Pierluigi Paganini
September 11, 2017
The security researcher Pierre Kim has discovered ten critical zero-day vulnerabilities in D-Link DIR 850L routers and invites users to stop using them. The security researcher Pierre Kim has discovered ten critical zero-day vulnerabilities in routers from networking equipment manufacturer D-Link that open owners to cyber attacks. The flawed devices are the D-Link DIR 850L wireless AC1200 dual-band […]
Pierluigi Paganini
August 25, 2017
Zerodium payouts include up to $500,000 for RCE and privilege escalation vulnerabilities affecting popular instant messaging and email applications. The zero-day and exploit broker Zerodium, founded by former VUPEN co-founder Chaouki Bekrar, offers $500,000 for a zero-day exploit in secure messaging Messaging (i.e. such as WhatsApp, Signal, Facebook Messenger, iMessage, Telegram, WeChat, Viber) and Email […]
Pierluigi Paganini
August 22, 2017
Experts found two critical zero-day flaws in the Foxit PDF Reader that could be exploited by attackers to execute arbitrary code on a targeted computer Security researchers have discovered two critical zero-day vulnerabilities in the popular Foxit Reader application that could be exploited by attackers to execute arbitrary code on a targeted computer, if not […]
Pierluigi Paganini
July 20, 2017
The Tor Project announced the launch of a public bug bounty program. Bug hunters can earn between $2,000 and $4,000 for high severity flaws. It’s official, the Tor Project announced the launch of a public bug bounty program through the HackerOne platform, the initiative was possible with support from the Open Technology Fund. “With support from the […]
Pierluigi Paganini
May 12, 2017
The popular Vanilla Forums software is still affected by a critical remote code execution zero-day first reported to the development team in December 2016. The exploit code was published by ExploitBox, a remote attacker can chain the flaw with the Host Header injection vulnerability CVE-2016-10073 to execute arbitrary code and take the control of the affected […]
Pierluigi Paganini
May 10, 2017
Microsoft Patch Tuesday for May 2017 address tens security vulnerabilities, including a number of zero-day flaws exploited by Russian APT groups. Microsoft Patch Tuesday updates for May 2017 fix more than 50 security flaws, including a number of zero-day vulnerabilities exploited by Russian APT groups. Microsoft released security updates for Windows, Internet Explorer, Edge, Office, […]
Pierluigi Paganini
May 08, 2017
Hackers at the Google Project Zero team have discovered another critical Windows RCE vulnerability, the worst Windows RCE in recent memory. Security experts at Google Project Zero team have discovered another critical remote code execution (RCE) vulnerability in Microsoft Windows OS, but this time the hackers defined it as the worst Windows RCE in recent memory. […]
Pierluigi Paganini
April 21, 2017
A new report published by Kaspersky confirms that Stuxnet exploits targeting a Windows Shell Vulnerability is still widely adopted by threat actors. The case that I’m going to present to you demonstrates the importance of patch management and shows the effects of the militarization of cyberspace. Unpatched software is an easy target for hackers that can exploit […]
Pierluigi Paganini
April 14, 2017
Cisco issued two “critical” security advisories, one for Cisco IOS and Cisco IOS XE Software, another for a flaw affecting Apache Struts 2. Today Cisco issued two “critical” security advisories, the first one for Cisco IOS and Cisco IOS XE Software, the second one for the recently discovered flaw affecting Apache Struts 2. The vulnerability […]
Pierluigi Paganini
April 12, 2017
Today Microsoft Patch Tuesday fixed the zero-day Word vulnerability that has been actively exploited in attacks in the wild. Microsoft today patched the zero-day Word vulnerability that has been exploited in attacks in the wild. Just yesterday I wrote about a phishing campaign leveraging the flaw to deliver the Dridex banking Trojan. Microsoft published security […]
