Pierluigi Paganini
March 15, 2019
While we were thinking about a way to escalate privileges during a pen-test, we discovered that most Windows installations were vulnerable to binary planting. A long time ago, while we were thinking about a way to escalate privileges during a pen-test, we discovered that most Windows installations were vulnerable to binary planting. We contacted Microsoft, but […]
Pierluigi Paganini
March 15, 2019
A new piece of PoS malware appeared in the threat landscape, the malicious code dubbed GlitchPOS has been found on a crimeware forum. The GlitchPOS malware is able to steal credit card numbers (Track1 and Track2) from the memory of the infected system, it uses a regular expression to perform this task. The malicious code […]
Pierluigi Paganini
March 14, 2019
Group-IB, an international company that specializes in preventing cyberattacks, has uncovered a malicious code designed to steal customers’ payment data on seven online stores in the UK and the US. The injected code has been identified as a new JavaScript Sniffer (JS Sniffer), dubbed by Group-IB as GMO. Group-IB Threat Intelligence team first discovered the GMO JS Sniffer on the […]
Pierluigi Paganini
March 14, 2019
Security researcher Simon Scannell from RIPS Technologies, has discovered a new CSRF vulnerability in WordPress, that could potentially lead to remote code execution attacks. The flaw is a cross-site request forgery (CSRF) that resides in the comment section of WordPress that is enabled by default, the issue affects all WordPress versions prior to version 5.1.1. […]
Pierluigi Paganini
March 14, 2019
Experts at security firm Dr. Web revealed that 39% of all existing Counter-Strike 1.6 game servers online are malicious, an attacker is exploiting zero-day flaws in game clients. Bad news for gamers of the popular game Counter-Strike, according to the experts at the security firm Dr. Web, 39% of all existing Counter-Strike 1.6 game servers […]
Pierluigi Paganini
March 13, 2019
One of the zero-day flaws (CVE-2019-0797) patched this week by Microsoft has been exploited in targeted attacks by several threats groups, including FruityArmor and SandCat APT groups. This week, Microsoft released Patch Tuesday security updates for March 2019 that address 64 flaws, including two Windows zero-day vulnerabilities exploited in targeted attacks. One of the flaws, […]
Pierluigi Paganini
March 13, 2019
Security experts at 360 Total Security have discovered a new modular cryptocurrency malware that implements worm capabilities to spread. Security experts at 360 Total Security have discovered a new modular cryptocurrency malware that implements worm capabilities by leveraging known vulnerabilities in servers running ElasticSearch, Hadoop, Redis, Spring, Weblogic, ThinkPHP, and SqlServer. The Monero cryptocurrency miner […]
Pierluigi Paganini
March 13, 2019
Microsoft Patch Tuesday updates for March 2019 address 64 flaws, including two Windows zero-day vulnerabilities exploited in targeted attacks. Microsoft Patch Tuesday updates for March 2019 address 64 vulnerabilities, including two Windows zero-day flaws that have been exploited in targeted attacks. Four of the vulnerabilities addressed by Microsoft were publicly disclosed before fixes were released, […]
Pierluigi Paganini
March 12, 2019
The screen lock feature in the Samsung Galaxy S10 that is based on face recognition can be easily bypassed using a photo or a video of the owner. The discovery was made by users and tech reviewers that demonstrated how to bypass face recognition screen lock implemented in the Samsung Galaxy S10 model. Even if […]
Pierluigi Paganini
March 12, 2019
Adobe Patch Tuesday updates for March 2019 address critical vulnerabilities in Photoshop CC and Digital Editions products. Adobe Patch Tuesday updates for March 2019 address critical flaws in Photoshop CC and Digital Editions products. The updates address a heap overflow issue affecting the Digital Editions ebook reader software, the bug could be exploited by attackers […]
