Pierluigi Paganini
October 12, 2017
Equifax service set up for obtaining free and discounted credit reports had been redirecting users to websites offering a fake Flash Player installer. The independent security analyst Randy Abrams discovered an Equifax service set up for obtaining free and discounted credit reports had been redirecting users to websites offering a fake Flash Player installer. “As I […]
Pierluigi Paganini
October 12, 2017
The suite of payment infrastructure and management systems SmartVista created by the BPC Group is vulnerable to SQL Injection attacks. Researchers at security firm Rapid7 have publicly disclosed a SQL injection vulnerability affecting the financial platform SmartVista after they couldn’t raise a response from the vendor. SmartVista is a suite of payment infrastructure and management systems […]
Pierluigi Paganini
October 12, 2017
The Australia’s foreign intelligence Agency ASD has revealed military sensitive information has been stolen by hackers who breached a Department of Defence contractor. The Australia’s foreign intelligence agency, the Australian Signals Directorate (ASD), admitted a hacker has stolen over 30 GB of military documents. Stolen data includes details on fighter jets, military aircraft, and naval ships. The […]
Pierluigi Paganini
October 11, 2017
Israeli hackers compromised the Kaspersky infrastructure and caught Russian spies using AV tool to harvest NSA exploits. Kaspersky was not aware of the hack. There is still a heated discussion about the alleged hack of Kaspersky’s antivirus and its use to steal an NSA exploit from a US subcontractor. Explosive new revelations put at risk […]
Pierluigi Paganini
October 11, 2017
Microsoft October Patch Tuesday addresses the CVE-2017-11826 Office Zero-Day vulnerability that has been exploited in the wild in targeted attacks. Yesterday we discussed Microsoft’s October Patch Tuesday addressed three critical zero-day security vulnerabilities tied to the DNSSEC protocol. Going deep in the analysis of the Patch Tuesday updates for October 2017 we can see that Microsoft addressed […]
Pierluigi Paganini
October 10, 2017
Microsoft’s October Patch Tuesday addresses three critical zero-day security vulnerabilities tied to the DNSSEC protocol. Microsoft’s October Patch Tuesday addresses three critical security vulnerabilities in the Windows DNS client in Windows 8, Windows 10, and Windows Server 2012 and 2016. The vulnerabilities affect the Microsoft’s implementation of one of the data record features used in the secure […]
Pierluigi Paganini
October 10, 2017
The Iran-Linked cyberespionage group OilRig has been using a new Trojan in attacks aimed at targets in the Middle East. Experts from Palo Alto Networks spotted a new campaign launched by the notorious APT group OilRig against an organization within the government of the United Arab Emirates (UAE). The OilRig hacker group is an Iran-linked APT that has been around since at least […]
Pierluigi Paganini
October 10, 2017
Researchers from security firm Positive Technologies warns of 4G/5G Wireless Networks as vulnerable as WiFi and putting smart-cities at risk The Internet of Things (IoT) presents many new opportunities and some different challenges. The vast number of devices makes it very expensive to connect everything with traditional network cabling and in many cases the equipment […]
Pierluigi Paganini
October 10, 2017
The financially-motivated FIN7 APT group (also known as Carbanak or Anunak) recently changed attack technique again to evade detection. The financially-motivated FIN7 APT group (also known as Carbanak or Anunak) recently changed attack technique again and has been implementing a new malware obfuscation method. The group that has been active since late 2015, it was highly active since the beginning of 2017. Fin7 was spotted early […]
Pierluigi Paganini
October 09, 2017
On September 25, 2017, a man which goes by the nickname ‘LiquidWorm’ has released the exploit code for FLIR Thermal Cameras. On 2017-09-25 another CCTV exploit got release by a man which goes by the nickname ‘LiquidWorm’. He found out that FLIR CCTV ’s by the vendor “FLIR Systems” had a hard-coded ssh login credentials […]
