Pierluigi Paganini
December 27, 2018
Since November, a new ransomware called JungleSec has been infecting servers through unsecured IPMI (Intelligent Platform Management Interface) cards. Security experts at BleepingComputer wrote about a new ransomware called JungleSec that is infecting victims through unsecured IPMI (Intelligent Platform Management Interface) cards. The ransomware was first observed early November. The IPMI is a set of computer interface […]
Pierluigi Paganini
December 26, 2018
A critical vulnerability affects Schneider Electric electric vehicle charging stations, the EVLink Parking systems. EVlink Parking charging solutions are usually in parking environments, including offices, hotels, supermarkets, fleets, and municipals. According to the company, the issue is tied to a hard-coded credential bug that could be exploited by attackers to gain access to the system. […]
Pierluigi Paganini
December 25, 2018
Amnesty International warns of threat actors that are launching phishing attacks aimed at bypassing Gmail, Yahoo 2FA at scale Amnesty International published a report that details how threat actors are able to bypass 2FA authentication that leverages text message as a second factor. Attackers are using this tactic to break into Gmail and Yahoo accounts […]
Pierluigi Paganini
December 24, 2018
Researchers from Trustwave SpiderLabs discovered an unpatched kernel-level vulnerability in driver used by IBM Trusteer Rapport endpoint security tool. The issue affects endpoint security tool for MacOS, IBM released a patch but failed to address the vulnerability within the 120-day disclosure deadline. The IBM Trusteer Rapport endpoint security tool is a lightweight software component that […]
Pierluigi Paganini
December 24, 2018
Security researchers discovered some flaws in the Twinkly IoT lights that could be exploited display custom lighting effects and to remotely turn off them. Security researchers from MWR InfoSecurity have discovered some flaws in the Twinkly IoT lights that could be exploited to display custom lighting effects and to remotely turn off their Christmas brilliance. […]
Pierluigi Paganini
December 24, 2018
Some models of Huawei routers are affected by a flaw that could be exploited by attackers to determine whether the devices have default credentials or not. Ankit Anubhav, a principal researcher at NewSky Security, discovered a vulnerability in some models of Huawei routers that could be exploited by attackers to determine whether the devices have […]
Pierluigi Paganini
December 23, 2018
France’s data protection agency had fined the ride-sharing company Uber with 400,000 euros ($455,000) over a 2016 data breach. The data breach suffered by Uber in 2016 exposed the personal data of some 57 million clients and drivers worldwide. In November 2017, the Uber CEO Dara Khosrowshahi announced that hackers broke into the company database and […]
Pierluigi Paganini
December 23, 2018
Cisco Adaptive Security Appliance (ASA) Software is affected by a vulnerability that could be exploited by an attacker to retrieve files or replace software images on a device. A privilege escalation vulnerability tracked as CVE-2018-15465 affects the Cisco Adaptive Security Appliance (ASA) software. The flaw could be exploited by an unauthenticated, remote attacker to perform […]
Pierluigi Paganini
December 22, 2018
Personal information belonging to over 500,000 students and 50 district employees were exposed in the San Diego School District (SDUSD) security breach. An attacker sent spear-phishing to SDUSD personnel with the intent of trick them into revealing credentials to access the district’s network services. The attacker accessed personal information of student and staff, including names, […]
Pierluigi Paganini
December 22, 2018
U.S. Authorities Take Down 15 DDoS-for-Hire Websites The Department of Justice (DoJ) announced that the FBI seized 15 domains associated with DDoS-for-hire services. The FBI has seized 15 domains associated with DDoS-for-hire services (aka booters or stressers) that were used by their customers to launch powerful DDoS attacks. The U.S. District Court for the Central […]
