Pierluigi Paganini
March 07, 2019
Security experts at FortiGuard uncovered a new malware campaign aimed at delivering the StealthWorker brute-force malware. The malicious code targets both Windows and Linux systems, compromised systems are used to carry out brute force attacks along with other infected systems. The malicious code was first discovered by Malwarebytes at the end of February and tracked […]
Pierluigi Paganini
March 07, 2019
UPnP-enabled devices running outdated software are exposed to a wide range of attacks exploiting known flaws in UPnP libraries. A broad range of UPnP-enabled devices running outdated software are exposed to attacks exploiting known flaws in UPnP libraries, Tony Yang, Home Network Researcher, has found 1,648,769 devices using the Shodan search engine, 35% were using […]
Pierluigi Paganini
March 07, 2019
Security experts at Symantec linked the massive Singapore Healthcare breach suffered by SingHealth to the ‘Whitefly’ cyberespionage group. In 2018, the largest healthcare group in Singapore, SingHealth, has suffered a massive data breach that exposed personal information of 1.5 million patients who visited the clinics of the company between May 2015 and July 2018. Stolen […]
Pierluigi Paganini
March 06, 2019
A new zero-day vulnerability in Google Chrome, tracked as CVE-2019-5786, is actively exploited in attacks in the wild. A new zero-day vulnerability in Google Chrome is actively exploited in attacks in the wild. The vulnerability was discovered late February by Clement Lecigne, a security researcher at the Google Threat Analysis Group. The high severity zero-day […]
Pierluigi Paganini
March 06, 2019
The NSA released the Ghidra, a multi-platform reverse engineering framework that could be used to find vulnerabilities and security holes in applications. In January 2019, the National Security Agency (NSA) announced the release at the RSA Conference of the free reverse engineering framework GHIDRA. GHIDRA is a multi-platform reverse engineering framework that runs on major […]
Pierluigi Paganini
March 06, 2019
A cyber-espionage group, tracked as APT40, apparently linked to the Chinese government is focused on targeting countries important to the country’s Belt and Road Initiative. The cyber-espionage group tracked as APT40 (aka TEMP.Periscope, TEMP.Jumper, and Leviathan), apparently linked to the Chinese government, is focused on targeting countries important to the country’s Belt and Road Initiative […]
Pierluigi Paganini
March 05, 2019
The Iran-linked Chafer APT group used a new Python-based backdoor in recent attacks aimed at a Turkish government entity. The Iran-linked Chafer APT group used a new Python-based backdoor in attacks carried out in November 2018 that targeted a Turkish government entity. The Chafer APT group has distributed data stealer malware since at least mid-2014, […]
Pierluigi Paganini
March 05, 2019
Poorly protected Docker hosts exposed online continue to be a privileged target of crooks that abuse their computational resources in cryptojacking campaigns. Security experts have recently discovered hundreds of exposed Docker hosts that have been compromised by hackers exploiting the CVE-2019-5736 runc vulnerability in February. The flaw was discovered by the security researchers Adam Iwaniuk […]
Pierluigi Paganini
March 05, 2019
Microsoft started rolling out a new software update for Windows 10 systems to apply mitigations against the Spectre attacks. Over the weekend, Microsoft started distributing software updates for Windows 10 systems to enable the Retpoline mitigations against Spectre attacks. In January 2018 security experts at Google Project Zero disclosed Meltdown and Spectre side-channel attacks that […]
Pierluigi Paganini
March 04, 2019
Cybersecurity expert at Google Project Zero has publicly disclosed details and proof-of-concept exploit for a high-severity security vulnerability in macOS operating system. Google Project Zero white hat hacker Jann Horn disclosed the flaw according to the 90-days disclosure policy of the company because Apple failed to address the issue within 90 days of being notified. […]
