Pierluigi Paganini
August 18, 2017
Experts discovered a flaw in CAN protocol that could be exploited by an attacker to disable safety systems of connected cars, including power-steering. Almost any function in modern vehicles, from brakes to accelerator, is electronically controlled, this means that the surface of attack is dramatically enlarging. We discussed car hacking several times, experts have demonstrated on different occasions […]
Pierluigi Paganini
August 17, 2017
Drupal maintainers this week released security updates to fix several access bypass vulnerabilities in Drupal 8. Update your installation. On Wednesday Drupal maintainers released security updates to fix several access bypass vulnerabilities in Drupal 8. The flaws affect several components, including the entity access system, the REST API and some views. The most severe vulnerability patched by Drupal 8.3.7 is a critical issue, tracked as CVE-2017-6925 that affects […]
Pierluigi Paganini
August 17, 2017
Developer accounts of popular chrome extensions being hijacked by cyber criminals, over 4.7 million users are at a risk of cyber attack. Over 4.7 million users could be at risk after being exposed to malicious adverts and credentials theft due to developer accounts of popular chrome extensions being hijacked by cyber criminals. A phishing campaign […]
Pierluigi Paganini
August 17, 2017
The transportation giant Maersk announced that it would incur hundreds of millions in U.S. dollar losses due to the NotPetya ransomware massive attack. A.P. Moller-Maersk, the transportation and logistics firm, announced Tuesday that it would incur hundreds of millions in U.S. dollar losses due to the NotPetya ransomware massive attack. According to the second quarter earnings report, there were expecting losses between […]
Pierluigi Paganini
August 17, 2017
The Scottish Parliament has been targeted by a “brute force” attack, the assault is still ongoing and is similar to the one that hit the British Parliament. The Scottish Parliament is under attack, crooks are brute-forcing email accounts in the attempt to access members’ emails. The attack appears similar to the one that in June […]
Pierluigi Paganini
August 16, 2017
During Defcon 25 hacking conference held in Las Vegas on July, a new eavesdropping attack technique was introduced, it was dubbed DitM (Dog In The Middle). During Defcon 25 one of the biggest information security event that took place in Las Vegas on July 27-30 this year, a new eavesdropping attack technique was introduced. At […]
Pierluigi Paganini
August 16, 2017
Kaspersky Lab discovered attackers were able to modify the NetSarang software update process to include a malware tracked as ShadowPad backdoor. Software update mechanism could be an efficient attack vector, news of the day is that hackers compromised the update process for a popular server management software package developed by NetSarang. Attackers were able to […]
Pierluigi Paganini
August 16, 2017
Some models of LockState smart locks also used by AirBnB customers were bricked by an OTA firmware update leaving guests unable to access their rentals. At the last Black Hat hacker conference, security experts demonstrated how to hack electronic locks, and the news I’m going to tell you demonstrates how annoying could be an incident to […]
Pierluigi Paganini
August 15, 2017
According to Trend Micro, cyber criminals abuse the CVE-2017-0199 vulnerability to deliver malware via PowerPoint Slide Show. In April Microsoft fixed the CVE-2017-0199 vulnerability in Office after threat actors had been exploiting it in the wild. Hackers leveraged weaponized Rich Text File (RTF) documents exploiting a flaw in Office’s Object Linking and Embedding (OLE) interface to deliver malware such […]
Pierluigi Paganini
August 14, 2017
According to a new research conducted by experts at Rapid7, there are 4.1 million Windows endpoints exposed online via Remote Desktop Protocol (RDP). The researchers discovered that there are 11 million open 3389/TCP endpoints, and that 4.1 million of them are RDP. “We analyzed the responses, tallying any that appeared to be from RDP speaking […]
