hacking news

Pierluigi Paganini September 27, 2019
Checkm8: unpatchable iOS exploit could lead to permanent jailbreak for iOS devices running A5 to A11 chips

A security expert has released a new jailbreak, dubbed Checkm8, that impacts all iOS devices running on A5 to A11 chipsets, it works on iPhone models from 4S to 8 and X. The security expert Axi0mX has released a new jailbreak, dubbed Checkm8, that works on all iOS devices running on A5 to A11 chipsets. The jailbreak works with all Apple products released […]

Pierluigi Paganini September 27, 2019
DoorDash Data Breach exposes data of approximately 5 million users

DoorDash is a San Francisco–based on-demand food delivery service, the company confirmed it has suffered a data breach that exposed roughly 5 million users. DoorDash announced a data breach that exposed the personal information of 4.9 million consumers, Dashers, and merchants. According to the data breach notification sent to the impacted customers and the security note published […]

Pierluigi Paganini September 26, 2019
Botnet exploits recent vBulletin flaw to protect its bots

Security expert Troy Mursch of Bad Packets reported that a botnet is exploiting the recently disclosed vBulletin exploit to block other attackers from also using it. The security expert Troy Mursch observed a botnet that it utilizing the recently disclosed vBulletin exploit to secure vulnerable servers to avoid that can be compromised by other threat actors. […]

Pierluigi Paganini September 26, 2019
Airbus suppliers were hit by four major attack in the last 12 months

Airbus Hit by Series of Cyber Attacks on Suppliers: Security Sources The European multinational aerospace corporation Airbus has been hit by a series of attacks, hackers targeted its suppliers to steal Intellectual property. The European aerospace giant Airbus has been hit by a series of supply chain attacks, threat actors hit its suppliers in the […]

Pierluigi Paganini September 25, 2019
Heyyo dating app left its users’ data exposed online

Another day, another embarrassing data leak made the headlines, the online dating app Heyyo left a server exposed on the internet. The online dating app Heyyo left a server exposed on the internet without protection, data were stored on an Elasticsearch instance. The exposed data included personal details, images, location data, phone numbers, and dating […]

Pierluigi Paganini September 25, 2019
US Utilities Targeted with LookBack RAT in a new phishing campaign

Security experts at Proofpoint observed a new wave of phishing attacks aimed at US Utilities in an attempt to deliver the LookBack RAT. Security experts at Proofpoint have discovered a new series of phishing attacks targeting entities US utilities in an attempt to deliver the LookBack RAT. In early August, the expert reported that between […]

Pierluigi Paganini September 25, 2019
Adobe Patches two critical vulnerabilities in ColdFusion

Adobe released security updates to address three severe vulnerabilities in its ColdFusion web application development platform Adobe released ColdFusion 2016 Update 12 and ColdFusion 2018 Update 5 to address three severe vulnerabilities in its ColdFusion web application development platform, two of them have been rated as “critical.” “Adobe has released security updates for ColdFusion versions […]

Pierluigi Paganini September 24, 2019
Hacker discloses details and PoC exploit code for unpatched 0Day in vBulletin

An anonymous hacker disclosed technical details and proof-of-concept exploit code for a critical zero-day remote code execution flaw in vBulletin. vBulletin is one of the most popular forum software, for this reason, the disclosure of a zero-day flaw affecting it could impact a wide audience. More than 100,000 websites online run on top of vBulletin. […]

Pierluigi Paganini September 24, 2019
APT or not APT? What’s Behind the Aggah Campaign

Researchers at Yoroi-Cybaze ZLab discovered an interesting drop chain associated with the well-known Aggah campaign. Introduction During our threat monitoring activities, we discovered an interesting drop chain related to the well-known Aggah campaign, the ambiguous infection chain observed by Unit42 which seemed to deliver payloads potentially associated with the Gorgon Group APT. After that, we discovered other malicious activities […]

Pierluigi Paganini September 24, 2019
Microsoft released an out-of-band patch to fix Zero-day flaw exploited in the wild

Microsoft released an out-of-band patch to address a Zero-day memory corruption vulnerability in Internet Explorer that has been exploited in attacks in the wild. Microsoft has released an out-of-band patch for an Internet Explorer zero-day vulnerability that was exploited in attacks in the wild. The vulnerability tracked as CVE-2019-1367 is a memory corruption flaw that resides […]