Pierluigi Paganini
February 17, 2017
Security experts have discovered a new SQL malware targeting online shops running on Magento that hides the code in the website’s database. Security experts have discovered a new strain of malware that is targeted websites raising Russian the Magento eCommerce platform. The novelty is that this is the first a malware that hides the code in the website’s […]
Pierluigi Paganini
February 17, 2017
A group of security researcher has devised a new attack technique dubbed AnC attack that allows to bypass the ASLR Protection on 22 CPU architectures. The Address Space Layout Randomization (ASLR Protection) is a security mechanism used by operating systems to randomize the memory addresses used by key areas of processes, it makes hard for attackers […]
Pierluigi Paganini
February 16, 2017
On Thursday the OpenSSL Project has fixed a high severity denial-of-service (DoS) vulnerability in OpenSSL tracked as CVE-2017-3733. The OpenSSL development team has fixed a high severity denial-of-service (DoS) flaw tracked as CVE-2017-3733. This is the second security update released in just two months, the first one addressed four low and moderate severity flaws in the library. The […]
Pierluigi Paganini
February 16, 2017
Security experts at IBM published a report that includes precious details on the attack chain of the dreader Shamoon cyberweapon. The dreaded Shamoon malware, aka Disttrack, has resurrected and government agencies and threat intelligence firms are investigating the recent strings of attacks leveraging the dangerous disk wiper. We detected the Shamoon malware for the first time in August 15th, […]
Pierluigi Paganini
February 16, 2017
Yahoo notifies users that hackers are forging “cookies” or files used in the authentication process to access their accounts, instead of stealing passwords Yahoo confirmed it was notifying some users of sophisticated cyber attacks aimed to compromise their accounts. The hackers are adopting hacking methods to forge “cookies” or files used in the authentication process, instead of […]
Pierluigi Paganini
February 15, 2017
The Russian-speaking black hat hacker Rasputin, hacked systems of more than 60 universities and U.S. government agencies. According to the threat intelligence firm Recorded Future, a Russian-speaking black hat hacker, known as ‘Rasputin‘, hacked systems of more than 60 universities and U.S. Government agencies. We met Rasputin in December 2016, when he was offering for sale stolen login […]
Pierluigi Paganini
February 14, 2017
Adobe addressed thirteen highest severity code execution vulnerabilities in Flash Player for Windows, MAC OS, and Chrome. Adobe released security updates that address two dozen vulnerabilities in Flash Player, Digital Editions, and the Campaigns marketing tool. Adobe has released security updates for Adobe Flash Player for Windows, Macintosh, Linux and Chrome OS. The updates address critical vulnerabilities that could be […]
Pierluigi Paganini
February 14, 2017
Security researchers at Palo Alto Networks spotted a campaign leveraging Microsoft Office loader using malicious macros to drop multiple malware families. The researchers analyzed more than 650 unique samples of this specific loader since early December 2016, accounting for 12,000 phishing email targeting numerous industries. Most affected industries are High Tech, Professional and Legal Services, […]
Pierluigi Paganini
February 13, 2017
According to security experts from Symantec and BAE Systems, the recently discovered attacks aimed at Poland banks are linked to the Lazarus Group. Last week, several Polish banks confirmed their systems were infected with a malware after their staff visited the site of the Polish Financial Supervision Authority. The cyber attack was first reported by […]
Pierluigi Paganini
February 12, 2017
A new serious denial-of-service (DoS) vulnerability was patched this week by the Internet Systems Consortium (ISC) in the BIND DNS software. A security serious denial-of-service (DoS) vulnerability, tracked as CVE-2017-3135, was patched this week by the Internet Systems Consortium (ISC) in the BIND DNS software. The vulnerability in the BIND DNS software was reported by Ramesh Damodaran and Aliaksandr Shubnik of […]
APT / February 05, 2026
