venerdì, aprile 14, 2017

Linux remote root bug menace: Make sure your servers, PCs, gizmos, Android kit are patched • The Register

DTMF replay phreaked out the Dallas tornado alarm, say researchers • The Register

Booby-trapped Word documents in the wild exploit critical Microsoft 0-day

How I hacked my IP camera, and found this backdoor account

Hacking the Aldi IP CCTV Camera (part 2) | Pen Test Partners

Nifty XSS in Annke SP1 HD wireless camera | Pen Test Partners

Multiple vulnerabilities found in Wireless IP Camera (P2P) WIFICAM cameras and vulnerabilities in custom http server - A slice of Kimchi - IT Security Blog

Microsoft Word 0-day used to push dangerous Dridex malware on millions

Hackers use FAFSA application to steal tax info

How I Hacked my Smart TV from My Bed via a Command Injection

Callisto Group hackers targeted Foreign Office data

Five Inmates Built Two PCs and Hacked a Prison From Within

venerdì, marzo 31, 2017

Point-and-pwn tool for posers dumbs down ransomware spreading

The Clever ‘DoubleAgent’ Attack Turns Antivirus Into Malware

WONTFIX: No patch for Windows Server 2003 IIS critical bug – Microsoft

Detecting and mitigating elevation-of-privilege exploit for CVE-2017-0005

Potent LastPass exploit underscores the dark side of password managers

Hackers suben pornografía infantil al ordenador del presidente checo

Internet Information Services (IIS) 6.0 WebDAV - 'ScStoragePathFromUrl' Buffer Overflow

Attackers Leverage Excel, PowerShell and DNS in Latest Non-Malware Attack

Cisco WebEx Browser Extension Remote Code Execution Vulnerability

Microsoft Outlook, Skype, OneDrive hit by another authentication issue

Moodle – Remote Code Execution

Researchers found two Safari Zero Day Exploits at Pwn2Own

Long-Secret Stingray Manuals Detail How Police Can Spy on Phones

A simple command allows the CIA to commandeer 318 models of Cisco switches

Ransomware scammers exploited Safari bug to extort porn-viewing iOS users

mercoledì, marzo 29, 2017

Recruiters considered really harmful: Devs on GitHub hit with booby-trapped fake job emails • The Register

Exclusive: A criminal group using SSH TCP direct forward attack is also targeting Italian infrastructure

Vulnerability found in Service module of Drupal

An insecure mess: How flawed JavaScript is turning web into a hacker's playground

Dahua, Hikvision IoT Devices Under Siege

Preinstalled Malware Targeting Mobile Users

How I found a $5,000 Google Maps XSS (by fiddling with Protobuf)

Critical vulnerability under “massive” attack imperils high-impact sites [Updated]

Detenido en Tenerife un 'hacker' por robar información fiscal de familiares del Rey Juan Carlos

Content-Type: Malicious - New Apache 0-day Under Attack

Security Vulnerability in McDonald's India allows hackers to access Customer data

Everyone Is Falling For This Frighteningly Effective Gmail Scam

Google Points to Another POS Vendor Breach

Millions of records leaked from huge US corporate database

Twitter Accounts Hacked with Swastikas Through Third Party App 'Twitter Counter'

In-the-wild exploits ramp up against high-impact sites using Apache Struts

Detecting and eliminating Chamois, a fraud botnet on Android

Nintendo Switch’s secret browser has a flaw that could lead to a jailbreak

Slack bug granted hackers full access to your account and messages

Hacking Unicorns with Web Bluetooth

Hackers who took control of PC microphones siphon >600 GB from 70 targets

Hackers could easily bypass SBI's OTP security

A Chip Flaw Strips Away Hacking Protections for Millions of Devices

63 Universities and US Government agencies breached by hacker

Ransomware scammers exploited Safari bug to extort porn-viewing iOS users

Multiple vulnerabilities found in Wireless IP Camera (P2P) WIFICAM cameras and vulnerabilities in http server

Payments Giant Verifone Investigating Breach

Cybercrime, l'allarme di Bankitalia: un'impresa su tre sotto attacco

UK’s largest hospital chain hit by previously unseen malware

Singapore’s Defence Ministry hit by 1st cyber attack

Bitcoin hotel hack victim speaks out

mercoledì, febbraio 08, 2017

Revealed: Malware that skulks in memory, invisibly collecting sysadmins' passwords • The Register

Stolen Passwords Fuel Cardless ATM Fraud

Honeywell SCADA Controllers Exposed Passwords in Clear Text

Ransomware killed 70% of Washington DC CCTV ahead of inauguration

D-Link sucks so much at Internet of Suckage security – US watchdog

Japan Reports over 300 Ransomware Attacks on Smart TVs This Year

Changing other people's flight bookings is too easy

Thousands of bogus certs issued after GoDaddy bug blunder

Hotel ransomed by hackers as guests locked out of rooms

How Hackers Could Have Pwned You With a Nasty Steam Bug - Motherboard