Pierluigi Paganini
March 06, 2019
A new zero-day vulnerability in Google Chrome, tracked as CVE-2019-5786, is actively exploited in attacks in the wild. A new zero-day vulnerability in Google Chrome is actively exploited in attacks in the wild. The vulnerability was discovered late February by Clement Lecigne, a security researcher at the Google Threat Analysis Group. The high severity zero-day […]
Pierluigi Paganini
March 06, 2019
The NSA released the Ghidra, a multi-platform reverse engineering framework that could be used to find vulnerabilities and security holes in applications. In January 2019, the National Security Agency (NSA) announced the release at the RSA Conference of the free reverse engineering framework GHIDRA. GHIDRA is a multi-platform reverse engineering framework that runs on major […]
Pierluigi Paganini
March 06, 2019
A cyber-espionage group, tracked as APT40, apparently linked to the Chinese government is focused on targeting countries important to the country’s Belt and Road Initiative. The cyber-espionage group tracked as APT40 (aka TEMP.Periscope, TEMP.Jumper, and Leviathan), apparently linked to the Chinese government, is focused on targeting countries important to the country’s Belt and Road Initiative […]
Pierluigi Paganini
March 05, 2019
The Iran-linked Chafer APT group used a new Python-based backdoor in recent attacks aimed at a Turkish government entity. The Iran-linked Chafer APT group used a new Python-based backdoor in attacks carried out in November 2018 that targeted a Turkish government entity. The Chafer APT group has distributed data stealer malware since at least mid-2014, […]
Pierluigi Paganini
March 05, 2019
Poorly protected Docker hosts exposed online continue to be a privileged target of crooks that abuse their computational resources in cryptojacking campaigns. Security experts have recently discovered hundreds of exposed Docker hosts that have been compromised by hackers exploiting the CVE-2019-5736 runc vulnerability in February. The flaw was discovered by the security researchers Adam Iwaniuk […]
Pierluigi Paganini
March 05, 2019
Microsoft started rolling out a new software update for Windows 10 systems to apply mitigations against the Spectre attacks. Over the weekend, Microsoft started distributing software updates for Windows 10 systems to enable the Retpoline mitigations against Spectre attacks. In January 2018 security experts at Google Project Zero disclosed Meltdown and Spectre side-channel attacks that […]
Pierluigi Paganini
March 04, 2019
Cybersecurity expert at Google Project Zero has publicly disclosed details and proof-of-concept exploit for a high-severity security vulnerability in macOS operating system. Google Project Zero white hat hacker Jann Horn disclosed the flaw according to the 90-days disclosure policy of the company because Apple failed to address the issue within 90 days of being notified. […]
Pierluigi Paganini
March 03, 2019
The Wireshark Foundation released Wireshark 3.0.0, the latest release of the popular open-source packet analyzer. The Wireshark Foundation announced the release of Wireshark 3.0.0, the latest release of the popular open-source packet analyzer. The new version addresses several bugs and introduces tens of new features, it also improved existing features. The most important changes is […]
Pierluigi Paganini
March 03, 2019
A new round of the weekly SecurityAffairs newsletter arrived! The best news of the week with Security Affairs. Kindle Edition Paper Copy Once again thank you! 70000 Pakistani banks cards with PINs go on sale on the dark web. CVE-2019-9019 affects British Airways Entertainment System on Boeing 777-36N(ER) Duo Labs presents CRXcavator Service that analyzes […]
Pierluigi Paganini
March 03, 2019
According to security experts at Fox-IT, a recently addressed flaw in the Cobalt Strike penetration testing platform could be exploited to identify attacker servers. Security experts at Fox-IT discovered that a recently addressed vulnerability in the Cobalt Strike penetration testing platform could be exploited to identify attacker servers. The vulnerability was addressed in Cobalt Strike […]
