venerdì, aprile 14, 2017

Linux remote root bug menace: Make sure your servers, PCs, gizmos, Android kit are patched • The Register

https://www.theregister.co.uk/2017/04/14/new_critical_linux_kernel_flaw/

DTMF replay phreaked out the Dallas tornado alarm, say researchers • The Register

https://www.theregister.co.uk/2017/04/13/dtmf_replay_phreaked_out_the_dallas_tornado_alarm_say_researchers/

Booby-trapped Word documents in the wild exploit critical Microsoft 0-day

https://arstechnica.com/security/2017/04/booby-trapped-word-documents-in-the-wild-exploit-critical-microsoft-0day/

How I hacked my IP camera, and found this backdoor account

https://jumpespjump.blogspot.com/2015/09/how-i-hacked-my-ip-camera-and-found.html

Hacking the Aldi IP CCTV Camera (part 2) | Pen Test Partners

https://www.pentestpartners.com/blog/hacking-the-aldi-ip-cctv-camera-part-2/

Nifty XSS in Annke SP1 HD wireless camera | Pen Test Partners

https://www.pentestpartners.com/blog/nifty-xss-in-annke-sp1-hd-wireless-camera/

Multiple vulnerabilities found in Wireless IP Camera (P2P) WIFICAM cameras and vulnerabilities in custom http server - A slice of Kimchi - IT Security Blog

https://pierrekim.github.io/blog/2017-03-08-camera-goahead-0day.html

Microsoft Word 0-day used to push dangerous Dridex malware on millions

https://arstechnica.com/security/2017/04/microsoft-word-0day-used-to-push-dangerous-dridex-malware-on-millions/

Hackers use FAFSA application to steal tax info

http://money.cnn.com/2017/04/07/technology/hackers-irs-fafsa-data/index.html

How I Hacked my Smart TV from My Bed via a Command Injection

https://www.netsparker.com/blog/web-security/hacking-smart-tv-command-injection/

Callisto Group hackers targeted Foreign Office data

http://www.bbc.com/news/technology-39588703

Five Inmates Built Two PCs and Hacked a Prison From Within

https://www.bleepingcomputer.com/news/security/five-inmates-built-two-pcs-and-hacked-a-prison-from-within/

venerdì, marzo 31, 2017

Point-and-pwn tool for posers dumbs down ransomware spreading

https://www.theregister.co.uk/2017/03/31/point_click_ransomware/

The Clever ‘DoubleAgent’ Attack Turns Antivirus Into Malware

https://www.wired.com/2017/03/clever-doubleagent-attack-turns-antivirus-malware/

WONTFIX: No patch for Windows Server 2003 IIS critical bug – Microsoft

https://www.theregister.co.uk/2017/03/31/microsoft_wont_patch_server_2003/

Detecting and mitigating elevation-of-privilege exploit for CVE-2017-0005

https://blogs.technet.microsoft.com/mmpc/?p=11695

Potent LastPass exploit underscores the dark side of password managers

https://arstechnica.com/security/2017/03/potent-lastpass-exploit-underscores-the-dark-side-of-password-managers/

Hackers suben pornografía infantil al ordenador del presidente checo

http://www.elmundo.es/f5/comparte/2017/03/27/58d8fedcca47414f2e8b465b.html

Internet Information Services (IIS) 6.0 WebDAV - 'ScStoragePathFromUrl' Buffer Overflow

https://www.exploit-db.com/exploits/41738/

Attackers Leverage Excel, PowerShell and DNS in Latest Non-Malware Attack

https://www.carbonblack.com/2017/03/15/attackers-leverage-excel-powershell-dns-latest-non-malware-attack/

Cisco WebEx Browser Extension Remote Code Execution Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170124-webex

Microsoft Outlook, Skype, OneDrive hit by another authentication issue

http://www.zdnet.com/article/microsoft-outlook-skype-onedrive-hit-by-another-authentication-issue/

Moodle – Remote Code Execution

http://netanelrub.in/2017/03/20/moodle-remote-code-execution/

Researchers found two Safari Zero Day Exploits at Pwn2Own

http://www.ehackingnews.com/2017/03/researchers-found-two-safari-zero-day.html

Long-Secret Stingray Manuals Detail How Police Can Spy on Phones

https://theintercept.com/2016/09/12/long-secret-stingray-manuals-detail-how-police-can-spy-on-phones/

A simple command allows the CIA to commandeer 318 models of Cisco switches

https://arstechnica.com/security/2017/03/a-simple-command-allows-the-cia-to-commandeer-318-models-of-cisco-switches/

Ransomware scammers exploited Safari bug to extort porn-viewing iOS users

https://arstechnica.com/security/2017/03/ransomware-scammers-exploited-safari-bug-to-extort-porn-viewing-ios-users/

mercoledì, marzo 29, 2017

Recruiters considered really harmful: Devs on GitHub hit with booby-trapped fake job emails • The Register

https://www.theregister.co.uk/2017/03/30/github_devs_malware_mails/

Exclusive: A criminal group using SSH TCP direct forward attack is also targeting Italian infrastructure

http://securityaffairs.co/wordpress/56864/cyber-crime/ssh-tcp-direct-forward.html

Vulnerability found in Service module of Drupal

http://www.ehackingnews.com/2017/03/vulnerability-found-in-service-module.html

An insecure mess: How flawed JavaScript is turning web into a hacker's playground

http://www.zdnet.com/article/an-insecure-mess-how-flawed-javascript-is-turning-web-into-a-hackers-playground/

Dahua, Hikvision IoT Devices Under Siege

https://krebsonsecurity.com/2017/03/dahua-hikvision-iot-devices-under-siege/

Preinstalled Malware Targeting Mobile Users

http://blog.checkpoint.com/2017/03/10/preinstalled-malware-targeting-mobile-users/

How I found a $5,000 Google Maps XSS (by fiddling with Protobuf)

https://medium.com/@marin_m/how-i-found-a-5-000-google-maps-xss-by-fiddling-with-protobuf-963ee0d9caff

Critical vulnerability under “massive” attack imperils high-impact sites [Updated]

https://arstechnica.com/security/2017/03/critical-vulnerability-under-massive-attack-imperils-high-impact-sites/

Detenido en Tenerife un 'hacker' por robar información fiscal de familiares del Rey Juan Carlos

http://www.elmundo.es/espana/2017/03/10/58c2d551268e3e42148b467b.html

Content-Type: Malicious - New Apache 0-day Under Attack

http://blog.talosintelligence.com/2017/03/apache-0-day-exploited.html

Security Vulnerability in McDonald's India allows hackers to access Customer data

http://www.ehackingnews.com/2017/03/security-vulnerability-in-mcdonalds.html

Everyone Is Falling For This Frighteningly Effective Gmail Scam

http://fortune.com/2017/01/18/google-gmail-scam-phishing/

Google Points to Another POS Vendor Breach

https://krebsonsecurity.com/2017/03/google-points-to-another-pos-vendor-breach/

Millions of records leaked from huge US corporate database

http://www.zdnet.com/article/millions-of-records-leaked-from-huge-corporate-database/

Twitter Accounts Hacked with Swastikas Through Third Party App 'Twitter Counter'

http://gizmodo.com/twitter-accounts-hacked-with-swastikas-through-third-pa-1793286451

In-the-wild exploits ramp up against high-impact sites using Apache Struts

https://arstechnica.com/security/2017/03/in-the-wild-exploits-ramp-up-against-high-impact-sites-using-apache-struts/

Detecting and eliminating Chamois, a fraud botnet on Android

https://security.googleblog.com/2017/03/detecting-and-eliminating-chamois-fraud.html

Nintendo Switch’s secret browser has a flaw that could lead to a jailbreak

http://www.theverge.com/circuitbreaker/2017/3/14/14921138/nintendo-switch-exploit-jailbreak-webkit-vulnerability

Slack bug granted hackers full access to your account and messages

https://thenextweb.com/apps/2017/03/01/slack-bug-hackers-steal-account/

Hacking Unicorns with Web Bluetooth

https://www.contextis.com/resources/blog/hacking-unicorns-web-bluetooth/

Hackers who took control of PC microphones siphon >600 GB from 70 targets

https://arstechnica.com/security/2017/02/hackers-who-took-control-of-pc-microphones-siphon-600-gb-from-70-targets/

Hackers could easily bypass SBI's OTP security

http://www.ehackingnews.com/2017/02/hackers-could-easily-bypass-sbis-otp.html

A Chip Flaw Strips Away Hacking Protections for Millions of Devices

https://www.wired.com/2017/02/flaw-millions-chips-strips-away-key-hacking-defense-software-cant-fully-fix/

63 Universities and US Government agencies breached by hacker

http://www.ehackingnews.com/2017/02/63-universities-and-us-government.html

Ransomware scammers exploited Safari bug to extort porn-viewing iOS users

https://arstechnica.com/security/2017/03/ransomware-scammers-exploited-safari-bug-to-extort-porn-viewing-ios-users/

Multiple vulnerabilities found in Wireless IP Camera (P2P) WIFICAM cameras and vulnerabilities in http server

https://pierrekim.github.io/advisories/2017-goahead-camera-0x00.txt

Payments Giant Verifone Investigating Breach

https://krebsonsecurity.com/2017/03/payments-giant-verifone-investigating-breach/

Cybercrime, l'allarme di Bankitalia: un'impresa su tre sotto attacco

http://www.ilsole24ore.com/art/notizie/2017-03-05/cybercrime-allarme-bankitalia-impresa-tre-sotto-attacco-125237.shtml

UK’s largest hospital chain hit by previously unseen malware

http://www.ehackingnews.com/2017/03/uks-largest-hospital-chain-hit-by.html

Singapore’s Defence Ministry hit by 1st cyber attack

http://www.ehackingnews.com/2017/03/singapores-defence-ministry-hit-by-1st.html

Bitcoin hotel hack victim speaks out

https://www.thelocal.at/20170131/bitcoin-hotel-hack-victim-speaks-out

mercoledì, febbraio 08, 2017

Revealed: Malware that skulks in memory, invisibly collecting sysadmins' passwords • The Register

https://www.theregister.co.uk/2017/02/08/hidden_malware_menaces_enterprises/

Stolen Passwords Fuel Cardless ATM Fraud

https://krebsonsecurity.com/2017/01/stolen-passwords-fuel-cardless-atm-fraud/

Honeywell SCADA Controllers Exposed Passwords in Clear Text

https://threatpost.com/honeywell-scada-controllers-exposed-passwords-in-clear-text/123562/

Ransomware killed 70% of Washington DC CCTV ahead of inauguration

https://www.theregister.co.uk/2017/01/30/ransomware_killed_70_of_washington_dc_cctv_ahead_of_inauguration/

D-Link sucks so much at Internet of Suckage security – US watchdog

https://www.theregister.co.uk/2017/01/06/ftc_files_suit_over_dlink_security/

Japan Reports over 300 Ransomware Attacks on Smart TVs This Year

http://technewshunter.com/apple/japan-reports-over-300-ransomware-attacks-on-smart-tvs-this-year-28452/

Changing other people's flight bookings is too easy

http://www.computerworld.com/article/3153694/security/changing-other-peoples-flight-bookings-is-too-easy.html

Thousands of bogus certs issued after GoDaddy bug blunder

http://www.itnews.com.au/news/thousands-of-bogus-certs-issued-after-godaddy-bug-blunder-447178

Hotel ransomed by hackers as guests locked out of rooms

http://www.thelocal.at/20170128/hotel-ransomed-by-hackers-as-guests-locked-in-rooms

How Hackers Could Have Pwned You With a Nasty Steam Bug - Motherboard

https://motherboard.vice.com/en_us/article/how-hackers-could-have-pwned-you-with-a-nasty-steam-bug