Hacking

Pierluigi Paganini October 23, 2018
The fix for the DOM-based XSS in Branch.io introduced a new XSS flaw

The security patch for the recently disclosed cross-site scripting (XSS) vulnerability in Branch.io has introduced another similar XSS vulnerability. According to the security researcher Linus Särud, the security fix for the recently disclosed cross-site scripting (XSS) vulnerability in Branch.io has introduced another similar XSS vulnerability. The Branch.io company provides the leading mobile linking platform, with solutions that unify […]

Pierluigi Paganini October 22, 2018
Saudi Future Investment Initiative website defaced by the hackers

Hackers defaced Future Investment Initiative (FII) website for a Saudi investment summit just a day before the three-day conference begins. An unknown group of hackers has defaced the website of the Future Investment Initiative (FII) website, a Saudi investment summit, just a day before the three-day conference begins. Below the Tweet of Nahayat Tizhoosh (@NahayatT), a producer with […]

Pierluigi Paganini October 22, 2018
NATO military command center should be fully operational in 2023

The NATO military command center should be fully operational in 2023, every member states will contribute with its cyber capabilities to the military hub. The new NATO military command center should be fully operational in 2023, among its tasks the defense of the critical infrastructure of member states and the ability to carry out cyber attacks […]

Pierluigi Paganini October 22, 2018
FreeRTOS flaws expose millions of IoT devices to cyber attacks

Researchers found that one of the most popular Internet of Things real-time operating system, FreeRTOS, is affected by serious vulnerabilities. Researchers at Zimperium’s zLabs team have found that one of the most popular Internet of Things real-time operating system, FreeRTOS, is affected by serious vulnerabilities. The researcher Ori Karliner and his team analyzed some of the […]

Pierluigi Paganini October 22, 2018
MPlayer and VLC media player affected by critical flaw CVE-2018-4013

Cisco Talos expert discovered a code execution vulnerability (CVE-2018-4013) that has been identified in Live Networks LIVE555 streaming media RTSPServer. Lilith Wyatt, a security researcher at Cisco Talos, has discovered a critical remote code execution vulnerability  (CVE-2018-4013) in the LIVE555 media streaming library that is used by popular media players, including VLC and MPlayer. LIVE555 […]

Pierluigi Paganini October 21, 2018
DarkPulsar and other NSA hacking tools used in hacking operations in the wild

Attackers are targeting high-value servers using a three of hacking tools from NSA arsenal, including DarkPulsar, that were leaked by the Shadow Brokers hacker group. The hackers used the powerful cyber weapons to compromise systems used in aerospace, nuclear energy, R&D, and other industries. According to experts from Kaspersky Lab, threat actors leverage NSA tools DarkPulsar, DanderSpritz and Fuzzbunch […]

Pierluigi Paganini October 21, 2018
Security Affairs newsletter Round 185 – News of the week

A new round of the weekly SecurityAffairs newsletter arrived! The best news of the week with Security Affairs. Let me inform you that my new book, “Digging in the Deep Web” is online with a special deal 20% discount Kindle Edition Paper Copy Once again thank you! ·      Ex-NASA contractor pleaded guilty for cyberstalking crimes […]

Pierluigi Paganini October 21, 2018
WizCase Report: Vulnerabilities found in WD My Book, NetGear Stora, SeaGate Home, Medion LifeCloud NAS

Security researchers from WizCase have discovered several vulnerabilities in WD My Book, NetGear Stora, SeaGate Home, Medion LifeCloud NAS. NAS devices have become the storage device of choice for many small and medium businesses (SMB). They are inexpensive, easy to operate, and you can add additional storage if you’re running low on space. But is it secure enough […]

Pierluigi Paganini October 20, 2018
Thousands of applications affected by a zero-day issue in jQuery File Upload plugin

A security researcher discovered a zero-day vulnerability, tracked as CVE-2018-9206, that affects older versions of the jQuery File Upload plugin since 2010. Attackers can exploit the vulnerability to carry out several malicious activities, including defacement, exfiltration, and malware infection. The flaw was reported by the Akamai researcher Larry Cashdollar, he explained that many other packages that include […]

Pierluigi Paganini October 19, 2018
Drupal dev team fixed Remote Code Execution flaws in the popular CMS

The Drupal development team has patched several vulnerabilities in version 7 and 8 of the popular CMS, including RCE flaws. The development team of the Drupal content management system addressed several vulnerabilities in version 7 and 8, including some flaws that could be exploited for remote code execution. Drupal team fixed a critical vulnerability that resides in […]