Pierluigi Paganini
April 24, 2018
Researchers Paulos Yibelo explored a vulnerability he found in SaferVPN Chrome Extension. The vulnerability tracked as CVE-2018-10308 should help malicious actors to retrieve vital information such as IP addresses when a user visits a website. After my last month’s finding in Hotspot Shield, I decided to look at and audit more VPNs to see how […]
Pierluigi Paganini
April 24, 2018
Israeli researchers presented their new research named BeatCoin, it is an experiment wherein they demonstrate how to steal private keys for a cryptocurrency wallet installed on cold storage. How to protect cryptocurrency wallets? Many experts will tell you to store them in air-gapped networks, but let me remind you to check if Ben Gurion experts are far from […]
Pierluigi Paganini
April 24, 2018
Kaspersky analyzed the serves compromised by the Energetic Bear APT and assumed with some degree of certainty that the group operates in the interests of or takes orders from customers that are external to it. Security experts at Kaspersky Lab ICS CERT have published a detailed analysis of the server compromised by the notorious Energetic […]
Pierluigi Paganini
April 23, 2018
Symantec researchers have monitored the activity of a cyber espionage group tracked as Orangeworm that targets organizations in the healthcare sector. Security experts at Symantec have published a report on the activity of a cyber espionage group tracked as Orangeworm that targets healthcare organizations. “Symantec has identified a previously unknown group called Orangeworm that has […]
Pierluigi Paganini
April 23, 2018
Google researcher has publicly disclosed a Windows 10 zero-day that could be exploited by attackers to bypass Windows Lockdown Policy on systems with User Mode Code Integrity (UMCI). Google has publicly disclosed a Windows 10 zero-day vulnerability that could be exploited by attackers to bypass Windows Lockdown Policy on systems with User Mode Code Integrity (UMCI) enabled […]
Pierluigi Paganini
April 23, 2018
Cisco has announced a set of security patches that address the CVE-2018-0229 vulnerability in its implementation of the Security Assertion Markup Language (SAML). The CVE-2018-0229 flaw could be exploited by an unauthenticated, remote attacker to establish an authenticated AnyConnect session through an affected device running ASA or FTD Software. “A vulnerability in the implementation of Security […]
Pierluigi Paganini
April 21, 2018
Security experts at 360 Core Security have recently detected a new type of attack which targets some equihash mining pools. After analysis, they found out the attacked equihash mining pools are using a vulnerable equihash verifier (equihashverify : https://github.com/joshuayabut/equihashverify) to verify miners’ shares. There is a logic vulnerability in this verifier, so attacker can easily fake […]
Pierluigi Paganini
April 21, 2018
UK teenager Kane Gamble (18) who broke into the email accounts of top US intelligence and security officials including the former CIA chief John Brennan. was sentenced to two years in prison. The British hacker Kane Gamble (18) who broke into the email accounts of top US intelligence and security officials including the former CIA chief John Brennan. was […]
Pierluigi Paganini
April 20, 2018
Security researchers at the 360 Core Security observed an APT group exploiting a zero-day vulnerability in IE, dubbed ‘double play’. The flaw is still unfixed. Security researchers at the 360 Core Security uncovered a zero-day vulnerability in IE, dubbed ‘double play’, that was triggered by weaponized MS Office documents. The experts have been observing an APT group targeting a […]
Pierluigi Paganini
April 20, 2018
The researcher Jack Cable (18) has discovered a vulnerability in LinkedIn, the AutoFill functionality, that allowed user data harvesting. While experts and people are discussing the Cambridge Analytica case another disconcerting case made the headlines, the private intelligence agency LocalBlox has left unsecured online an AWS bucket containing 48 million records that were also harvested from Facebook, LinkedIn, and Twitter. […]
