Pierluigi Paganini
April 03, 2020
An authenticated stored cross-site scripting (XSS) vulnerability could allow attackers to create rogue admins on WordPress sites using Contact Form 7 Datepicker plugin. Administrators of WordPress sites using the Contact Form 7 Datepicker plugin are recommended to remove or deactivate it to prevent attackers from exploiting a stored cross-site scripting (XSS) vulnerability to create rogue […]
Pierluigi Paganini
April 02, 2020
An APT group is exploiting the flaws patched earlier this year in Firefox and Internet Explorer in attacks aimed at China and Japan. An APT group is exploiting two vulnerabilities patched earlier this year in Firefox and Internet Explorer in attacks aimed at China and Japan. The first issue, tracked as CVE-2019-17026, affects the Firefox […]
Pierluigi Paganini
April 02, 2020
Microsoft is sending notifications to dozens of hospitals about vulnerable VPN devices and gateways exposed online in their network. Microsoft is warning dozens of hospitals of the risks of ransomware attacks due to insecure VPN devices and gateways exposed online. Recently Microsoft has published details about human-operated ransomware attacks that targeted organizations in various industries. […]
Pierluigi Paganini
April 01, 2020
The popular Zoom app is under scrutiny, experts have discovered a vulnerability that could be exploited to steal users’ Windows passwords. Experts warn of a ‘UNC path injection’ flaw that could be exploited by remote attackers to steal login credentials from Windows systems. Security experts and privacy advocates believe that the Zoom is an efficient […]
Pierluigi Paganini
April 01, 2020
Researchers found a piece of Raccoon Stealer that abuse of Google Cloud Services and leverages multiple delivery techniques. Racoon malware (aka Legion, Mohazo, and Racealer) is an info-stealer that recently appeared in the threat landscape that is advertised in hacking forums. The malware is cheap compared to similar threats, it is able to steal sensitive data from about […]
Pierluigi Paganini
April 01, 2020
Researchers spotted a campaign using Excel files to spread LimeRAT malware using the 8-year-old and well-known VelvetSweatshop bug. Researchers at the Mimecast Threat Center spotted a new campaign using Excel files to spread LimeRAT malware using the 8-year-old VelvetSweatshop bug. LimeRAT is a powerful Remote Administration Tool publicly available as an open-source project on Github, it […]
Pierluigi Paganini
March 31, 2020
A critical privilege escalation flaw in the WordPress SEO Plugin – Rank Math plugin can allow registered users to gain administrator privileges. Defiant’s Wordfence Threat Intelligence team discovered a critical privilege escalation vulnerability in the WordPress SEO Plugin – Rank Math plugin that could allow attackers to give administrator privileges to any registered user. Rank […]
Pierluigi Paganini
March 31, 2020
Security expert Bob Diachenko discovered that 42 million Iranian ‘Telegram’ user IDs and phone numbers have been leaked online. Comparitech along with the popular researcher Bob Diachenko discovered 42 million Iranian ‘Telegram’ user IDs and phone numbers online. The accounts belong to Iranian users, they are from a third-party version of the Telegram app. Telegram […]
Pierluigi Paganini
March 30, 2020
Online communication platforms such as Zoom are essential instruments at the time of Coronavirus outbreak, and crooks are attempting to exploit their popularity. The Coronavirus outbreak is changing our habits and crooks are attempting to take advantage of the popularity of online communication platforms such as Zoom that are used by businesses, school classrooms and […]
Pierluigi Paganini
March 30, 2020
Voter information for 4,934,863 Georgians has been published on a hacker forum over the weekend. According to the data breach notification service Under the Breach, on Saturday a file containing voter information for more than 4.9 million Georgians, including deceased citizens, has been published on a hacking forum. Georgia has 3.7 million citizens, but the voting […]
