Uncategorized

Pierluigi Paganini January 01, 2018
Hackers can remotely control thousands of Sonos and Bose speakers

Security experts at Trend Micro have demonstrated that certain models of Sonos and Bose speakers are affected by vulnerabilities that could allow attackers to hijack them. Hackers can trigger the flaws to access the speakers and use them to play spooky sounds or to issue Alexa commands. Only specific models of the two companies are […]

Pierluigi Paganini July 16, 2017
Hackshit PhaaS platform, even more easy to power Phishing campaigns

The experts from Netskope Threat Research Labs discovered the Hackshit PhaaS platform, another interesting case of crimeware-as-a-service. A few days ago, we discussed the Katyusha scanner,a powerful and fully automated SQLi vulnerability scanner discovered by researchers at security firm Recorded Future that was available for $500 in the cyber crime underground. The Katyusha scanner is just one […]

Pierluigi Paganini June 15, 2017
Wikileaks revealed CIA Cherry Blossom framework for hacking Wireless devices

WikiLeaks released documents detailing the Cherry Blossom framework which is being used by the CIA cyber spies to hack into Wi-Fi devices. WikiLeaks released a new batch of documents belonging to the Vault 7 leak, the files provide details related to the Cherry Blossom framework which is being used by the CIA cyber spies to hack into […]

Pierluigi Paganini June 14, 2017
Microsoft patches two critical remote code execution (RCE) flaws that have been exploited in attacks

Microsoft released the June 2017 Patch Tuesday to address more than 90 security flaws, including two critical RCE that have been exploited in attacks. Microsoft released June Patch Tuesday updates that address more than 90 vulnerabilities, including two critical remote code execution (RCE) vulnerabilities that have been exploited in attacks. The first vulnerability, tracked as CVE-2017-8464, […]

Pierluigi Paganini May 30, 2017
You can take Shadow Brokers Zero Day Exploit Subscriptions for $21,000 per month

Shadow Brokers is going to launch a monthly subscription model for its data dumps, 0-Day Exploit Subscriptions goes for $21,000 per month. A couple of weeks ago, while security experts were debating about WannaCry ransomware and the NSA exploits it used, the Shadow Brokers group revealed its plan to sell off new exploits every month starting from June. […]

Pierluigi Paganini May 01, 2017
NATO Locked Shields 2017, world’s largest cyber defence exercise just ended

Locked Shields is the world’s largest and most advanced international technical live-fire cyber defence exercise organized by the NATO since 2010. Locked Shields is the world’s largest and most sophisticated international cyber defence exercise. It is an annual event since 2010, Locked Shields is organized by the NATO Cooperative Cyber Defence Centre of Excellence and […]

Pierluigi Paganini April 21, 2017
The Stuxnet vulnerability is still one of the most exploited flaws in the wild by hackers

A new report published by Kaspersky confirms that Stuxnet exploits targeting a Windows Shell Vulnerability is still widely adopted by threat actors. The case that I’m going to present to you demonstrates the importance of patch management and shows the effects of the militarization of cyberspace. Unpatched software is an easy target for hackers that can exploit […]

Pierluigi Paganini April 09, 2017
ATMitch – Crooks stole $800,000 from 8 ATMs in Russia using Fileless Malware

According to Kaspersky Lab, crooks have robbed at least 8 ATMs in Russia and stole $800,000 in just one night using a Fileless malware dubbed ATMitch. According to experts at Kaspersky, hackers have robbed at least 8 ATMs in Russia and stole $800,000 in just one night. The cyber heist caught the attention of security […]

Pierluigi Paganini March 12, 2017
Flaws in MAC address randomization implemented by vendors allow mobile tracking

Researchers devised a new attack method that can be leveraged to track mobile devices that rely on MAC address randomization mechanism. The MAC address is a unique and an hardcoded identifier assigned to a device’s network interface. This characteristic makes it an excellent tool for the tracking of the devices. A group of researchers from the U.S. Naval […]

Pierluigi Paganini March 06, 2017
A bug in Twitter allowed hackers to access to locked accounts until October

A flaw in Twitter allowed attackers to access locked accounts bypassing the locking mechanism implemented by the company. A flaw in the Twitter application allowed, until a few months ago, to access locked accounts bypassing the locking mechanism implemented by the IT giant. Twitter can lock user accounts every time it believes the users are […]