Hacker “Subby” brute-forces the backends of 29 IoT botnets that were using weak or default credentials. A hacker that goes online with the moniker ‘Subby’ took over 29 IoT botnets in the past few weeks with brute-force attacks. The hacker ‘Subby’ took over 29 IoT botnets in the past few weeks brute-forcing the back end […]
Magecart group stole payment card details from the e-commerce system used by colleges and universities in Canada and the US. Security firms have monitored the activities of a dozen Magecart groups at least since 2015. The gangs use to implant skimming script into compromised online stores in order to steal payment card data, but they are quite […]
The news was reported by the Kyodo News and has caught my attention, Japan will develop its first-ever computer virus as defense against cyber attacks. The Kyodo News revealed that Japan will develop its first-ever computer virus as a defense measure against cyber attacks and that the development will be completed by next March. The […]
Extortion practice hit programmers’ Git repositories, experts observed a new piece of ransomware that wipes them and replaces the code with a ransom note. Hackers are using a new piece of ransomware to target GitHub, GitLab, and Bitbucket repositories, wiping code and commiting, and leaving a ransom note. The hackers wipe out all commit history […]
The Human Factor has a fundamental importance for the success of a cyber attack, for this reason it is important to create a culture of cyber security within organizations. Every day we see a large number of tools being implemented within enterprises and institutions due to the need to keep their environments more secure, along […]
Cisco released security patches to address tens of vulnerabilities in its products, including a critical vulnerability affecting Nexus 9000 switches. Cisco released security patches to address tens of vulnerabilities in its products. Among the flaws fixed by Cisco, there is also a critical vulnerability in Nexus 9000 switches that is tracked as CVE-2019-1804 and that […]
The availability of 10KBLAZE PoC exploits for old SAP configuration issue poses a severe risk of attacks for business applications. The risk of cyber attacks against SAP systems is increased after security researchers released PoC exploits for old SAP configuration flaws. SAP Message Server and SAP Gateway implements an access control list (ACL) mechanism to […]
The APT34 Glimpse project is maybe the most complete APT34 project known so far, the popular researcher Marco Ramilli analyzed it for us. Indeed we might observe a File-based command and control (a quite unusual solution) structure, a VBS launcher, a PowerShell Payload and a covert channel over DNS engine. This last feature is the most […]
Magecart made the headlines again, Magecart Group 12 is conducting a large-scale operation that targets OpenCart online stores. According to security experts at RiskIQ, the Magecart Group 12 is behind a large-scale operation against OpenCart online stores. The attackers used stealth tactics to remain under the radar and siphon payment data from compromised e-commerce sites. […]
The Department of Energy confirmed that in March a cyber event disrupted power grid operations in California, Wyoming, and Utah. The Department of Energy confirmed that on March 2019, between 9 a.m. and 7 p.m., a cyber event disrupted energy grid operations in California, Wyoming, and Utah. The news was first reported by E&E News, […]