hacking news

Pierluigi Paganini March 13, 2020
State-sponsored hackers are launching Coronavirus-themed attacks

In the last weeks, security experts reported many Coronavirus-themed attacks carried out by cybercrime gangs, now experts warn of similar attacks from nation–state actors. Recently security experts reported many Coronavirus-themed attacks carried out by cybercrime gangs, but now experts are warning of similar attacks launched by nation-state actors. State-sponsored hackers from Russia, China, and North […]

Pierluigi Paganini March 13, 2020
Flaws in the Popup Builder WordPress plugin expose 100K+ websites to hack

Flaws in the Popup Builder WordPress plugin could allow unauthenticated attackers to inject malicious JavaScript code into popups of 100K+ websites. The Popup Builder WordPress plugin is affected by security flaws that could be exploited by unauthenticated attackers to inject malicious JavaScript code into popups displayed on websites using it. More than 100,000 websites are […]

Pierluigi Paganini March 12, 2020
Card data stole from the Volusion security breach surfaces on the dark web

Security experts have discovered that card data stolen last year from Volusion-hosted online stores is now available for sale on the dark web. Experts from the threat intel firm Gemini Advisory have discovered that card data stolen last year from Volusion-hosted online stores have surfaced on the dark web. Volusion is a privately-held technology company that […]

Pierluigi Paganini March 11, 2020
Avast disables the JavaScript engine component due to a severe issue

Antivirus maker Avast has disabled a core component of its antivirus to address a severe vulnerability that would have allowed attackers to control users’ PC. The Antivirus maker Avast has disabled a major component of its antivirus engine to address a severe vulnerability that would have allowed attackers to hack into users’ PCs. The issue […]

Pierluigi Paganini March 11, 2020
RCE in popular ThemeREX WordPress Plugin has been actively exploited

The WordPress plugin ‘ThemeREX Addons’ is affected by a critical vulnerability that could allow remote attackers to execute arbitrary code. A critical vulnerability in the WordPress plugin known as ThemeREX Addons could be exploited for remote code execution. The plugin is currently installed on tens of thousands of websites and according to the security firm […]

Pierluigi Paganini March 11, 2020
Office network at the European Network of Transmission System Operators for Electricity (ENTSO-E) breached

The European Network of Transmission System Operators for Electricity (ENTSO-E) disclose a security breach this week. The European Network of Transmission System Operators for Electricity (ENTSO-E) revealed this week that threat actors penetrated its network. ENTSO-E, the European Network of Transmission System Operators, represents 43 electricity transmission system operators (TSOs) from 36 countries across Europe, […]

Pierluigi Paganini March 11, 2020
Bugs in Avast AntiTrack expose users to cyber attacks

A flaw in the impacting Avast and AVG AntiTrack privacy software could expose users to browser hijacking and Man-in-The-Middle (MiTM) attacks. Security expert David Eade has discovered a vulnerability (CVE-2020-8987) in Avast and AVG AntiTrack privacy software that could expose end-users to Man-in-The-Middle (MiTM) attacks, browser session hijack, with consequent exposure of sensitive data. “A […]

Pierluigi Paganini March 10, 2020
Microsoft accidentally reveals Wormable Win SMBv3 CVE-2020-0796 Flaw

Today Microsoft accidentally leaked info about a new wormable vulnerability (CVE-2020-0796) in the Microsoft Server Message Block (SMB) protocol. Today Microsoft accidentally leaked info on a security update for a wormable vulnerability in the Microsoft Server Message Block (SMB) protocol. The issue, tracked as CVE-2020-0796, is pre- remote code execution vulnerability that resides in the Server […]

Pierluigi Paganini March 10, 2020
Microsoft warns of Human-Operated Ransomware as a growing threat to businesses

Microsoft is warning of human-operated ransomware, this kind of attack against businesses is becoming popular in the cybercrime ecosystem. Human-operated ransomware is a technique usually employed in nation-state attacks that is becoming very popular in the cybercrime ecosystem. In human-operated ransomware attack scenario, attackers use stolen credentials, exploit misconfiguration and vulnerabilities to access target networks, […]

Pierluigi Paganini March 08, 2020
New Coronavirus-themed malspam campaign delivers FormBook Malware

Experts uncovered a new Coronavirus (COVID-19)-themed campaign that is distributing a malware downloader that delivers the FormBook information-stealing Trojan. Experts at MalwareHunterTeam uncovered a new malspam campaign exploiting the fear in the Coronavirus (COVID-19) to deliver malware. The campaign uses emails that pretend being sent by members of the World Health Organization (WHO), the messages […]