hacking news

Pierluigi Paganini January 11, 2020
CISA warns that Pulse Secure VPN issue CVE-2019-11510 is still exploited

The US DHS CISA agency is warning organizations that threat actors continue to exploit the CVE-2019-11510 Pulse Secure VPN vulnerability. The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) is warning organizations that attackers continue to exploit the well known Pulse Secure VPN vulnerability tracked as CVE-2019-11510. The CVE-2019-11510 flaw in Pulse Connect Secure […]

Pierluigi Paganini January 10, 2020
Two MageCart groups competed to steal credit cards data from Perricone MD ‘s European skincare sites

Two MageCart groups have planted software skimmers on multiple European websites for the Perricone MD anti-aging skincare Two distinct MageCart groups have compromised multiple European websites for the Perricone MD anti-aging skin-care brand with the intent of stealing customer payment card info. The two groups planted software skimmers on Perricone MD websites in Italy, Germany, […]

Pierluigi Paganini January 10, 2020
North Korea-linked Lazarus APT continues to target cryptocurrency exchanges

In the last 18 months, North Korea-linked Lazarus APT group has continued to target cryptocurrency exchanges evolving its TTPs. Kaspersky researchers have analyzed the attacks carried out by North Korea-linked Lazarus APT group in the past 18 months and confirmed their interest in banks and cryptocurrency exchanges. In the mid-2018, the APT targeted cryptocurrency exchanges and cryptocurrency […]

Pierluigi Paganini January 09, 2020
Experts warn of ongoing scans for Citrix servers affected by CVE-2019-19781

Threat actors are probing Citrix servers in the attempt to exploit the CVE-2019-19781 remote code execution vulnerability. Security researchers are warning of ongoing scans for Citrix Application Delivery Controller (NetScaler ADC) and Citrix Gateway (NetScaler Gateway) servers affected by the CVE-2019-19781 vulnerabilities. The anomalous activities were detected last week, as reported by the popular expert Kevin […]

Pierluigi Paganini January 09, 2020
Mozilla addresses CVE-2019-17026 Firefox Zero-Day exploited in targeted attacks

Mozilla has released security updates for Firefox browser that address a zero-day flaw (CVE-2019-17026) that has been exploited in targeted attacks. Mozilla has released security updates to address a critical Firefox browser zero-day issue (CVE-2019-17026) that has been exploited in targeted attacks. The CVE-2019-17026 flaw is an “IonMonkey type confusion with StoreElementHole and FallibleStoreElement,” where IonMonkey is the […]

Pierluigi Paganini January 08, 2020
The city of Las Vegas announced it has suffered a cyber attack

The city of Las Vegas announced it has suffered a cyber attack that breached its computer systems, it is unclear whether any sensitive data was exposed. Las Vegas officials say a cyber attack breached the city’s computer systems, the attack took place on Tuesday, but it wasn’t immediately clear if any sensitive data was exposed. […]

Pierluigi Paganini January 08, 2020
MITRE presents ATT&CK for ICS, a knowledge base for ICS

MITRE announced the initial release of a version of its MITRE ATT&CK knowledge base that focuses on industrial control systems (ICS). MITRE’s ATT&CK framework is becoming a standard in cybersecurity community for the classification of attacker behavior. Now the organization is going to propose a knowledge base that focused on ICS systems for its MITRE’s ATT&CK. […]

Pierluigi Paganini January 08, 2020
Security flaws allowed hijacking any TikTok account

A flaw in the popular TikTok app could allow attackers to hijack any user account just by knowing the mobile number of the victim. Security experts from CheckPoint have discovered a critical vulnerability in the popular TikTok app that could be exploited by a remote attacker to hijack any user account just by knowing the […]

Pierluigi Paganini January 07, 2020
China-based Bronze President APT targets South and East Asia

A cyber-espionage group tracked as Bronze President has been targeting countries in South and East Asia, Secureworks experts warn. Researchers at Secureworks’ Counter Threat Unit (CTU) have uncovered a cyber espionage campaign carried out by an APT group tracked as Bronze President, The Bronze President group is targeting political and law enforcement organizations and NGOs […]

Pierluigi Paganini January 07, 2020
Malicious app exploiting CVE-2019-2215 zero-day available in Google Play since March

Security experts have found a malicious app in the Google Play that exploits the recently patched CVE-2019-2215 zero-day vulnerability. Earlier October, Google Project Zero researchers Maddie Stone publicly disclosed a zero-day vulnerability, tracked as CVE-2019-2215, in Android. Maddie Stone published technical details and a proof-of-concept exploit for the high-severity security vulnerability, seven days after she reported it to the colleagues […]