Pierluigi Paganini
June 05, 2018
Security experts from British software firm Snyk have discovered a critical vulnerability, dubbed ‘Zip Slip’ that affects thousands of projects across many industries. The flaw, that remained hidden for years, could be exploited by attackers to execute arbitrary code on the vulnerable systems. The Zip Slip is an arbitrary file overwrite vulnerability that could be triggered […]
Pierluigi Paganini
June 05, 2018
A security researcher discovered email addresses and hashed passwords of roughly 92.3 million Myheritage users stored on a private server outside the company. The huge trove of data was contained in a file named “,” according to the experts the information is authentic and comes from Myheritage. “Today, June 4, 2018 at approximately 1pm EST, MyHeritage’s Chief […]
Pierluigi Paganini
June 05, 2018
Two months after the release of the security updates for the drupalgeddon2 flaw, experts continue to see vulnerable websites running on flawed versions of Drupal that hasn’t installed security patches. In March, the Drupal developers Jasper Mattsson discovered a “highly critical” vulnerability, tracked as CVE-2018-7600, aka drupalgeddon2, affecting Drupal 7 and 8 versions. Both Drupal 8.3.x and 8.4.x are […]
Pierluigi Paganini
June 04, 2018
Security experts reported widespread Google Groups misconfiguration exposes sensitive information. Administrators of organizations using Google Groups and G Suite must review their configuration to avoid the leakage of internal information. Security researchers from Kenna Security have recently discovered that 31 percent of 9,600 organizations analyzed is leaking sensitive e-mail information. The list of affected entities also includes […]
Pierluigi Paganini
June 04, 2018
A North Korea-linked APT group, tracked by experts at industrial cybersecurity firm Dragos as Covellite, has stopped targeting US organizations. Anyway, the group, that is believed to be linked to the notorious Lazarus APT group, is continuing to target organizations in Europe and East Asia. The group has been around at least since 2017 and is still active, […]
Pierluigi Paganini
June 03, 2018
According to the security experts at Imperva firm, three open Redis servers out of four are infected with malware. The discovery is the result of analysis conducted by running Redis-based honeypot servers for some months. Since their initial report on the RedisWannaMine attack that propagates through open Redis and Windows servers, the experts from Imperva have discovered a new […]
Pierluigi Paganini
June 03, 2018
A new round of the weekly SecurityAffairs newsletter arrived! The best news of the week with Security Affairs. Let me inform you that my new book, “Digging in the Deep Web” is online Kindle Edition Paper Copy Once again thank you! · A bug in T-Mobile site allowed anyone see any customers account details · […]
Pierluigi Paganini
June 02, 2018
Researchers at ThreatPress firm discovered security vulnerabilities in ten WordPress plugins developed by Multidots, a company for e-commerce websites. The vulnerable plugins are available on theWordPress.org and implement a set of features for WooCommerce installations that allow admins to manage their online shops, nearly 20,000 WordPress installs currently use them. “Recently our research team found serious security […]
Pierluigi Paganini
June 02, 2018
Experts from security firms GreyNoise Intelligence and JASK believe that the threat actor behind the VPNFilter is now attempting to resume the botnet with a new wave of infections. A week ago security experts and law enforcement bodies reported the existence of a huge Russia-linked botnet tracked as VPNFilter. The botnet infected over 500,000 routers and […]
Pierluigi Paganini
June 02, 2018
A team of researchers from the University of Michigan and Zhejiang University has devised a method to cause physical damage to hard drives by using sonic and ultrasonic signals. An attacker just needs to play ultrasonic sounds through a built-in speaker of a target computer or by using a speaker in its proximity. The principle is […]
Security / November 12, 2025
Cyber Crime / November 12, 2025
Malware / November 11, 2025
