middle East. On Thursday 24th May, hackers defaced the screens at the airport in Mashhad city in Iran. The anonymous group of hackers defaced the screens that were displaying anti-government messages, they also […]
Pierluigi Paganini
May 26, 2018
German researchers devised a method, dubbed SEVered, to defeat the security mechanisms Secure Encrypted Virtualization implemented by the AMD Epyc server microchips to automatically encrypt virtual machines in memory. The attack could allow them to exfiltrate data in plaintext from an encrypted guest via a hijacked hypervisor and simple HTTP requests to a web server running […]
Pierluigi Paganini
May 26, 2018
Researchers from Avast the antivirus firm are investigating the discovery of pre-installed malware found in 141 low-cost Android devices in over 90 countries. Security experts from Antivirus firm Avast have discovered a new case of pre-installed malware on low-cost Android devices, crooks injected the malicious code in the firmware of 141 models. The operation is […]
Pierluigi Paganini
May 26, 2018
Schneider Electric issued a security update for its EcoStruxure Machine Expert (aka SoMachine Basic) product that addresses a high severity vulnerability, tracked CVE-2018-7783, that could be exploited by a remote and unauthenticated attacker to obtain sensitive data. “SoMachine Basic suffers from an XML External Entity (XXE) vulnerability using the DTD parameter entities technique resulting in disclosure and […]
Pierluigi Paganini
May 25, 2018
Researchers from Pen Test Partners have conducted an analysis of Z-Wave wireless communications protocol used by millions of IoT devices and discovered that it is vulnerable to cyber attacks. The Z-Wave protocol is widely adopted for home automation, it leverages low-energy radio waves for wireless communications over distances of up to 100 meters (330 feet). The protocol is […]
Pierluigi Paganini
May 25, 2018
As part of an engagement for one of our clients, we analyzed the patch for the recent Electron Windows Protocol handler RCE bug (CVE-2018-1000006) and identified a bypass. Under certain circumstances, this bypass leads to session hijacking and remote code execution. The vulnerability is triggered by simply visiting a web page through a browser. Electron apps designed to run […]
