Pierluigi Paganini June 13, 2019
Flaw in Evernote Web Clipper for Chrome extension allows stealing data

Security experts discovered a vulnerability in the popular Evernote Web Clipper for Chrome can be exploited to steal sensitive data from sites visited by users. Security experts at browser security firm Guardio discovered a critical universal cross-site scripting (XSS) vulnerability in the Evernote Web Clipper for Chrome. “In May 2019 Guardio’s research team has discovered […]

Pierluigi Paganini April 17, 2019
Code execution – Evernote

A local file path traversal issue exists in Evernote 7.9 for macOS which allows an attacker to execute arbitrary programs. Technical observation:A crafted URI can be used in a note to perform this attack using file:/// as an argument or by traversing to any directory like(../../../../something.app). Since Evernote also has a feature of sharing notes, in such a […]

Pierluigi Paganini November 08, 2018
XSS flaw in Evernote allows attackers to execute commands and steal files

Security expert discovered a stored XSS flaw in the Evernote app for Windows that could be exploited to steal files and execute arbitrary commands. A security expert that goes online with the moniker @sebao has discovered a stored cross-site scripting (XSS) vulnerability in the Evernote application for Windows that could be exploited by an attacker to steal files and execute […]

Pierluigi Paganini December 15, 2014
LogDog Internet Security Survey – November 2014

Mobile developers behind the Logdog app have conducted a rapid survey to analyze the trend in the hacking of accounts for the principal web services. A few weeks ago I was contacted by LogDog, a company that has developed is free protection app from hacking attacks and identity theft, the developer asked me to try the […]

Pierluigi Paganini March 31, 2013
Botnet authors use Evernote account as C&C Server

Botnet author are increasing complexity of the malicious code they use and at the same time security firms are adopting more sophisticated detection methods. Between principal concerns of botmaster the need to improve the capabilities of bot agents to operate silently and necessity to masquerade traffic from bots and Command & Control servers. Focusing on this […]