hacking news

Pierluigi Paganini September 09, 2019
Symantec uncovered the link between China-Linked Thrip and Billbug groups

The China-linked APT group Thrip is continuing to target entities in Southeast Asia even after its activity was uncovered by Symantec. Experts at Symantec first exposed the activity of the Chinese-linked APT Thrip in 2018, now the security firm confirms that cyber espionage group has continued to carry out attacks in South East Asia. In June […]

Pierluigi Paganini September 09, 2019
China-linked APT3 was able to modify stolen NSA cyberweapons

China-linked APT3 stole cyberweapons from the NSA and reverse engineered them to create its arsenal. In 2010, security firm FireEye identified the Pirpi Remote Access Trojan (RAT) which exploited a then 0-day vulnerability in Internet Explorer versions 6, 7 and 8. FireEye named the threat group APT3 which has also been described as TG-0100, Buckeye, […]

Pierluigi Paganini September 08, 2019
WordPress 5.2.3 fixes multiple issues, including some severe XSS flaws

The WordPress development team released version 5.2.3 that includes 29 fixes, enhancements, and several security patches. WordPress developers released a security and maintenance version 5.2.3 that includes 29 fixes, several enhancements and security patches. These flaws affect the versions 5.2.2 and earlier of the popular CMS. Most of the security flaws addressed with the release […]

Pierluigi Paganini September 08, 2019
Security Affairs newsletter Round 230

A new round of the weekly newsletter arrived! The best news of the week with Security Affairs Hi folk, let me inform you that I suspended the newsletter service, anyway I’ll continue to provide you a list of published posts every week through the blog. Once again thank you! Cisco addresses CVE-2019-12643 critical flaw in […]

Pierluigi Paganini September 08, 2019
Experts found Joker Spyware in 24 apps in the Google Play store

Security experts at Google have removed from Google Play 24 apps because they were infected with a new spyware tracked as “the Joker.” Google has removed from Google Play 24 apps because they were infected with a new spyware tracked as “the Joker.” The spyware is able to steal SMS messages, contact lists and device […]

Pierluigi Paganini September 07, 2019
Google report on iPhone hack created ‘False Impression,’ states Apple

Apple replied to Google about the recent report suggesting iPhones may have been hacked as part of a long-running hacking campaign. Apple criticized the report recently published by Google that claims that iPhones may have been hacked by threat actors as part of a long-running hacking campaign. Apple defines the report as inaccurate and misleading. […]

Pierluigi Paganini September 07, 2019
Experts add a BlueKeep exploit module to MetaSploit

Maintainers of the open-source Metasploit penetration testing framework have added a public exploit module for the BlueKeep Windows flaw. There is a surprise for Metasploit users, maintainers of the open-source penetration testing framework have added a public exploit module for the BlueKeep Windows flaw. The BlueKeep vulnerability, tracked as CVE-2019-0708, impacts the Windows Remote Desktop Services (RDS) and was addressed by Microsoft […]

Pierluigi Paganini September 06, 2019
CVE-2019-15846 Exim mail server flaw allows Remote Code Execution

A security flaw in Exim mail servers could be exploited by local or remote attackers to execute arbitrary code with root privileges. The Exim development team has addressed a vulnerability in Exim mail server, tracked as CVE-2019-15846, that could be exploited by local and remote attackers to execute arbitrary code with root privileges. The vulnerability […]

Pierluigi Paganini September 06, 2019
PHP new versions fix multiple code execution issues

Maintainers at the PHP programming language have released new versions that address multiple flaws, including some code execution issues. The development team behind the PHP programming language recently released new versions of PHP to address multiple high-severity vulnerabilities in its core and bundled libraries. The most severe flaw could be exploited by a remote attacker […]

Pierluigi Paganini September 05, 2019
Zero-day vulnerability in Android OS yet to be patched

Maintainers of the Android Open Source Project (AOSP) failed to address a privilege escalation bug in the Android mobile OS that was reported six months ago. Experts disclosed details of a zero-day vulnerability that affects the Android mobile operating system. The high-severity zero-day issue resides in the driver for the Video For Linux 2 (V4L2) […]