Pierluigi Paganini
August 17, 2021
FireEye Mandiant researchers have discovered a critical vulnerability in the Kalay cloud platform that exposes millions of IoT devices to attacks. Researchers at FireEye’s Mandiant have discovered a critical vulnerability, tracked as CVE-2021-28372, in a core component of the Kalay cloud platform which is used by millions of IoT devices from many vendors. The flaw […]
Pierluigi Paganini
August 17, 2021
Fortinet addresses a command injection vulnerability that can allow attackers to take complete control of servers running vulnerable FortiWeb WAF installs. An authenticated attacker could execute arbitrary commands as the root user on the underlying system via the SAML server configuration page. Experts pointed out that the flaw could be chained with an authentication bypass flaw that […]
Pierluigi Paganini
August 17, 2021
A security researcher discovered that a secret FBI’s terrorist watchlist was accidentally exposed on the internet for three weeks between July 19 and August 9, 2021. The security researcher Bob Diachenko discovered a secret terrorist watchlist with 1.9 million records that were exposed on the internet for three weeks between July 19 and August 9, 2021. In July, […]
Pierluigi Paganini
August 17, 2021
Colonial Pipeline discloses a data breach of the personal information of thousands of individuals after the ransomware attack that took place in May 2021. Colonial Pipeline has started notifying more than 5000 people that had their personal information compromised after a ransomware attack that took place in May. The Colonial Pipeline facility in Pelham, Alabama […]
Pierluigi Paganini
August 16, 2021
T-Mobile confirms a breach after threat actors claimed to have obtained records of 100 million of its customers and offered them for sale. T-Mobile has confirmed a data breach that exposed personal information from over 100 million of its US customers. Yesterday the company announced it launched an investigation into a possible data breach after […]
Pierluigi Paganini
August 16, 2021
T-Mobile is investigating a possible data breach after a threat actor published a post on a forum claiming to be selling the personal data of its customers. New problems for T-Mobile, the company is investigating a possible data breach after that a threat actor has published a post on a hacking forum claiming to be […]
Pierluigi Paganini
August 15, 2021
A job ad published by the UK’s Ministry of Defence has revealed the existence of a previously undisclosed secret SAS mobile hacker team. The existence of a secret SAS mobile hacker squad, named MAB5 and under the control of the Computer Network Operations (CNO) Exploitation, was revealed by a job ad published by the UK’s […]
Pierluigi Paganini
August 15, 2021
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs free for you in your email box. If you want to also receive for free the international press subscribe here. Four years after its takedown, AlphaBay marketplace revamped Classified documents from Lithuanian Ministry of Foreign Affairs are […]
Pierluigi Paganini
August 15, 2021
The Glowworm attack leverages optical emanations from a device’s power indicator LED to recover sounds from connected peripherals and spy on electronic conversations. Boffins from the Ben-Gurion University of the Negev devised a new attack technique, dubbed the “Glowworm attack,” that leverages optical emanations from a device’s power indicator LED to recover sounds from connected […]
Pierluigi Paganini
August 14, 2021
The popular black marketplace AlphaBay is back, four years after law enforcement agencies took down the popular hidden service. The darknet marketplace AlphaBay resurfaced four years after an international operation conducted by law enforcement agencies took down it. AlphaBay was active between 2014 and June 2017, law enforcement seized the marketplace and arrested the administrator Alexandre Cazes (aka “Alpha02/Admin”), […]
