Hacking

Pierluigi Paganini April 20, 2015
How to use a malicious JPEG to hack corporate networks

Security researcher Marcus Murray discovered a method to exploit a malicious JPEG to compromise modern Windows servers inside corporate networks. Security expert and penetration tester Marcus Murray discovered a way to use a malicious JPEG to compromise modern Windows servers and elevate privileges over targeted networks. The researcher has demonstrated the attack a few days […]

Pierluigi Paganini April 19, 2015
APT28 Russian hackers exploited two zero-day flaws in the wild

FireEye recently detected a new highly targeted attack run by APT28 exploiting two zero-day flaws to compromise an “international government entity”. Security experts at FireEye have recently detected a new cyber espionage campaign, dubbed “Operation RussianDoll,” operated by the Russian APT28 group. This time the hackers run highly targeted attack by exploiting two zero-day vulnerabilities to target an “international […]

Pierluigi Paganini April 18, 2015
TheRealDeal black Marketplace Offers Zero-Day Exploits

A new deep web marketplace dubbed TheRealDeal has appeared and it is offering a platform for both sellers and buyers of the zero-day exploits. The anonymity ensured by the Dark Web and black markets it hosts is an element of attractive for cyber criminal and intelligence agencies. Black markets offer a wide range of illegal products and services, despite normal people believes that drugs and […]

Pierluigi Paganini April 18, 2015
Safari cookie access vulnerability affects a billion iThings

A Safari iOS/OS X/Windows cookie access vulnerability (CVE-2015-1126) potentially affects a billion iThings devices, patch it as soon as possible. The security researcher Jouko Pynnönen at Finnish firm Klikki Oy, has discovered a since patched bug (CVE-2015-1126) that could potentially affect a billion Apple iDevices. The cross-domain vulnerability affects Safari’s file transfer URL schemes and […]

Pierluigi Paganini April 18, 2015
Java – New vulnerabilities affects million applications

Oracle warned that a dozen of new Java security vulnerabilities could be exploitable remotely to gain access to a target application without login. Once again Java vulnerabilities are worrying the security community, a series of vulnerabilities could be exploitable remotely to gain access to a target application without authentication. Every application running on any of […]

Pierluigi Paganini April 17, 2015
How to move YouTube comments from any video to another

An Egyptian Researcher discovered a flaw that allowed him to duplicate/copy any YouTube comments from any video to another video without user-interaction. The Egyptian colleague Ahmed Aboul-Ela has discovered a vulnerability in YouTube that could be exploited by attackers to move comments from any video to another without any user-interaction. Now imagine that you move the YouTube comment […]

Pierluigi Paganini April 17, 2015
In-flight Wi-Fi can be an open door for hackers

A report published by the Government Accountability Office (GAO) warns that the FAA faces some serious cyber security issues for modern flights. Security experts for a long time suspected that in-flight Wi-fi could create an entry door for hackers and a new report issued by The US Government Accountability Office (GAO) describes the dungeon of […]

Pierluigi Paganini April 17, 2015
Wikileaks released documents from Sony hack, the company condemned it

WikiLeaks on Thursday published a searchable database of more than 30,000 documents that were obtained by hackers in the cyber attack on Sony Pictures. WikiLeaks organization has leaked online a collection of documents stolen in the  Sony Pictures data breach, more than 30,000 files showing the inner workings of a “secretive” firm. WikiLeaks  published the […]

Pierluigi Paganini April 17, 2015
MS15-034 flaw leaves over 70 million sites vulnerable to cyber attacks

Security experts worldwide have discovered that threat actors are exploiting the Microsoft Zero-Day vulnerability MS15-034 in cyber attacks. Security researchers at SANS Internet Storm Center revealed that the critical remote code execution vulnerability MS15-034 affecting the Windows HTTP protocol stack is being actively exploited in the wild. The experts explained that the MS15-034 flaw affects […]

Pierluigi Paganini April 15, 2015
Criminal crew Hellsing strikes back after attack by a rival APT group

The elite cyber crime group Hellsing strikes back after attack by the rival APT crew known as Naikon. This is the first documented case of APT-on-APT attack. What happens when an APT group running a cyber espionage campaign target a second distinct APT group? The events occurred last year, when a group involved in a cyber espionage campaign […]