Pierluigi Paganini
December 19, 2019
Microsoft issues an out-of-band update to address SharePoint flaw, tracked as CVE-2019-1491, that could be exploited to obtain sensitive information. Microsoft issues an out-of-band update to fix an information disclosure vulnerability in SharePoint server, tracked as CVE-2019-1491, that could be exploited by an attacker to obtain sensitive information. “An information disclosure vulnerability exists in SharePoint […]
Pierluigi Paganini
December 18, 2019
BSI, Germany’s federal cybersecurity agency warns of an active malspam campaign that distributing the infamous Emotet banking Trojan. Germany’s federal cybersecurity agency BSI is warning of an active malspam campaign that aims at distributing the Emotet banking Trojan. The malicious messages camouflaged to look like messages delivered by German federal authorities. According to the BSI, […]
Pierluigi Paganini
December 17, 2019
Researchers spotted a new Remote Access Trojan (RAT), dubbed Dacls, that was used by the Lazarus APT group to target both Windows and Linux devices. Experts at Qihoo 360 Netlab revealed that the North-Korea Lazarus APT group used a new Remote Access Trojan (RAT), dubbed Dacls, to target both Windows and Linux devices. The activity […]
Pierluigi Paganini
December 17, 2019
WhatsApp fixed a severe bug that could have allowed a malicious group member to crash the messaging app for all members of the same group. WhatsApp addressed a severe vulnerability that could have allowed a malicious group member to crash the messaging app for all members of the same group. An attacker could trigger the […]
Pierluigi Paganini
December 17, 2019
TP-Link has addressed a critical vulnerability impacting some TP-Link Archer routers that could allow attackers to login without passwords. TP-Link addressed a critical zero-day vulnerability (CVE-2017-7405) in its TP-Link Archer routers that could be exploited by attackers to remotely take their control over LAN via a Telnet connection without authentication. “This is a zero-day flaw that was […]
Pierluigi Paganini
December 17, 2019
vpnMentor researchers discovered an unsecured server belonging to the Chinese e-store LightInTheBox.com containing 1.3TB of web server logs. Infosec researchers have uncovered an unsecured Elasticsearch database containing 1.3TB of web server log entries held by Chinese e-commerce website LightInTheBox.com. LightInTheBox is a Chinese online retailer trading on the New York Stock Exchange, most of its […]
Pierluigi Paganini
December 17, 2019
Another year is ending and this is the right time to discover which are the worst passwords of 2019 by analyzing data leaked in various data breaches. Independent anonymous researchers, compiled and shared with security firm NordPass a list of 200 most popular passwords that were leaked in data breaches during 2019. The company collected […]
Pierluigi Paganini
December 16, 2019
Schneider Electric addressed several vulnerabilities in some Modicon controllers and several EcoStruxure products. Schneider Electric addresses three denial-of-service (DoS) vulnerabilities Schneider Electric Modicon M580, M340, Quantum and Premium controllers. The vendor has informed its customers that all three flaws are caused by improper check for unusual or exceptional conditions. The three vulnerabilities are: The first […]
Pierluigi Paganini
December 15, 2019
From iPhone to NT AUTHORITY\SYSTEM – As promised in my previous post, I will show you how to exploit the “Printconfig” dll with a real world example. But what does Apple’s iPhone have to do with it?? Well, keep on reading… (sorry no) Some time ago, me and my “business partner” @padovah4ck, were looking for possible privileged […]
Pierluigi Paganini
December 15, 2019
Iran telecommunications minister announced that for the second time in a week Iran has foiled a cyber attack against its infrastructure. Iran has foiled a new cyber-attack, the country’s telecommunications minister Mohammad Javad Azari-Jahromi says. A few days ago, the Iranian telecommunications minister Mohammad Javad Azari Jahromi, announced that the Islamic Republic had recently thwarted […]
APT / February 15, 2026
