hacking news

Pierluigi Paganini December 17, 2019
TP-Link Archer routers allow remote takeover without passwords

TP-Link has addressed a critical vulnerability impacting some TP-Link Archer routers that could allow attackers to login without passwords. TP-Link addressed a critical zero-day vulnerability (CVE-2017-7405) in its TP-Link Archer routers that could be exploited by attackers to remotely take their control over LAN via a Telnet connection without authentication. “This is a zero-day flaw that was […]

Pierluigi Paganini December 17, 2019
Online Retailer LightInTheBox exposes unsecured DB containing 1.3TB of web server logs

vpnMentor researchers discovered an unsecured server belonging to the Chinese e-store LightInTheBox.com containing 1.3TB of web server logs. Infosec researchers have uncovered an unsecured Elasticsearch database containing 1.3TB of web server log entries held by Chinese e-commerce website LightInTheBox.com. LightInTheBox is a Chinese online retailer trading on the New York Stock Exchange, most of its […]

Pierluigi Paganini December 17, 2019
A study reveals the list of worst passwords of 2019

Another year is ending and this is the right time to discover which are the worst passwords of 2019 by analyzing data leaked in various data breaches. Independent anonymous researchers, compiled and shared with security firm NordPass a list of 200 most popular passwords that were leaked in data breaches during 2019. The company collected […]

Pierluigi Paganini December 16, 2019
Schneider Electric fixes DoS flaws in Modicon, EcoStruxure products

Schneider Electric addressed several vulnerabilities in some Modicon controllers and several EcoStruxure products. Schneider Electric addresses three denial-of-service (DoS) vulnerabilities Schneider Electric Modicon M580, M340, Quantum and Premium controllers. The vendor has informed its customers that all three flaws are caused by improper check for unusual or exceptional conditions. The three vulnerabilities are: The first […]

Pierluigi Paganini December 15, 2019
From iPhone to NT AUTHORITY\SYSTEM – exploit ‘Printconfig’ dll with a real-world example

From iPhone to NT AUTHORITY\SYSTEM – As promised in my previous post, I will show you how to exploit the “Printconfig” dll with a real world example. But what does Apple’s iPhone have to do with it?? Well, keep on reading… (sorry  no) Some time ago, me and my “business partner”  @padovah4ck, were looking for possible privileged […]

Pierluigi Paganini December 15, 2019
Iran announced to have foiled a second cyber-attack in a week

Iran telecommunications minister announced that for the second time in a week Iran has foiled a cyber attack against its infrastructure. Iran has foiled a new cyber-attack, the country’s telecommunications minister Mohammad Javad Azari-Jahromi says. A few days ago, the Iranian telecommunications minister Mohammad Javad Azari Jahromi, announced that the Islamic Republic had recently thwarted […]

Pierluigi Paganini December 14, 2019
A malvertising campaign targets iPhone users with Krampus-3PC

A malvertising campaign that involved more than 100 publisher websites targeted iPhone users to deliver the Smart Krampus-3PC Malware. According to The Media Trust’s Digital Security & Operations (DSO) team, iPhone users have been targeted by a malvertising campaign that has impacted more than 100 publisher websites, including online newspapers and international weekly news magazines. […]

Pierluigi Paganini December 14, 2019
New Orleans hit by ransomware, US cities continues to be under attack

The city of New Orleans is the last victim of a string of ransomware attacks that hit major American cities, including Atlanta and Baltimore. New Orleans officials announced in a press conference that the city was hit by a ransomware attack, the incident was discovered in the morning of December 13, 2019. The IT staff […]

Pierluigi Paganini December 13, 2019
VISA warns of cyber attacks on PoS systems of fuel dispenser merchants

VISA is warning of ongoing targeted cyber attacks conducted by crooks on point-of-sale (POS) systems of North American fuel dispenser merchants. According to a security alert published by VISA, the PoS systems of North American fuel dispenser merchants are under attack. Visa Payment Fraud Disruption (PFD) reported that at least three attacks took place this summer, crooks […]

Pierluigi Paganini December 12, 2019
GALLIUM Threat Group targets global telcos, Microsoft warns

The Microsoft Threat Intelligence Center (MSTIC) warns of GALLIUM threat group targeting global telecommunication providers worldwide. The Microsoft Threat Intelligence Center (MSTIC) warns of GALLIUM threat group targeting global telecommunication providers worldwide. Microsoft experts reported that the GALLIUM hacking group exploits unpatched vulnerabilities to compromise systems running /JBoss application servers. “Microsoft Threat Intelligence Center (MSTIC) is raising […]