Pierluigi Paganini
May 23, 2017
Yahoobleed – Yahoo retired the ImageMagick library after flaw leaked sensitive data, including credentials and e-mail attachments. Supply chain risks are realized when a negative impact to one of your suppliers has a negative impact on your business. If you are a manufacturer, an outage to a component supplier could prevent you from manufacturing; if you […]
Pierluigi Paganini
May 23, 2017
A security expert discovered a new worm, dubbed EternalRocks, that exploits the EternalBlue flaw to spread itself like WannaCry ransomware. The security expert Miroslav Stampar, a member of the Croatian Government CERT, has discovered a new worm, dubbed EternalRocks, that exploits the EternalBlue flaw in the SMB protocol to spread itself like the popular WannaCry ransomware. […]
Pierluigi Paganini
May 21, 2017
According to Forbes, the dreaded WannaCry ransomware has infected medical devices in at least two hospitals in the United States. WannaCry infected 200,000 computers across 150 countries in a matter of hours last week, it took advantage of a tool named “Eternal Blue”, originally created by the NSA, which exploited a vulnerability present inside the earlier […]
Pierluigi Paganini
May 21, 2017
Security experts at threat intelligence firm Record Future have found a clear link between APT3 cyber threat group and China’s Ministry of State Security. The curtain has been pulled back a little on the Chinese Intelligence Agency intelligence gathering structure — and it includes private security contractors and the network vendor supply chain. In 2010, […]
Pierluigi Paganini
May 19, 2017
Wikileaks released the documentation for the Athena Spyware, a malware that could infect and remote control almost any Windows machine. Last Friday, Wikileaks released the documentation for AfterMidnight and Assassin malware platforms, today the organization leaked a new batch of the CIA Vault 7 dump that includes the documentation related to a spyware framework dubbed Athena /Hera. The […]
Pierluigi Paganini
May 19, 2017
The new WordPress 4.7.5 release fixes six security vulnerabilities affecting version 4.7.4 and earlier, including XSS, CSRF, SSRF flaws. The WordPress 4.7.5 release patches six vulnerabilities affecting version 4.7.4 and earlier. The latest version addresses cross-site scripting (XSS), cross-site request forgery (CSRF), and server-side request forgery (SSRF) flaws. Below the list of the security issues fixed […]
Pierluigi Paganini
May 19, 2017
A security researcher developed a tool called wanadecrypt to restore encrypted files from Windows XP PCs infected by the WannaCry ransomware. The WannaCry ransomware made the headlines with the massive attack that hit systems worldwide during the weekend. The malicious code infected more than 200,000 computers across 150 countries in a matter of hours, it leverages the Windows […]
Pierluigi Paganini
May 18, 2017
Nearly 17 million Zomato usernames and hashed passwords have been stolen by hackers., the company suspects it is an insider’s job. Nearly 17 million Zomato usernames and hashed passwords have been stolen by hackers. Zomato is the Indian largest online restaurant guide, the company confirmed data breach announcing that hackers have stolen accounts details of […]
Pierluigi Paganini
May 18, 2017
An Italian expert discovered a critical Improper Authentication vulnerability affecting the UBER platform that allowed password reset for any account. The Italian security expert Vincenzo C. Aka @Procode701 has discovered 7 months ago a critical vulnerability in UBER platform that allowed password reset for any Uber account. The researcher reported the ‘Improper Authentication’ vulnerability through the company […]
Pierluigi Paganini
May 18, 2017
Joomla maintainers released a fix for a critical SQL injection flaw, tracked as CVE-2017-8917, that can be exploited by a remote attacker to hijack websites On Wednesday Joomla maintainers released a fix for a critical SQL injection vulnerability, tracked as CVE-2017-8917, that can be easily exploited by a remote attacker to obtain sensitive data and hijack websites. The vulnerability […]
