Hacking Archives - Page 716 of 967

Pierluigi Paganini April 07, 2017

IoT Amnesia Botnet puts at risk hundreds of thousands of DVRs due to unpatched flaw

Security experts at Palo Alto Networks have discovered a new Linux/IoT botnet dubbed Amnesia botnet that has been targeting digital video recorders (DVRs). Amnesia exploited an unpatched remote code execution vulnerability that was disclosed more than one year ago by security researcher Rotem Kerner. “fraudsters are adopting new tactics in order to attack retailers. This new […]

Pierluigi Paganini April 07, 2017

Apache Struts 2 vulnerability exploited to deliver the Cerber ransomware

Cyber criminals exploited the recently patched Apache Struts 2 vulnerability CVE-2017-5638 in the wild to deliver the Cerber ransomware. A recently patched Apache Struts 2 vulnerability, tracked as CVE-2017-5638, has been exploited by crooks in the wild to deliver the Cerber ransomware. The remote code execution vulnerability affected the Jakarta-based file upload Multipart parser under Apache […]

Pierluigi Paganini April 06, 2017

Operation Cloud Hopper – APT10 goes after Managed Service Providers

Security experts uncovered a widespread campaign tracked as Operation Cloud Hopper known to be targeting managed service providers (MSPs) worldwide. Chinese APT10 group is the main suspect. Security experts from PwC UK and BAE Systems have uncovered a widespread hacking campaign, tracked as Operation Cloud Hopper, targeting managed service providers (MSPs) in multiple countries worldwide. The experts […]

Pierluigi Paganini April 06, 2017

Be careful, Cisco Mobility Express is shipped with some Cisco Aironet devices has a hard-coded password. Fix it!

The Mobility Express Software shipped with Cisco Aironet 1830 Series and 1850 Series access points has a hard-coded admin-level SSH password. Yesterday I wrote about SCADA systems that are currently shipped with an unchangeable hard-coded password, and today I’m here to discuss you a similar problem. The Mobility Express Software developed by the IT giant […]

Pierluigi Paganini April 05, 2017

Still problems for Schneider Electric, Schneider Modicon TM221CE16R has a hardcoded password

The firmware running on the Schneider Modicon TM221CE16R (Firmware 1.3.3.3) has a hardcoded password, and there is no way to change it. I believe it is very disconcerting to find systems inside critical infrastructure affected by easy-to-exploit vulnerabilities while we are discussing the EU NIS directive. What about hard-coded passwords inside critical systems? Unfortunately, it’s happened […]

Pierluigi Paganini April 05, 2017

Download and install the last iOS 10.3.1, attackers can hack you over Wi-Fi

A critical flaw could be exploited by attackers within range to “execute arbitrary code on the Wi-Fi chip,” download and install last iOS 10.3.1 version. Last week, Apple released iOS 10.3, an important release of the popular operating system the fixed more than 100 bugs and implements security improvements. Apple opted to push an emergency patch update […]

Pierluigi Paganini April 05, 2017

South Korean users targeted with a new stealthy malware, the ROKRAT RAT

Security experts at CISCO Talos have spotted a new insidious remote access tool dubbed ROKRAT that implements sophisticated anti-detection measures. The ROKRAT RAT targets Korean users, people using the popular Korean Microsoft Word alternative Hangul Word Processor (HWP). In the past, we saw other attacks against people using the HWP application. The ROKRAT RAT was used […]

Pierluigi Paganini April 04, 2017

UEFI Vulnerabilities allow to fully compromise Gigabyte Mini PCs

Experts at Cylance disclosed two UEFI flaws that can be exploited by attackers to install a backdoor on some Gigabyte BRIX mini PCs. Experts at security firm Cylance have disclosed two UEFI vulnerabilities that can be exploited by attackers to install a backdoor on some Gigabyte BRIX mini PCs. The experts tested the latest firmware […]

Pierluigi Paganini April 03, 2017

Japan plans to develop a hack-proof satellite system

Japan plan to develop a hack proof satellite system to protect transmissions between satellites and ground stations with a dynamic encryption of data. Japan’s Internal Affairs and Communications Ministry plans to develop a communications system to protect satellites from cyber attacks. The hack proof satellite system will protect transmissions between satellites and ground stations implementing […]

Pierluigi Paganini April 03, 2017

Attackers can siphon data from Splunk Enterprise if an authenticated user visits a malicious webpage

Splunk has fixed the security issue in the JavaScript implementation, tracked as CVE-2017-5607, that can be exploited to siphon data. Splunk has fixed the security issue in the JavaScript implementation, tracked as CVE-2017-5607, that leaks user information. Splunk provides the leading platform for Operational Intelligence that is used to search, monitor, analyze and visualize machine data. Splunk […]

Hacking

IoT Amnesia Botnet puts at risk hundreds of thousands of DVRs due to unpatched flaw

Apache Struts 2 vulnerability exploited to deliver the Cerber ransomware

Operation Cloud Hopper – APT10 goes after Managed Service Providers

Be careful, Cisco Mobility Express is shipped with some Cisco Aironet devices has a hard-coded password. Fix it!

Still problems for Schneider Electric, Schneider Modicon TM221CE16R has a hardcoded password

Download and install the last iOS 10.3.1, attackers can hack you over Wi-Fi

South Korean users targeted with a new stealthy malware, the ROKRAT RAT

UEFI Vulnerabilities allow to fully compromise Gigabyte Mini PCs

Japan plans to develop a hack-proof satellite system

Attackers can siphon data from Splunk Enterprise if an authenticated user visits a malicious webpage

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Microsoft and Cloudflare teamed up to dismantle the RaccoonO365 phishing service

DoJ resentenced former BreachForums admin to three years in prison

Apple backports fix for actively exploited CVE-2025-43300

New supply chain attack hits npm registry, compromising 40+ packages

Cybercrime group accessed Google Law Enforcement Request System (LERS)

QUICK LINKS

Hacking

newsletter

Subscribe to my email list and stay up-to-date!

recent articles

Subscribe to my email list and stay
up-to-date!