Pierluigi Paganini
November 15, 2018
Kaspersky Lab starts data processing for European users in Zurich and also launched the first Transparency Cente under the announced Transparency Initiative From today, malicious and suspicious files shared by users of Kaspersky Lab products in Europe will start to be processed in data centers in Zurich, initiating the first part of a relocation commitment […]
Pierluigi Paganini
November 15, 2018
The Zero Day Initiative’s Pwn2Own Tokyo 2018 is a success, participants earned over $300,000 for disclosing flaws affecting iPhone X, Xiaomi Mi 6 and Samsung Galaxy S9 smartphones. During the first day of the Pwn2Own Tokyo 2018 contest, participants hacked Apple iPhone X, Samsung Galaxy S9 and Xiaomi Mi 6 devices earning more than $225,000. The novelty […]
Pierluigi Paganini
November 14, 2018
Researchers who devised the original Meltdown and Spectre attacks disclosed seven new variants that leverage on a technique known as transient execution. In January, white hackers from Google Project Zero disclosed the vulnerabilities that potentially impact all major CPUs, including the ones manufactured by AMD, ARM, and Intel. The expert devised two attacks dubbed Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5753 and CVE-2017-5715), which could […]
Pierluigi Paganini
November 14, 2018
Kaspersky revealed that the CVE-2018-8589 Windows 0-day fixed by Microsoft Nov. 2018 Patch Tuesday has been exploited by at least one APT group in attacks in the Middle East. Kaspersky Lab experts revealed that the CVE-2018-8589 Windows zero-day vulnerability addressed by Microsoft November 2018 Patch Tuesday has been exploited by an APT group in targeted attacks against entities in the Middle East. Kaspersky […]
Pierluigi Paganini
November 14, 2018
Adobe Patch Tuesday updates for November 2018 addresses three flaws in Flash Player, Acrobat and Reader, and Photoshop CC. Adobe Patch Tuesday updates for November 2018 fixes three flaws in Flash Player, Acrobat and Reader, and Photoshop CC. The most severe issue is an information disclosure vulnerability, tracked as CVE-2018-15979, due to the availability of the proof-of-concept […]
Pierluigi Paganini
November 14, 2018
Experts at Yoroi’s Cyber Security Defence Center along with Fincantieri’s security team investigated the recently discovered Martymcfly malware attacks. Background On October 17th we disclosed the ‘MartyMcFly’ Threat (Rif. Analysis) where unknown attackers were targeting Italian naval industries. The analysis was cited by  Kaspersky’s ICS CERT who exposed a wider threat extension across multiple countries such as: […]
Pierluigi Paganini
November 14, 2018
Security experts from Imperva reported a new Facebook flaw that could have exposed private info of users and their friends A new security vulnerability has been reported in Facebook, the flaw could have been exploited by attackers to obtain certain personal information about users and their network of contacts. The recently discovered issue raises once again […]
Pierluigi Paganini
November 13, 2018
Microsoft’s Patch Tuesday updates for November 2018 fixed more than 60 vulnerabilities, including an actively exploited Windows flaw. Microsoft’s Patch Tuesday updates for November 2018 addressed 63 vulnerabilities, including an actively exploited Windows privilege escalation vulnerability. Twelve of the flaws were rated as “Critical”, 49 are rated Important, two vulnerabilities were publicly known at the time […]
Pierluigi Paganini
November 13, 2018
Cathay Pacific has admitted that it was under attack for three months and it took six months to disclose the data breach. At the end of October, Cathay Pacific Airways Limited, the flag carrier of Hong Kong, announced that had suffered a major data breach affecting up to 9.4 million passengers. Exposed data includes passport numbers, identity […]
Pierluigi Paganini
November 13, 2018
David Wells, a security expert from Tenable, devised a method to bypass Windows’ User Account Control (UAC) by spoofing the execution path of a file in a trusted directory. A security researcher from Tenable has discovered that is possible to bypass Windows’ User Account Control (UAC) by spoofing the execution path of a file in a trusted […]
