Pierluigi Paganini
August 08, 2019
Cisco has released security updates to address several vulnerabilities in Cisco Small Business 220 Series Smart Switches. Cisco released security updates to address several vulnerabilities in Cisco Small Business 220 Series Smart Switches, including two critical issues. The most important flaw, tracked as CVE-2019-1913, could be exploited by an unauthenticated, remote attacker to execute arbitrary code with […]
Pierluigi Paganini
August 07, 2019
Security researcher Marco Ramilli presents a comparative analysis of attacks techniques adopted by the Iran-Linked OilRig APT group. Today I’d like to share a comparative analysis of OilRig techniques mutation over time. In particular I will refer to great analyses made by Paloalto UNIT 42 plus my own ones (HERE, HERE, HERE, etc..) and more personal thoughts. I would define this group […]
Pierluigi Paganini
August 07, 2019
The operators behind the recently discovered Echobot botnet added tens of new exploits to infect a broad range of systems worldwide. In June, experts at PaloAlto Networks uncovered a new botnet, dubbed Echobot that is based on the dreaded Mirai botnet. At the time of its discovery, operators added 8 new exploits, but a few weeks later the […]
Pierluigi Paganini
August 07, 2019
Experts discovered a new variant of the Spectre vulnerability (SWAPGS Attack) that affects modern Intel CPUs which leverage speculative-execution, and also some AMD processors. Experts discovered a new Spectre speculative execution flaw (SWAPGS attack), tracked as CVE-2019-1125, that affects all Modern Intel CPUs and some AMD processors. The flaw could be exploited by unprivileged local attackers to access […]
Pierluigi Paganini
August 07, 2019
Security experts discovered a new exploit kit, dubbed Lord Exploit Kit, that is currently targeting vulnerable versions of Adobe Flash Player. Security experts at Malwarebytes have recently discovered a new exploit kit, dubbed Lord Exploit Kit, that is targeting vulnerable versions of Adobe Flash Player The Lord Exploit Kit was first detected by Adrian Luca, […]
Pierluigi Paganini
August 06, 2019
A security expert has published PoC code exploit for a vulnerability in the KDE software framework that is yet to be fixed. The security expert Dominik Penner, aka “@zer0pwn”, has disclosed an unpatched KDE vulnerability on Twitter. “KDE Frameworks is a collection of libraries and software frameworks by KDE readily available to any Qt-based software stacks or applications on multiple operating systems.” The KDE Frameworks is […]
Pierluigi Paganini
August 06, 2019
The FBI published a security advisory to warn of cyber actors using online dating sites to conduct confidence/romance scam and recruit money mules. The FBI published a security advisory to warn of confidence/romance scams turning victims into money mules. The advisory explains that victims are used as part of a money-laundering scheme and act as […]
Pierluigi Paganini
August 06, 2019
CafePress, the popular T-Shirt and merchandise website, suffered a data breach that exposed the personal details of 23 million of their customers. CafePress, the popular T-Shirt and merchandise website, disclosed a data breach that exposed the personal details of 23 million of their customers. The news was publicly reported by the data breach notification service […]
Pierluigi Paganini
August 06, 2019
The experts at Yoroi-Cybaze ZLab discovered a new wave of attacks linked to the cyber espionage campaign tracked as Roma225. Introduction Few months ago we started observing a cyber operation aiming to attack private companies in various business sectors, from automotive to luxury, education, and media/marketing. The attack attribution is still unclear but the large scale of […]
Pierluigi Paganini
August 06, 2019
Researchers discovered two serious flaws, QualPwn bugs, in Qualcomm’s Snapdragon SoC WLAN firmware that could be exploited to hack Android device over the air. Security experts at Tencent Blade, the security elite unit at Tencent, have discovered two severe vulnerabilities, QualPwn bugs, that could “allow attackers to compromise the Android Kernel over-the-air. “QualPwn is a […]
