NSA

Pierluigi Paganini October 26, 2017
Kaspersky: Hackers used backdoored MS Office key-gen to steal NSA exploits

According to Kaspersky, the PC was hacked after the NSA employee installed a backdoored key generator for a pirated copy of Microsoft Office. More details emerge from the story of the hack of the Kaspersky antivirus that allowed Russian intelligence to stole secret exploits from the personal PC of the NSA staffer. The PC was […]

Pierluigi Paganini October 22, 2017
A leaked document raises a doubt about NSA knew the #Krack attack since 2010

An NSA leaked document about the BADDECISION hacking tool raises the doubt about National Security Agency knew the Krack attack since 2010. Security experts are questioning the NSA about the recently disclosed Krack attack the allows an attacker to decrypt information included in protected WPA2 traffic. Security experts believe that the National Security Agency was aware of the […]

Pierluigi Paganini October 06, 2017
Russian spies pilfered data from NSA Contractor’s home PC running a Kaspersky AV

Russian hackers allegedly exploited Kaspersky AV to hack into NSA contractor and steal the NSA exploit code. It complicates Kaspersky’s position. Anonymous sources have claimed Russian intelligence extracted NSA exploits from a US government contractor’s home PC using Kaspersky Lab software. Sources told the Wall Street Journal that a malicious code allowed cyber spies to exfiltrate classified code, […]

Pierluigi Paganini September 23, 2017
Retefe banking Trojan leverages EternalBlue exploit to infect Swiss users

Cyber criminals behind the Retefe banking Trojan have improved it by adding a new component that uses the NSA exploit EternalBlue. ETERNALBLUE is the alleged NSA exploit that made the headlines with DOUBLEPULSAR in the WannaCry attack and NotPetya massive attacks. ETERNALBLUE targets the SMBv1 protocol and it has become widely adopted in the community of malware developers. Investigations on WannaCry, for […]

Pierluigi Paganini September 06, 2017
ShadowBrokers are back demanding nearly $4m and offering 2 dumps per month

The dreaded hacking group ShadowBrokers posted a new message, promising to deliver two data dumps a month as part its monthly dumps. The notorious group ShadowBrokers is back with announcing new interesting changes to their Dump Service. The hackers published a new message on the Steemit platform announcing new changed to their service. “Missing theshadowbrokers? If someone […]

Pierluigi Paganini August 29, 2017
Experts found an undocumented Kill Switch in Intel Management Engine

Security researchers at Positive Technologies have discovered an undocumented configuration setting that disables the Intel Management Engine. Security researchers at Positive Technologies have discovered an undocumented configuration setting that disables the CPU control mechanism Intel Management Engine 11. The Intel Management Engine consists of a microcontroller that works with the Platform Controller Hub chip, in conjunction […]

Pierluigi Paganini August 22, 2017
Fileless cryptocurrency miner CoinMiner uses NSA EternalBlue exploit to spread

A new fileless miner dubbed CoinMiner appeared in the wild, it uses NSA EternalBlue exploit and WMI tool to spread. A new strain of Cryptocurrency Miner dubbed CoinMiner appeared in the wild and according to the experts it is hard to detect and infects Windows PCs via EternalBlue NSA exploit. CoinMiner is a fileless malware that leverages the WMI […]

Pierluigi Paganini August 14, 2017
Rapid7 warns of Remote Desktop Protocol (RDP) exposure for millions of endpoints

According to a new research conducted by experts at Rapid7, there are 4.1 million Windows endpoints exposed online via Remote Desktop Protocol (RDP). The researchers discovered that there are 11 million open 3389/TCP endpoints, and that 4.1 million of them are RDP. “We analyzed the responses, tallying any that appeared to be from RDP speaking […]

Pierluigi Paganini August 11, 2017
APT28 hackers are leveraging NSA Hacking tool to spy on Hotels guests

According to FireEye, the notorious Russia-linked APT28 group is behind an ongoing campaign targeting hotels in several European countries. According to FireEye, the notorious Russia-linked APT28 group (Pawn Storm, Fancy Bear, Sofacy, Sednit and Strontium) is behind an ongoing campaign targeting hotels in several European countries. The researchers observed many attacks targeting the networks of hotels […]

Pierluigi Paganini June 29, 2017
Shadow Brokers sent out first round of exploits and threaten to dox former NSA hacker

Shadow Brokers has sent out the first round of exploits to the subscribers of its service, the hackers also threaten to dox former NSA hacker. In May the notorious Shadow Brokers group announced the launch of a monthly subscription model for its data dumps, 0-Day Exploit Subscriptions goes for $21,000 per month. The group claimed […]