Pierluigi Paganini
April 08, 2018
Auth0, one of the biggest identity-as-a-service platform is affected by a critical authentication bypass vulnerability that exposed enterprises to hack. Auth0, one of the biggest identity-as-a-service platform is affected by a critical authentication bypass vulnerability that could be exploited by attackers to access any portal or application which are using it for authentication. Auth0 implements a token-based authentication model for a […]
Pierluigi Paganini
April 08, 2018
A new strain of ATM jackpotting malware dubbed ATMJackpot has been discovered by experts at Netskope Threat Research Labs. The malware is still under development and appears to have originated in Hong Kong, it has a smaller system footprint compared with similar threats. “Netskope Threat Research Labs has discovered a new ATM malware, “ATMJackpot.” The malware […]
Pierluigi Paganini
April 08, 2018
A new round of the weekly SecurityAffairs newsletter arrived! The best news of the week with Security Affairs. Let me inform you that my new book, “Digging in the Deep Web” is online Kindle Edition Paper Copy Once again thank you! · Airbnb China will share hosts information with the government · Any social media […]
Pierluigi Paganini
April 07, 2018
Personal information belonging to more than 130,000 Finnish citizens have been compromised in the third largest data breach ever happened in the country. The data breach affected a website maintained by the New Business Center in Helsinki (“Helsingin Uusyrityskeskus”), that is company that provides business advice to entrepreneurs. “Data batches have overwritten username and password for over 130,000 […]
Pierluigi Paganini
April 07, 2018
Early this year at least three European financial institutions were hit by DDoS attacks powered by a new variant of the Mirai botnet. A variant of the Mirai botnet, composed at lease of 13,000 compromised IoT devices was used to launch a series of DDoS attacks against financial sector businesses. The DDoS attacks peaked at up […]
Pierluigi Paganini
April 06, 2018
Security experts have discovered a vulnerability in the Spring Framework that could be exploited by a remote attacker to execute arbitrary code on applications built with it. Security researchers have discovered three vulnerabilities in the Spring Development Framework, one of them could be exploited by a remote attacker to execute arbitrary code on applications built […]
Pierluigi Paganini
April 06, 2018
A payment card breach suffered by [24]7.ai. between September 26 and October 12, 2017, is impacting major firm, including Best Buy, After Delta Air Lines and Sears Holdings. Another day another data breach, while media are reporting the security breach suffered Delta Air Lines and Sears Holdings due to the [24]7.ai a payment card breach, […]
Pierluigi Paganini
April 06, 2018
Cisco PSIRT has published a new security advisory for abuse of the Smart Install protocol, the IT giant has identified hundreds of thousands of exposed devices online. Cisco is advising organizations that hackers could target its switches via the Smart Install protocol. The IT giant has identified hundreds of thousands of exposed devices and warned critical infrastructure […]
Pierluigi Paganini
April 05, 2018
Third-party scrapers have exploited an issue in the Facebook ’s search function that allows anyone to look up users via their email address or phone numbers. Facebook revealed on Wednesday that 87 million users have been affected by the Cambridge Analytica case, much more than 50 million users initially thought. Facebook is the middle of a storm, Mark […]
Pierluigi Paganini
April 05, 2018
The North Korea-linked APT group known as Lazarus made the headlines again for attacking an online casino in Central America and other targets. The activity of the Lazarus Group (aka Hidden Cobra) surged in 2014 and 2015, its members used mostly custom-tailored malware in their attacks and experts that investigated on the crew consider it highly sophisticated. […]
APT / February 05, 2026
