exploit

Pierluigi Paganini July 24, 2015
Exploit acquisition program terminated by Netragard

Netragard has shut down its exploit acquisition program, as a result of the clamorous data breach that the Italian firm HackingTeam has suffered. In this article we will go through an issue with a company that buys and sells exploits (Netragard) and the steps it was forced to take since one of their clients was […]

Pierluigi Paganini December 03, 2014
Hacking PayPal Account with a single exploit

An Egyptian hacker demonstrated that using a single exploit is possible to take control of any PayPal account due to the presence of a series of flaws . The Egyptian security researcher, Yasser H. Ali has reported three critical vulnerabilities in PayPal website that could be exploited by an attacker to compromise users’ account. The vulnerabilities include a CSRF and an Authentication token […]

Pierluigi Paganini November 08, 2014
Belkin n750 router affected by a serious root access flaw. Upgrade the firmware now

The security researcher Marco Vaz discovered a serious vulnerability in Belkin n750 router that could be exploited to gain root access on affected devices. A serious flaw in a Belkin router could be exploited locally by an unauthenticated attacker to gain full control over affected devices. The company has already issued a patch to fix […]

Pierluigi Paganini June 24, 2014
Top website Askmen hacked and used to serve a banking trojan

Askmen.com, one of the most popular websites on the Internet (Top 1000 Alexa), is compromised to sever the banking trojan Caphaw. Security experts at Websense have discovered that cyber criminals have compromised the popular website AskMen.com and they used it to serve malware. The attackers deployed several exploits to compromise the visitors, and if successful, the victim […]

Pierluigi Paganini May 01, 2014
Hacking Traffic lights and other control systems is not so hard

Security experts Cesar Cerrudo conducted a study on the security of components within control traffic lights and similar electronic systems. The hacking of control systems for traffic lights or cyber grids is a prerogative of sci-fi series and movies, hackers could be able to target them causing serious problems. Cesar Cerrudo, CTO at IOActive, has conducted a study to investigate […]

Pierluigi Paganini April 02, 2014
How Coremex malware monetizes search engine Hijacking

F-Secure has identified a malware dubbed Coremex that takes advantage of plugin functionality provided by browsers to hijack search engine results. Search engine are a strategic component in the successful execution of any attacks, we saw in the past Black SEO campaigns conducted with the primary intent to provide results that help the attackers to […]

Pierluigi Paganini January 17, 2014
Black hat search-engine operation on hit hotel listing on Google

A Black hat search-engine operation on a large-scale has made possible the hijacking of thousands of hotel listing on Google Maps A Black hat search-engine operation on a large-scale has made possible the hijacking of thousands of hotel listing on Google Maps and Google+, users visiting victims accommodations were redirected to other booking sites. Hijacking […]

Pierluigi Paganini December 15, 2013
Safari browser stores in plaintext previous secure session data

Researchers at Kaspersky Lab discovered Apple Safari browser stores previous secure session data unencrypted in a hidden folder. Apple’s Safari browser stores session information including authentication credentials used in previous HTTPS sessions to implement the feature “Reopen All Windows from Last Session”. Safari stores in a plain text XML file called  Property list, or plist, […]

Pierluigi Paganini August 09, 2013
Discovered 2 new Facebook vulnerabilities

The Security researcher Dan Melamed has found two new Facebook vulnerabilities related to the Fanpage Invite of the popular social network. Security researcher Dan Melamed has found 2 new Facebook vulnerabilities that has been recently patched and that I decided to shows you to understand the infinite possibilities an attacker have to hit also a robust platform […]

Pierluigi Paganini March 11, 2013
The malicious mobile marketplace explained by Group-IB

Recently many security portals, including Security Affairs, have presented analysis on underground markets and the increased demand of malware and exploit tools. In this post I desire to propose to readers the results of investigation made by researchers at Group-IB, a security firm resident of the Moscow-based Skolkovo Foundation. Mobile malware black market is not well […]