hacking news

Pierluigi Paganini December 09, 2019
New ‘PyXie’ Python RAT targets multiple industries

Researchers discovered a new Python-based RAT dubbed PyXie that has been used in campaigns targeting a wide range of industries. Experts at BlackBerry Cylance have spotted a new Python-based remote access Trojan (RAT) that has been used in campaigns targeting a wide range of industries. PyXie has been first observed in the wild in 2018, […]

Pierluigi Paganini December 09, 2019
Google fixes a critical DoS flaw tracked as CVE-2019-2232 in Android

Google addressed a critical vulnerability, tracked as CVE-2019-2232, that could trigger a permanent denial of service (DoS) condition in Android. Google released December 2019 security updates for its Android mobile OS that addressed several flaws, including a critical vulnerability, tracked as CVE-2019-2232, that could result in a permanent denial of service (DoS). Google addressed more […]

Pierluigi Paganini December 08, 2019
SEC Xtractor – Experts released an open-source hardware analysis tool

Security and consulting company SEC Consult announced the release of an open-source hardware analysis tool dubbed SEC Xtractor Security firm SEC Consult announced the release of an open-source hardware analysis tool dubbed SEC Xtractor. The tool was initially designed for internal use, and was then adopted for several research projects over the years. The tool […]

Pierluigi Paganini December 06, 2019
CVE-2019-14899 flaw allows hijacking VPN connections on Linux, Unix systems

Researchers discovered a vulnerability tracked as CVE-2019-14899 that can be exploited to hijack active TCP connections in a VPN tunnel Researchers from the University of New Mexico have discovered a vulnerability, tracked as CVE-2019-14899, that can be exploited by an attacker to determine if a user is connected to a VPN and hijack active TCP […]

Pierluigi Paganini December 06, 2019
OpenBSD addresses authentication bypass, privilege escalation issues

Experts from Qualys Research Labs discovered four high-severity security flaws in OpenBSD, one of which is a type authentication bypass issue. Researchers from Qualys Research Labs discovered four high-severity security vulnerabilities in OpenBSD, a type authentication bypass issue and three privilege escalation bugs. The three issued could be exploited by local users or malware to […]

Pierluigi Paganini December 05, 2019
China used the Great Cannon DDoS Tool against forum used by Hong Kong protestors

China is accused to have used the “Great Cannon” DDoS tool to launch attacks against LIHKG, a forum used by Hong Kong residents to organize protests. The Great Cannon Distributed Denial of Service (DDoS) tool was used again by the Chinese government, this time it was used to target the LIHKG forum used by Hong Kong protesters to […]

Pierluigi Paganini December 05, 2019
CyrusOne, one of the major US data center provider, hit by ransomware attack

Ransomware attacks continue to threaten organizations worldwide, CyrusOne, one of the biggest data center providers in the US, is facing with an infection. A new ransomware attack made the headlines, systems at CyrusOne, one of the biggest data center providers in the US, were infected by the malware. The company reported the incident to law […]

Pierluigi Paganini December 04, 2019
Talos experts found a critical RCE in GoAhead Web Server

Experts at Cisco Talos found two vulnerabilities in the GoAhead embedded web server, including a critical remote code execution flaw. GoAhead is the world’s most popular, tiny embedded web server. It is developed by EmbedThis that defines it as compact, secure and simple to use. GoAhead is deployed in hundreds of millions of devices and […]

Pierluigi Paganini December 03, 2019
A flaw in Microsoft OAuth authentication could lead Azure account takeover

A vulnerability in the Microsoft OAuth implementation exposes Azure cloud accounts to takeover. The vulnerability affects the way Microsoft applications use OAuth for authentication, these applications trust certain third-party domains and sub-domains that are not registered by Microsoft. Experts from Cyberark discovered the following three vulnerable Microsoft applications that trust these unregistered domains Portfolios, O365 […]

Pierluigi Paganini December 03, 2019
Website of gunmaker Smith & Wesson hit by a Magecart attack

The US gunmaker Smith & Wesson was hacked late last month in a Magecart attack, attackers injected a malicious software skimmer. A new Magecart attack made the headlines, the victim is the American gunmaker Smith & Wesson. The hack took place last month, the attackers planted a malicious software skimmer on its website to steal […]