Hacking

Pierluigi Paganini July 19, 2013
Brute-forcing applications spotted in the wild … pros and cons

Brute forcing applications spotted in the wild demonstrates the continual interest of cybercrime … What is the limitations of this attack technique? Cybercrime industry has a fervent creativity and  new products are daily offered in the underground. I desire to close this week with a look to the offer on the black market speaking of brute-forcing applications […]

Pierluigi Paganini July 17, 2013
Trend Micro – targeted attack against Europe-Asia government agencies

Trend Micro uncovered targeted attack against European and Asian government agencies to steal login credentials from IE and Microsoft Outlook products. A new targeted attack has been uncovered by Trend Micro security experts, the hackers hit European government agencies trying to steal login credentials from Internet Explorer (IE) and Microsoft Outlook. The attackers trying to […]

Pierluigi Paganini July 17, 2013
New Android Master Key attack revealed by Android Security Squad

The China-based group Android Security Squad revealed a new Android Master Key attack that exploits the vulnerability in the way the OS reads APK files allowing modification of signed legitimate apps. The China-based group Android Security Squad found for the second time a serious vulnerability in Android master key management. In the last days it was […]

Pierluigi Paganini July 16, 2013
Researchers can hack Verizon Wireless femtocells to spy on customers

Two security researchers announced that they have succeeded to transform Verizon mobile phones into spy tools to track Verizon’s users. The security experts revealed to the Reuters agency that it is possible to hack Verizon mobile phones for surveillance purpose, the researchers will present the discovery during the next hacking conferences this summer, the DEF […]

Pierluigi Paganini July 14, 2013
Critical Facebook vulnerability allows account hacking

Security expert Dan Melamed discovered a critical Facebook vulnerability would allow an attacker to take complete control over any account. A critical Facebook vulnerability would allow an attacker to take complete control over any account, the discovery was made by Dan Melamed, a security researcher, web developer, self-employed internet marketer, and entrepreneur. Dan was recently […]

Pierluigi Paganini July 11, 2013
Gaming platforms under attack – Nintendo and Ubisoft hacks

The number of attacks against gaming platforms is constantly increasing, the recent data breach occurred to Nintendo and Ubisoft are just the tip of the iceberg. Gaming platforms are considerable privileged targets for cybercriminals but also for state-sponsored hackers. The first group of attackers is mainly attracted by possibility to steal sensitive information, in many […]

Pierluigi Paganini July 10, 2013
Critical Facebook flaw exposed email address for any account

A critical Facebook flaw exposed email address for any account, the discovery was made by Stephen Sclafani, security researcher and founder of PlayToWin. Another vulnerability menaces privacy of Facebook users allowing the disclosure of primary email address of any account. Stephen Sclafani, security researcher and founder of PlayToWin, described the attack technique in a blog post titled […]

Pierluigi Paganini July 08, 2013
Profiling for underground service harvests mobile phone numbers

Dancho Danchev profiled a new service harvests mobile phone numbers advertised in the underground, the vendor also proposing SMS spamming and phone number verification service. A new service harvests mobile phone numbers advertised in the underground is the demonstration that mobile is becoming a privileged target for cybercrime. Botnets, mobile malware, ransomware, DDoS applications and hacking […]

Pierluigi Paganini July 07, 2013
Avira.com SQL Injection and Security Filter Bypassing

Cyber Security Analyst Ebrahim Hegazy has found an Avira.com SQL Injection vulnerability, Avira.com is the famous Avira Antivirus vendor’s web site. Ebrahim Hegazy(@Zigoo0) Cyber Security Analyst Consultant @ Q-CERT who found a SQL Injection in Yahoo! about two months ago, has found a new SQL Injection vulnerability in Avira.com the famous Avira Antivirus vendor. The […]

Pierluigi Paganini July 06, 2013
DropBox account hacking bypassing two-factor authentication

Zouheir Abdallah revealed that a hacker already knows the victim’s credentials for Dropbox account that has 2FA authentication enabled, is able to hack it. Few hours ago I was informed that Q-CERT team found a critical vulnerability in DropBox that allows a hacker to bypass the two-factor authentication implemented by the popular file sharing service. […]