Pierluigi Paganini
May 21, 2018
Google awarded the 18-year-old student Ezequiel Pereira a total of $36,337 for the discovery of a critical remote code execution vulnerability that affected the Google App Engine. The Google App Engine is a framework that allows Google users to develop and host web applications on a fully managed serverless platform. In February, Pereira gained access to […]
Pierluigi Paganini
May 21, 2018
Crooks are exploiting known vulnerabilities in the popular Drupal CMS such as Drupalgeddon2 and Drupalgeddon3 to deliver cryptocurrency miners, remote administration tools (RATs) and tech support scams. Security experts at Malwarebytes reported that compromised Drupal websites are used to deliver cryptocurrency miners, remote administration tools (RATs) and tech support scams. Crooks are exploiting known vulnerabilities in the […]
Pierluigi Paganini
May 21, 2018
On Friday, the Internet Systems Consortium (ISC) announced security updates for BIND DNS software that address two vulnerabilities rated with a “medium” severity rating. Both vulnerabilities could be exploited by attackers to cause a denial-of-service (DoS) condition, the first issue tracked as CVE-2018-5737 can also cause severe operational problems such as degradation of the service. “A problem […]
Pierluigi Paganini
May 21, 2018
Crook faces up to 35 years in prison for operating the popular Scan4You counter anti-virus (CAV) website that helped malware authors to test the evasion capabilities of their codes. Scan4You is a familiar service for malware developers that used it as a counter anti-virus (CAV). Scan4You allowed vxers to check their malware against as many […]
Pierluigi Paganini
May 20, 2018
A new round of the weekly SecurityAffairs newsletter arrived! The best news of the week with Security Affairs. Let me inform you that my new book, “Digging in the Deep Web” is online Kindle Edition Paper Copy Once again thank you! · A new flaw in Electron poses a risk to apps based on the […]
Pierluigi Paganini
May 20, 2018
Researchers from Eclypsium proposed a new variation of the Spectre attack that can allow attackers to recover data stored inside CPU System Management Mode. Security experts from Eclypsium have devised a new variation of the Spectre attack that can allow attackers to recover data stored inside CPU System Management Mode (SMM) (aka called ring -2). The SMM is an operating […]
Pierluigi Paganini
May 19, 2018
Security experts from Fortinet have spotted a new variant of the Mirai botnet dubbed ‘Wicked Mirai’, it includes new exploits and spread a new bot. The name Wicked Mirai comes from the strings in the code, the experts discovered that this new variant includes at least three new exploits compared to the original one. “The […]
Pierluigi Paganini
May 19, 2018
DrayTek routers are affected by a zero-day vulnerability that could be exploited by attackers to change DNS settings on some models. Routers manufactured by the Taiwan-based vendor DrayTek are affected by a zero-day vulnerability that could be exploited by attackers to change DNS settings on some of its routers. DrayTek confirmed to be aware that hackers are attempting […]
Pierluigi Paganini
May 18, 2018
A New Mexico man admitted being responsible for DDoS attacks against the websites of former employers, business competitors, and public services. John Kelsey Gammell, 55, from New Mexico has been sentenced to 15 years in prison for launching distributed denial-of-service (DDoS) attacks on dozens of organizations and for firearms-related charges. The man used popular ‘services of […]
Pierluigi Paganini
May 18, 2018
While a new variant of the dreaded Mirai botnet, so-called Wicked Mirai, emerged in the wild the operators of the Mirai Satori botnet appear very active. Experts observed hackers using the Satori botnet to mass-scan the Internet for exposed Ethereum mining pools, they are scanning for devices with port 3333 exposed online. The port 3333 is a port […]
