Security Affairs

Pierluigi Paganini June 11, 2019
How Ursnif Evolves to Keep Threatening Italy

For months the Italian users have been targeted by waves of malspam delivering infamous Ursnif variants, Yoroi-Cybaze ZLab detailed its evolution. Introduction For months the Italian users have been targeted by waves of malspam delivering infamous Ursnif variants. Yoroi-Cybaze ZLab closely observed these campaigns and analyzed them to track the evolution of the techniques and […]

Pierluigi Paganini June 11, 2019
MuddyWater APT group updated its multi-stage PowerShell backdoor Powerstats

The MuddyWater cyber espionage group has used an updated multi-stage PowerShell backdoor in recent cyber attacks. Security experts at Trend Micro report that the MuddyWater APT group (aka SeedWorm and TEMP.Zagros), has used an updated multi-stage PowerShell backdoor in recent cyber espionage campaigns. The first MuddyWater campaign was observed in late 2017 when targeted entities in the Middle East. The experts called […]

Pierluigi Paganini June 11, 2019
CVE-2019-2725 Oracle WebLogic flaw exploited in cryptojacking campaign

The CVE-2019-2725 vulnerability in Oracle WebLogic recently, addressed by the company, is being exploited in cryptojacking attacks, Trend Micro reports. Experts at Trend Micro reported that the recently patched CVE-2019-2725 vulnerability in Oracle WebLogic is being exploited in cryptojacking attacks. The flaw is a deserialization remote command execution zero-day vulnerability that affects the Oracle WebLogic wls9_async and wls–wsat components. The […]

Pierluigi Paganini June 10, 2019
CVE-2019-12735 – opening a specially crafted file in Vim or Neovim Editor could compromise your Linux system

Bad news for Linux users, a flaw tracked as CVE-2019-12735 allows to hack their systems by tricking them into opening a specially crafted file in Vim or Neovim Editor. Security expert Armin Razmjou has recently found a high-severity vulnerability (CVE-2019-12735) in Vim and Neovim command-line text editing applications. The vulnerability, tracked as CVE-2019-12735, is classified as an arbitrary OS command […]

Pierluigi Paganini June 10, 2019
CIA sextortion campaign, analysis of a well-organized scam

Crooks are posing as CIA agents in a sextortion campaign, they are sending emails to inform the victims of an investigation into online pedophilia rings. Crooks are posing as CIA agents in a new sextortion campaign, they are sending emails to inform potential victims of an ongoing investigation into online pedophilia rings. Fraudsters are offering […]

Pierluigi Paganini June 10, 2019
Retro video game website Emuparadise suffered a data breach

Retro video game website Emuparadise revealed to have suffered a data breach that exposed 1.1 Million accounts back in April 2018. Emuparadise is a website that offers tons of roms, isos and retro video games, users can download and play them with an emulator or play them with the web browser. The security breach occurred in […]

Pierluigi Paganini June 10, 2019
Spain extradites 94 Taiwanese to China phone and online fraud charges

Spanish authorities extradited 94 Taiwanese to China to face telephone and online fraud charges, Taiwan’s Foreign Ministry expressed a strong regret. Spain extradited 94 Taiwanese to China to face telephone and online fraud charges, the indicted were transferred via plane by officials. “The suspects arrived Friday morning at Beijing airport on a chartered flight. Footage […]

Pierluigi Paganini June 09, 2019
Millions of Exim mail servers vulnerable to cyber attacks

Millions of Exim mail servers are exposed to attacks due to a critical vulnerability that makes it possible for unauthenticated remote attackers to execute arbitrary commands. A critical vulnerability affects versions 4.87 to 4.91 of the Exim mail transfer agent (MTA) software. The flaw could be exploited by unauthenticated remote attackers to execute arbitrary commands […]

Pierluigi Paganini June 09, 2019
Security Affairs newsletter Round 217 – News of the week

A new round of the weekly SecurityAffairs newsletter arrived! The best news of the week with Security Affairs. Kindle Edition Paper Copy Once again thank you! ESET analyzes Turla APTs usage of weaponized PowerShell Leicester City Football Club disclosed a card breach ProtonMail denies that it spies on users for government agencies Expert shows how […]

Pierluigi Paganini June 09, 2019
Critical RCE affects older Diebold Nixdorf ATMs

Automated teller machine vendor Diebold Nixdorf has released security updates to address a remote code execution vulnerability in older ATMs. Diebold Nixdorf discovered a remote code execution vulnerability in older ATMs and is urging its customers in installing security updates it has released to address the flaw. The vulnerability affects older Opteva model ATMs, Diebold Nixdorf […]