Pierluigi Paganini
September 21, 2018
Cybercriminals have stolen 6.7 billion yen ($60 million) worth of cryptocurrencies from the Japanese digital currency exchange Zaif exchange. According to the Tech Bureau Corp., a Japanese cryptocurrency firm, hackers have compromised its Zaif exchange and have stolen 6.7 billion yen ($60 million) worth of cryptocurrencies, including Bitcoin, Monacoin, and Bitcoin Cash. The stole digital currencies […]
Pierluigi Paganini
September 20, 2018
Sustes Malware doesn’t infect victims by itself, but it is spread via brute-force activities with special focus on IoT and Linux servers. Today I’d like to share a simple analysis based on a fascinating threat that I like to call Sustes (you will see name genesis in a bit). Everybody knows Monero cryptocurrency and probably everybody knows […]
Pierluigi Paganini
September 20, 2018
The US State Department confirmed that hackers breached one of its email systems, the attack potentially exposed personal information of some of its employees. The incident seems to have affected less than 1% of employee inboxes, 600-700 employees out of 69,000 people. “The Department recently detected activity of concern in its unclassified email system, affecting less […]
Pierluigi Paganini
September 20, 2018
Magecart hackers have stolen customers’ credit card data from the computer hardware and consumer electronics retailer Newegg. The Magecart cybercrime group is back, this time the hackers have stolen customers’ credit card data from the computer hardware and consumer electronics retailer Newegg. Magecart is active since at least 2015, recently the group hacked the websites of Ticketmaster, British Airways, and Feedify […]
Pierluigi Paganini
September 20, 2018
Adobe releases a critical out-of-band patch for CVE-2018-12848 Acrobat flaw, the security updates address a total of 7 vulnerabilities. Adobe address seven vulnerability in Acrobat DC and Acrobat Reader DC, including one critical vulnerability that could be exploited by attackers to execute arbitrary code. “Adobe has released security updates for Adobe Acrobat and Reader for Windows […]
Pierluigi Paganini
September 19, 2018
Security experts at Flashpoint discovered the availability of the access to over 3,000 compromised sites sold on Russian black marketplace MagBo A new report published by researchers at Flashpoint revealed the availability on an underground hacking forum for Russian-speaking users of access to over 3,000 breached websites. “Access to approximately 3,000 breached websites has been discovered for […]
Pierluigi Paganini
September 19, 2018
Experts at the CSE Cybsec Z-Lab have found a Gafgyt variant implementing the VanillaUPX technique recently presented in a cybersecurity conference A new variant of the Gafgyt botnet is spreading in the last hours and experts of the CSE Cybsec Z-Lab have found it with the support of the Italian cyber security experts @Odisseus and GranetMan. The new […]
Pierluigi Paganini
September 19, 2018
Three men who admitted to being the authors of the Mirai botnet avoided the jail after helping the FBI in other cybercrime investigations. I’m following the evolution of Mirai botnet since MalwareMustDie shared with me the findings of its investigation in August 2016. Now three individuals who admitted to being the authors of the infamous botnet avoided the […]
Pierluigi Paganini
September 19, 2018
Security experts from Kaspersky have published an interesting report on the new trends in the IoT threat landscape. What is infecting IoT devices and how? The researchers set up a honeypot to collect data on infected IoT devices, the way threat actors infect IoT devices and what families of malware are involved. The first data that emerged […]
Pierluigi Paganini
September 19, 2018
An authentication bypass vulnerability in Western Digital My Cloud NAS could allow hackers to access the content of the storage Researchers at security firm Securify have discovered an elevation of privilege vulnerability in the Western Digital My Cloud platform that could be exploited by attackers to gain admin-level access to the device via an HTTP request. The flaw, […]
