Pierluigi Paganini
December 30, 2018
A couple of researchers demonstrated how to bypass vein based authentication using a fake hand build from a photo. If you consider vein based authentication totally secure, you have to know that a group of researchers demonstrated the opposite at the Chaos Communication Congress hacking conference. Vein based authentication scan invisible vein pattern (i.e. shape, […]
Pierluigi Paganini
December 28, 2018
Personal details of roughly 1,000 North Korean defectors living in South Korea have been leaked in a hacking case. Personal details of nearly 1,000 North Korean defectors were leaked as a result of a cyber attack exposing them to severe threats from Pyongyang. A similar incident has never happened before, the Unification Ministry said that […]
Pierluigi Paganini
December 28, 2018
The security researcher Bruno Keith from the Phoenhex group published a PoC code for a remote code execution flaw in Microsoft Edge browser (CVE-2018-8629). The vulnerability affects the JavaScript engine Chakra implemented in the Edge web browser, an attacker could exploit it to execute arbitrary code on the target machine with the same privileges as […]
Pierluigi Paganini
December 27, 2018
A new sample of Shamoon 3 was uploaded on December 23 to the VirusTotal platform from France, it is signed with a Baidu certificate. A new sample of the dreaded Shamoon wiper was uploaded on December 23 to the VirusTotal platform from France. This sample attempt to disguise itself as a system optimization tool developed […]
Pierluigi Paganini
December 27, 2018
BevMo, the wine and liquor store, is warning customers of payment card breach and reported the incident to the authorities. The wine and liquor store BevMo suffered a payment card breach, a hacker stole credit card numbers and other information from more than 14,000 customers who purchased goods on the website. The company has notified […]
Pierluigi Paganini
December 27, 2018
Since November, a new ransomware called JungleSec has been infecting servers through unsecured IPMI (Intelligent Platform Management Interface) cards. Security experts at BleepingComputer wrote about a new ransomware called JungleSec that is infecting victims through unsecured IPMI (Intelligent Platform Management Interface) cards. The ransomware was first observed early November. The IPMI is a set of computer interface […]
Pierluigi Paganini
December 26, 2018
A critical vulnerability affects Schneider Electric electric vehicle charging stations, the EVLink Parking systems. EVlink Parking charging solutions are usually in parking environments, including offices, hotels, supermarkets, fleets, and municipals. According to the company, the issue is tied to a hard-coded credential bug that could be exploited by attackers to gain access to the system. […]
Pierluigi Paganini
December 25, 2018
Amnesty International warns of threat actors that are launching phishing attacks aimed at bypassing Gmail, Yahoo 2FA at scale Amnesty International published a report that details how threat actors are able to bypass 2FA authentication that leverages text message as a second factor. Attackers are using this tactic to break into Gmail and Yahoo accounts […]
Pierluigi Paganini
December 24, 2018
Researchers from Trustwave SpiderLabs discovered an unpatched kernel-level vulnerability in driver used by IBM Trusteer Rapport endpoint security tool. The issue affects endpoint security tool for MacOS, IBM released a patch but failed to address the vulnerability within the 120-day disclosure deadline. The IBM Trusteer Rapport endpoint security tool is a lightweight software component that […]
Pierluigi Paganini
December 24, 2018
Security researchers discovered some flaws in the Twinkly IoT lights that could be exploited display custom lighting effects and to remotely turn off them. Security researchers from MWR InfoSecurity have discovered some flaws in the Twinkly IoT lights that could be exploited to display custom lighting effects and to remotely turn off their Christmas brilliance. […]
APT / February 05, 2026
