Pierluigi Paganini
April 29, 2018
Many companies using SAP systems ignore to be impacted by a 13-year-old security configuration that could expose their architecture to cyber attacks. According to the security firm Onapsis, 90 percent SAP systems were impacted by the vulnerability that affects SAP Netweaver and that can be exploited by a remote unauthenticated attacker who has network access […]
Pierluigi Paganini
April 29, 2018
A new round of the weekly SecurityAffairs newsletter arrived! The best news of the week with Security Affairs. Let me inform you that my new book, “Digging in the Deep Web” is online Kindle Edition Paper Copy Once again thank you! · Experts spotted spam campaigns delivering XTRAT and DUNIHI backdoors bundled with the Adwind […]
Pierluigi Paganini
April 29, 2018
This week Mozilla announced that the upcoming Firefox 60 version will implement a new Cross-Site Request Forgery (CSRF) protection by introducing support for the same-site cookie attribute. An attacker can launch a CSRF attack to perform unauthorized activities on a website on behalf of authenticated users, this is possible by tricking victims into visiting a specially crafted webpage. “Cross-Site […]
Pierluigi Paganini
April 29, 2018
Two security experts discovered that the control panel of a Ski lift in Austria was exposed online without any protection. The control panel of a Ski lift in Austria was exposed online, the disconcerting discovery was made on March 16 by the security experts Tim Philipp Schäfers and Sebastian Neef with security organization InternetWache.org. The ski lift is Patscherkofelbahn, a […]
Pierluigi Paganini
April 28, 2018
Bitdefender researcher Marius Tivadar has developed a dodgy NTFS file system image that could trigger a blue-screen-of-death when a mount is attempted on Windows 7 and 10 systems. The Bitdefender expert Marius Tivadar has discovered a vulnerability tied the way Microsoft handles of NTFS filesystem images, he also published a proof-of-concept code on GitHub that could be used to […]
Pierluigi Paganini
April 28, 2018
Weaponized documents are the main ingredient for almost any spam and spear-phishing campaign, let’s see how to steal windows credentials with specially crafted PDF files. Weaponized documents are the main ingredient for almost any spam and spear-phishing campaign. Weaponized PDF files can be used by threat actors to steal Windows credentials, precisely the associated NTLM […]
Pierluigi Paganini
April 27, 2018
Operators behind the Necurs botnet, the world’s largest spam botnet, are currently using a new evasion technique attempting to surprise the unprepared defenses. Necurs is the world’s largest spam botnet, it is composed of millions of infected computers worldwide. Necurs was not active for a long period at the beginning of 2017 and resumed its activity in April […]
Pierluigi Paganini
April 27, 2018
The Dutch National Police shut down the anonymous revenge-porn sharing site Anon-IB, an aggregator website for revenge and child pornography. Dutch Police shut down a Notorious ‘Revenge Porn’ Site Anon-IB, the authorities have arrested three men for stealing explicit pictures of girls and young women from their cloud data. The men are aged 28 to 35 and […]
Pierluigi Paganini
April 27, 2018
A new crimeware kit dubbed the Rubella Macro Builder is rapidly gaining popularity in the cybercriminal underground, experts already spotted its malware in the wild. A new crimeware kit dubbed the Rubella Macro Builder is rapidly gaining popularity in the cybercriminal underground. The Rubella Macro Builder allows crooks to generate a malicious payload for social-engineering […]
Pierluigi Paganini
April 27, 2018
Microsoft has released a new batch of software and microcode updates to address the Spectre flaw (Variant 2). The IT giant has rolled out a new batch of software and microcode security updates to address the Spectre flaw (Variant 2). The Spectre Variant 2, aka CVE-2017-5715, is a branch target injection vulnerability, while the Meltdown and Variant 1 […]
