Pierluigi Paganini
June 05, 2016
More than 19 months after its public disclosure the CVE-2014-3704 is still exploited in attacks against Drupal-based websites. It was October 2014, when Drupal patched a critical SQL injection vulnerability (CVE-2014-3704)Â that was affecting all Drupal core 7.x versions up to the recently-released 7.32 version, which fixed the issue. The patch issued by Drupal fixed the […]
Pierluigi Paganini
June 04, 2016
A group of Israeli researchers demonstrated how to steal RSA encryption keys through a PC’s noises during cryptographic operations. If you think that air-gapped networks are totally secure you are wrong, in the past, many research teams have devised methods to steal data from computers disconnected from the Internet. They demonstrated that it is possible […]
Pierluigi Paganini
June 03, 2016
GhostShell is back and leaked 36 million records from vulnerable networks to invite experts to pay attention to the new MEAN Stack. GhostShell is back and once again to warn us about the poor security posture of many services, this time, he announced to have leaked 36 million accounts/records. The hacker is inviting experts to pay attention to […]
Pierluigi Paganini
June 03, 2016
More than 10,000 WordPress installations being exploited in the wild due to a vulnerability in the  WP Mobile Detector plugin. Security experts at Sucuri reported that a growing number of WordPress installations have been compromised by hackers exploiting a security flaw in a widely used plugin called WP Mobile Detector. The worrisome news is that […]
Pierluigi Paganini
June 02, 2016
Many TeamViewer users reported that their systems were accessed by hackers via the popular support tool, but the company denies any incident. Many TeamViewer users reported that their systems were accessed by hackers via the popular support tool, but the company denies any security breach. First claims appeared on Reddit, several users reported that unauthorized parties remotely accessed […]
Pierluigi Paganini
June 02, 2016
A study of Duo Security revealed that Lenovo Accelerator Application support tool contains a high-risk flaw that allows remote code execution. Once again bad news for Lenovo users, the company is informing them that the Lenovo Accelerator Application contains a high-risk vulnerability that could be exploited by hackers to remotely execute code on the machine and […]
Pierluigi Paganini
June 01, 2016
The researchers from the Trustwave’s Spiderlabs team discovered that a Windows zero-day is available for sale in a popular crime forum for $90,000. A Windows zero-day flaw was offered for sale at US$90,000 on the Russian crime forum exploit.in. The flaw could be exploited by hackers to gain a full deep access to an already compromised […]
Pierluigi Paganini
May 31, 2016
The independent researcher Maxim Rupp reported an unpatchable flaw in the ICS Environmental Systems Corporation (ESC) 8832 Data Controller. Vulnerable SCADA and industrial control systems represent the entry point in critical infrastructure for hacking attacks. In many cases, patch management of these systems is very complex and in some specific scenarios known flaws could not be fixed for various […]
Pierluigi Paganini
May 30, 2016
Malware researchers are warning Android’s latest permission-granting model in version 6.0 Marshmallow is now been targeted by Mobile malware authors. Android’s latest permission-granting model in version 6.0 Marshmallow is now been targeted by Mobile malware authors. The model  will let users grant permissions only when it is required by the app, rather be accepting all […]
Pierluigi Paganini
May 30, 2016
The US Computer Emergency Response Team has issued a warning after the discovery a security issue the popular medical application MEDHOST PIMS (PIMS). Many security experts believe that medical industry lack of a proper security posture, despite it is a high-tech sector the vast majority of medical equipment was not designed with a security by design […]
Malware / December 28, 2024
