Pierluigi Paganini
January 24, 2019
A still ongoing spam campaign that has been active during the last months has been distributing the Redaman banking malware. Experts at Palo Alto Networks continue to monitor an ongoing spam campaign that has been distributing the Redaman banking malware. The malware was first observed in the threat landscape in 2015, most of the victims […]
Pierluigi Paganini
January 24, 2019
Cisco released security updates for several products, including SD-WAN, Webex, Firepower, IoT Field Network Director, Identity Services Engine, and Small Business routers. Cisco released security updates to address security flaws in several products including SD-WAN, Webex, Firepower, IoT Field Network Director, Identity Services Engine, and Small Business routers. One of the flaws tracked as CVE-2019-1651 has […]
Pierluigi Paganini
January 24, 2019
DHS has issued a notice of a CISA emergency directive urging federal agencies of improving the security of government-managed domains (i.e. .gov) to prevent DNS hijacking attacks. The notice was issued by the DHS and links the emergency directive Emergency Directive 19-01 titled “Mitigate DNS Infrastructure Tampering.” “In coordination with government and industry partners, the […]
Pierluigi Paganini
January 24, 2019
Researcher published a PoC exploit code for critical vulnerabilities that could be chained to implement an iOS jailbreak On iPhone X The security researcher Qixun Zhao of Qihoo 360’s Vulcan Team has published a PoC exploit code for critical vulnerabilities in Apple Safari web browser and iOS that could be exploited by a remote attacker to jailbreak […]
Pierluigi Paganini
January 23, 2019
PHP PEAR official site hacked, attackers replaced legitimate version of the package manager with a tainted version in the past 6 months. Bad news for users that have downloaded the PHP PEAR package manager from the official website in the past 6 months because hackers have replaced it with a tainted version. The PHP Extension and […]
Pierluigi Paganini
January 21, 2019
A rogue MySQL server could be used to steal files from clients due to a design flaw in the popular an open source relational database management system (RDBMS). The flaw resides in the file transfer process between a client host and a MySQL server, it could be exploited by an attacker running a rogue MySQL server to access […]
Pierluigi Paganini
January 21, 2019
The electronics firm Omron released a security update to address flaws in its CX-Supervisor product that can be exploited DoS attacks and remote code execution. CX-Supervisor allows to rapidly create human-machine interfaces (HMIs) for supervisory control and data acquisition (SCADA) systems thanks to the availability of a large number of predefined functions and libraries. The software […]
Pierluigi Paganini
January 21, 2019
Unpatched critical flaw CVE-2018-15439 could be exploited by a remote, unauthenticated attacker to gain full control over the device. Cisco Small Business Switch software is affected by a critical and unpatched vulnerability (CVE-2018-15439) that could be exploited by a remote, unauthenticated attacker to gain full control over the device. Cisco Small Business Switch SOHO devices allow […]
Pierluigi Paganini
January 20, 2019
Bulgaria has extradited a Russian hacker that was indicted by a US court for mounting a sophisticated hacking scheme to the United States. According to the Russian embassy in Washington, the Russian hacker Alexander Zhukov was extradited on January 18. The Russian embassy has chosen to disclose the news on the VK social network, the […]
Pierluigi Paganini
January 20, 2019
A new round of the weekly SecurityAffairs newsletter arrived! The best news of the week with Security Affairs. Let me inform you that my new book, “Digging in the Deep Web” is online with a special deal 20% discount Kindle Edition Paper Copy Once again thank you! TA505 Group adds new ServHelper Backdoor and FlawedGrace […]
