Pierluigi Paganini
August 24, 2018
Security expert discovered a username enumeration vulnerability in the OpenSSH client that affects all versions of the software that was released since 1999. Security expert Darek Tytko from securitum.pl has discovered a username enumeration vulnerability in the OpenSSH client. The flaw tracked as CVE-2018-15473 affects all versions of the software that was released since 1999. The vulnerability could […]
Pierluigi Paganini
August 23, 2018
Malware researchers from ESET have published a detailed report on the latest variant of the Turla backdoor that leverages email PDF attachments as C&C. Malware researchers from ESET have conducted a new analysis of a backdoor used by the Russia-linked APT Turla in targeted espionage operations. The new analysis revealed a list of high-profile victims that was […]
Pierluigi Paganini
August 23, 2018
Check Point reported that organizations worldwide have been targeted with the Ryuk ransomware that was developed by North Korea-linked threat actor. Security experts from Check Point have uncovered a ransomware-based campaign aimed at organizations around the world conducted by North Korea-linked threat actor. The campaign appears as targeted and well-planned, crooks targeted several enterprises and encrypted hundreds […]
Pierluigi Paganini
August 23, 2018
Security researchers from Bitdefender have spotted a new Android spyware framework dubbed Triout that could be used to create malware with extensive surveillance capabilities. Bitdefender researchers have identified a new spyware framework can be used to spy into Android applications, it is tracked as Triout and first appeared in the wild on May 15. The researcher revealed that the command […]
Pierluigi Paganini
August 23, 2018
Supply Chain Attack Hits South Korean Firms Security researchers from Trend Micro have uncovered a supply chain attack, tracked as Operation Red Signature, against organizations in South Korea. The Operation Red Signature aimed at delivering a remote access Trojan (RAT) used by attackers to steal sensitive information from the victims. Threat actors compromised update server of a remote support […]
Pierluigi Paganini
August 22, 2018
Maintainers of the Apache Struts 2 open source development framework has released security updates to address a critical remote code execution vulnerability. Security updates released this week for the Apache Struts 2 open source development framework addressed a critical RCE tracked as CVE-2018-11776. The vulnerability affects Struts versions from 2.3 through 2.3.34, Struts 2.5 through 2.5.16, and […]
Pierluigi Paganini
August 22, 2018
The popular Google Project Zero white hat hacker Tavis Ormandy has found a critical remote code execution (RCE) vulnerability in Ghostscript. Ghostscript is an open source suite of software based on an interpreter for Adobe Systems’ PostScriptand Portable Document Format (PDF) page description languages. Ghostscript is a multiplatform software written in C language, it allows to convert PostScript language files (or EPS) to […]
Pierluigi Paganini
August 22, 2018
Hackers claim to have stolen the personal details of almost 20,000 Superdrug customers who shopped online at the cosmetics retailer. The British Superdrug is the last victim of a security breach, hackers claim to have stolen the personal details of almost 20,000 people who shopped online at the cosmetics retailer. Hackers accessed customersâ names, addresses and in some cases […]
Pierluigi Paganini
August 21, 2018
Microsoft has spotted a new hacking campaign targeting 2018 midterm elections, the experts attributed the attacks to Russia-linked APT28 group. Microsoft has spotted a new hacking campaign targeting 2018 midterm elections. The tech giant attributed to Russia-linked APT28 a series of cyber attacks aimed at Members of United States’ Senate, conservative organizations and think tanks. […]
Pierluigi Paganini
August 21, 2018
Cybersecurity firm NCC Group has released an open source tool for penetration testers that allows carrying out DNS rebinding attacks. Security firm NCC Group has released an open source tool for penetration testing dubbed Singularity of Origin that allows carrying out DNS rebinding attacks. Singularity also aims to raise awareness on how DNS rebinding attacks work and […]
