Pierluigi Paganini
March 03, 2017
Researchers from Cisco Talos team spotted a new strain of malware that leverages PowerShell scripts to fetch commands from DNS TXT records. Malware researchers at Cisco Talos have published a detailed analysis on a targeted attack leveraging a weaponized Microsoft Word document that is spread in spam emails as an attachment. The malicious code used in the […]
Pierluigi Paganini
March 03, 2017
According to Cloudflare, an initial analysis conducted its experts reveals that no personal data was leaked due to the CloudBleed issue. On February 17 the Google Project Zero researcher Tavis Ormandy disclosed a serious bug in Cloudflare infrastructure, so-called Cloudbleed. Ormandy discovered that Cloudflare was leaking a wide range of sensitive information, including authentication cookies […]
Pierluigi Paganini
March 03, 2017
Security experts at Trustwave have discovered a hidden backdoor in Internet of Things devices manufactured by the Chinese firm DblTek. Researchers from Trustwave have discovered a backdoor in IoT devices manufactured by a Chinese vendor that is refusing to fix it. The backdoored devices are produced by the VoIP firm Dbltek, the researchers speculate the backdoor was […]
Pierluigi Paganini
March 02, 2017
A flaw in Cisco NetFlow Generation Appliance tracked as CVE-2017-3826, could be exploited by an unauthenticated, remote attacker to cause a DoS condition. “A vulnerability in the Stream Control Transmission Protocol (SCTP) decoder of the Cisco NetFlow Generation Appliance (NGA) could allow an unauthenticated, remote attacker to cause the device to hang or unexpectedly reload, causing a denial […]
Pierluigi Paganini
March 02, 2017
The researcher East-Ee Security devised a proof of concept bypass of the Google’s reCaptcha V2 verification system dubbed ReBreakCaptcha. East-Ee Security proposed a proof of concept bypass of the Google’s reCaptcha V2 verification system dubbed ReBreakCaptcha. The PoC uses the Google web-based tools for its purpose. According to the author, ReBreakCaptcha “lets you easily bypass […]
Pierluigi Paganini
March 02, 2017
Good news for the victims of the Dharma Ransomware, someone has released the alleged Master Keys on the BleepingComputer.com forums. The alleged Master Keys for the Dharma Ransomware has been released by someone on BleepingComputer.com forums. A member using the online moniker ‘gektar‘ published a post containing a Pastebin link to a header file in C programming […]
Pierluigi Paganini
March 01, 2017
More than 1 million WordPress website are at risk due to a critical SQL injection vulnerability in the NextGEN Gallery plugin. Update it asap. Security experts at Sucuri firm have identified a SQL injection flaw in the WordPress image gallery NextGEN Gallery that could be exploited by a remote to gain access to the targeted website’s backend, including sensitive […]
Pierluigi Paganini
March 01, 2017
Zscaler has fixed persistent XSS vulnerabilities affecting Zscaler Cloud management software that allow logged attackers to hack coworkers. Serious cross-site scripting (XSS) flaws in the Zscaler Cloud management software could be exploited by attackers to inject malicious HTML and JavaScript into the browsers of other users who visit the portal. In order to exploit the flaws, the attacker […]
Pierluigi Paganini
March 01, 2017
Malware author are using Dridex v4 in the wild, an improved version of the Trojan that includes a new injection method known as AtomBombing. According to researchers with IBM X-Force, vxers have improved the Dridex banking Trojan adding a new injection method for evading detection, the technique is known as AtomBombing. The researchers have spotted […]
Pierluigi Paganini
February 28, 2017
The Singaporean Defence Ministry confirmed that threat actors have breached government systems stealing personal information of its employees. On Tuesday, the Defence Ministry confirmed that unknown hackers have breached government system and have stolen personal information belonging about 850 Singapore national servicemen and employees. Data accessed by hackers includes telephone numbers, dates of birth, and national […]
