Pierluigi Paganini
July 14, 2017
A 20 years-old vulnerability in Kerberos, dubbed Orpheus’ Lyre, was parched this week for both Microsoft and Linux distros. A 20 years-old vulnerability in Kerberos was parched this week for both Microsoft and Linux distros. The vulnerability dubbed Orpheus’ Lyre has been found three months ago by Jeffrey Altman, founder of AuriStor, and Viktor Dukhovni and Nicolas Williams from […]
Pierluigi Paganini
July 14, 2017
Attackers are using automated scans to target freshly installed WordPress websites, WordFence experts dubbed the technique WPSetup attack. According to experts at the WordPress security plugin WordFence, attackers are using automated scans to target freshly installed WordPress websites, taking advantage of administrators who fail to properly configure their server’s settings. The experts dubbed the attack WPSetup […]
Pierluigi Paganini
July 13, 2017
Wikileaks released the documentation for HighRise, an Android app used by the CIA to intercept and redirecting SMS messages to a CIA-controlled server. WikiLeaks just published a new batch of documents related to another CIA hacking tool dubbed HighRise included in the Vault 7 released in partnership with media partners. The tool is an Android application […]
Pierluigi Paganini
July 13, 2017
The US General Services Administration announced that the security firm Kaspersky Lab has been deleted from lists of approved vendors. The US government bans Kaspersky solutions amid concerns over Russian state-sponsored hacking. Federal agencies will not buy software from Kaspersky Lab due to its alleged links to the Russian intelligence services. This week, a Bloomberg […]
Pierluigi Paganini
July 13, 2017
A newly discovered Point of Sale (PoS) malware dubbed LockPoS appeared in the wild and it is being delivered through the Flokibot botnet. A newly discovered Point of Sale (PoS) malware is being delivered via a dropper that is manually loaded and executed on the targeted systems, Arbor Networks Security researchers warn. Arbor Networks researchers discovered a new Point […]
Pierluigi Paganini
July 12, 2017
Data belonging to 14 million U.S.-based Verizon customers have been exposed on an unprotected AWS Server by a partner of the telecommunications company. The notorious security expert Chris Vickery, UpGuard director of cyber risk research. as made another disconcerting discovery, more than 14 million US customers’ personal details have been exposed after the third-party vendor NICE left the sensitive […]
Pierluigi Paganini
July 12, 2017
As part of the Microsoft Patch Tuesday, the tech giant fixed two critical flaws in Windows NTLM Security Protocol. Users must apply the patch asap. As part of the July Patch Tuesday, Microsoft has released security patches for a serious privilege escalation flaw affecting all Windows operating system versions for enterprises released since 2007. Experts at […]
Pierluigi Paganini
July 12, 2017
Katyusha Scanner is a new fully automated SQLi vulnerability scanner discovered by researchers at security firm Recorded Future. Recorded Future security researchers have discovered a fully automated SQLi vulnerability scanner, dubbed Katyusha Scanner, on a hacking forum. The tool is offered for sale for just $500, it allows mass scans, simply managed from a smartphone […]
Pierluigi Paganini
July 12, 2017
SAP has released its SAP Security Notes for July 2017 that includes 23 patches, the most severe is a SAP POS flaw that affects about 500 billion installs SAP has released its Security Notes for July that includes 23 patches with the majority of them rated medium. The most severe issue is a high-risk DoS vulnerability […]
Pierluigi Paganini
July 11, 2017
Adobe released new versions of Flash Player and Connect web conferencing software to fix important and critical vulnerabilities. According to the security advisory published by Adobe for Flash Player, the new version 26.0.0.137 patches three critical vulnerabilities, including a remote code execution flaw tracked as CVE-2017-3099 that can be exploited by attackers to take full control of affected systems. […]
