Pierluigi Paganini
March 06, 2017
The popular security researcher Chris Vickery announced that he will shortly reveal the source of a massive data leak. Which is the source? The popular cyber security expert Chris Vickery from security firm MacKeeper announced that he will shortly reveal the source of a huge data breach impacting individuals. 1.4 billion identity leak story incoming […]
Pierluigi Paganini
March 05, 2017
A bug in the popular Slack application could be exploited by attackers to steal an access token and take over a user account. A serious flaw in the popular work chat application Slack could be exploited to take over a user account. The vulnerability was discovered by bug bounty hunter Frans Rosen who demonstrated that is possible […]
Pierluigi Paganini
March 05, 2017
Rapid7 released the Metasploit Vulnerable Services Emulator, a new tool that can be used by IT experts to emulate vulnerable services. Which is the best way to protect a system? You need to think of the system in the attacker’s perspective, for this reason, Metasploit has now a new tool that can be used to […]
Pierluigi Paganini
March 04, 2017
Exclusive: MalwareMustDie for Security Affairs released the list of the sites under attack. A criminal gang is using SSH TCP direct forward attack technique. MalwareMustDie is back and has published his the first post of 2017. The popular malware researcher has uncovered a cyber crime gang that is harvesting credentials and credit card numbers from major websites […]
Pierluigi Paganini
March 04, 2017
The US Vice President Mike Pence’s personal AOL account was hacked, once again politics were breached due to wrong security posture. Pence has been harshly criticized after the discovery that he used his personal AOL account for Government issues. In 2016 attacker who compromised the Pence’s account sent out emails to his contacts saying he had been […]
Pierluigi Paganini
March 03, 2017
Researchers from Cisco Talos team spotted a new strain of malware that leverages PowerShell scripts to fetch commands from DNS TXT records. Malware researchers at Cisco Talos have published a detailed analysis on a targeted attack leveraging a weaponized Microsoft Word document that is spread in spam emails as an attachment. The malicious code used in the […]
Pierluigi Paganini
March 03, 2017
According to Cloudflare, an initial analysis conducted its experts reveals that no personal data was leaked due to the CloudBleed issue. On February 17 the Google Project Zero researcher Tavis Ormandy disclosed a serious bug in Cloudflare infrastructure, so-called Cloudbleed. Ormandy discovered that Cloudflare was leaking a wide range of sensitive information, including authentication cookies […]
Pierluigi Paganini
March 03, 2017
Security experts at Trustwave have discovered a hidden backdoor in Internet of Things devices manufactured by the Chinese firm DblTek. Researchers from Trustwave have discovered a backdoor in IoT devices manufactured by a Chinese vendor that is refusing to fix it. The backdoored devices are produced by the VoIP firm Dbltek, the researchers speculate the backdoor was […]
Pierluigi Paganini
March 02, 2017
A flaw in Cisco NetFlow Generation Appliance tracked as CVE-2017-3826, could be exploited by an unauthenticated, remote attacker to cause a DoS condition. “A vulnerability in the Stream Control Transmission Protocol (SCTP) decoder of the Cisco NetFlow Generation Appliance (NGA) could allow an unauthenticated, remote attacker to cause the device to hang or unexpectedly reload, causing a denial […]
Pierluigi Paganini
March 02, 2017
The researcher East-Ee Security devised a proof of concept bypass of the Google’s reCaptcha V2 verification system dubbed ReBreakCaptcha. East-Ee Security proposed a proof of concept bypass of the Google’s reCaptcha V2 verification system dubbed ReBreakCaptcha. The PoC uses the Google web-based tools for its purpose. According to the author, ReBreakCaptcha “lets you easily bypass […]
