venerdì, marzo 31, 2017

Point-and-pwn tool for posers dumbs down ransomware spreading

https://www.theregister.co.uk/2017/03/31/point_click_ransomware/

The Clever ‘DoubleAgent’ Attack Turns Antivirus Into Malware

https://www.wired.com/2017/03/clever-doubleagent-attack-turns-antivirus-malware/

WONTFIX: No patch for Windows Server 2003 IIS critical bug – Microsoft

https://www.theregister.co.uk/2017/03/31/microsoft_wont_patch_server_2003/

Detecting and mitigating elevation-of-privilege exploit for CVE-2017-0005

https://blogs.technet.microsoft.com/mmpc/?p=11695

Potent LastPass exploit underscores the dark side of password managers

https://arstechnica.com/security/2017/03/potent-lastpass-exploit-underscores-the-dark-side-of-password-managers/

Hackers suben pornografía infantil al ordenador del presidente checo

http://www.elmundo.es/f5/comparte/2017/03/27/58d8fedcca47414f2e8b465b.html

Internet Information Services (IIS) 6.0 WebDAV - 'ScStoragePathFromUrl' Buffer Overflow

https://www.exploit-db.com/exploits/41738/

Attackers Leverage Excel, PowerShell and DNS in Latest Non-Malware Attack

https://www.carbonblack.com/2017/03/15/attackers-leverage-excel-powershell-dns-latest-non-malware-attack/

Cisco WebEx Browser Extension Remote Code Execution Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170124-webex

Microsoft Outlook, Skype, OneDrive hit by another authentication issue

http://www.zdnet.com/article/microsoft-outlook-skype-onedrive-hit-by-another-authentication-issue/

Moodle – Remote Code Execution

http://netanelrub.in/2017/03/20/moodle-remote-code-execution/

Researchers found two Safari Zero Day Exploits at Pwn2Own

http://www.ehackingnews.com/2017/03/researchers-found-two-safari-zero-day.html

Long-Secret Stingray Manuals Detail How Police Can Spy on Phones

https://theintercept.com/2016/09/12/long-secret-stingray-manuals-detail-how-police-can-spy-on-phones/

A simple command allows the CIA to commandeer 318 models of Cisco switches

https://arstechnica.com/security/2017/03/a-simple-command-allows-the-cia-to-commandeer-318-models-of-cisco-switches/

Ransomware scammers exploited Safari bug to extort porn-viewing iOS users

https://arstechnica.com/security/2017/03/ransomware-scammers-exploited-safari-bug-to-extort-porn-viewing-ios-users/

mercoledì, marzo 29, 2017

Recruiters considered really harmful: Devs on GitHub hit with booby-trapped fake job emails • The Register

https://www.theregister.co.uk/2017/03/30/github_devs_malware_mails/

Exclusive: A criminal group using SSH TCP direct forward attack is also targeting Italian infrastructure

http://securityaffairs.co/wordpress/56864/cyber-crime/ssh-tcp-direct-forward.html

Vulnerability found in Service module of Drupal

http://www.ehackingnews.com/2017/03/vulnerability-found-in-service-module.html

An insecure mess: How flawed JavaScript is turning web into a hacker's playground

http://www.zdnet.com/article/an-insecure-mess-how-flawed-javascript-is-turning-web-into-a-hackers-playground/

Dahua, Hikvision IoT Devices Under Siege

https://krebsonsecurity.com/2017/03/dahua-hikvision-iot-devices-under-siege/

Preinstalled Malware Targeting Mobile Users

http://blog.checkpoint.com/2017/03/10/preinstalled-malware-targeting-mobile-users/

How I found a $5,000 Google Maps XSS (by fiddling with Protobuf)

https://medium.com/@marin_m/how-i-found-a-5-000-google-maps-xss-by-fiddling-with-protobuf-963ee0d9caff

Critical vulnerability under “massive” attack imperils high-impact sites [Updated]

https://arstechnica.com/security/2017/03/critical-vulnerability-under-massive-attack-imperils-high-impact-sites/

Detenido en Tenerife un 'hacker' por robar información fiscal de familiares del Rey Juan Carlos

http://www.elmundo.es/espana/2017/03/10/58c2d551268e3e42148b467b.html

Content-Type: Malicious - New Apache 0-day Under Attack

http://blog.talosintelligence.com/2017/03/apache-0-day-exploited.html

Security Vulnerability in McDonald's India allows hackers to access Customer data

http://www.ehackingnews.com/2017/03/security-vulnerability-in-mcdonalds.html

Everyone Is Falling For This Frighteningly Effective Gmail Scam

http://fortune.com/2017/01/18/google-gmail-scam-phishing/

Google Points to Another POS Vendor Breach

https://krebsonsecurity.com/2017/03/google-points-to-another-pos-vendor-breach/

Millions of records leaked from huge US corporate database

http://www.zdnet.com/article/millions-of-records-leaked-from-huge-corporate-database/

Twitter Accounts Hacked with Swastikas Through Third Party App 'Twitter Counter'

http://gizmodo.com/twitter-accounts-hacked-with-swastikas-through-third-pa-1793286451

In-the-wild exploits ramp up against high-impact sites using Apache Struts

https://arstechnica.com/security/2017/03/in-the-wild-exploits-ramp-up-against-high-impact-sites-using-apache-struts/

Detecting and eliminating Chamois, a fraud botnet on Android

https://security.googleblog.com/2017/03/detecting-and-eliminating-chamois-fraud.html

Nintendo Switch’s secret browser has a flaw that could lead to a jailbreak

http://www.theverge.com/circuitbreaker/2017/3/14/14921138/nintendo-switch-exploit-jailbreak-webkit-vulnerability

Slack bug granted hackers full access to your account and messages

https://thenextweb.com/apps/2017/03/01/slack-bug-hackers-steal-account/

Hacking Unicorns with Web Bluetooth

https://www.contextis.com/resources/blog/hacking-unicorns-web-bluetooth/

Hackers who took control of PC microphones siphon >600 GB from 70 targets

https://arstechnica.com/security/2017/02/hackers-who-took-control-of-pc-microphones-siphon-600-gb-from-70-targets/

Hackers could easily bypass SBI's OTP security

http://www.ehackingnews.com/2017/02/hackers-could-easily-bypass-sbis-otp.html

A Chip Flaw Strips Away Hacking Protections for Millions of Devices

https://www.wired.com/2017/02/flaw-millions-chips-strips-away-key-hacking-defense-software-cant-fully-fix/

63 Universities and US Government agencies breached by hacker

http://www.ehackingnews.com/2017/02/63-universities-and-us-government.html

Ransomware scammers exploited Safari bug to extort porn-viewing iOS users

https://arstechnica.com/security/2017/03/ransomware-scammers-exploited-safari-bug-to-extort-porn-viewing-ios-users/

Multiple vulnerabilities found in Wireless IP Camera (P2P) WIFICAM cameras and vulnerabilities in http server

https://pierrekim.github.io/advisories/2017-goahead-camera-0x00.txt

Payments Giant Verifone Investigating Breach

https://krebsonsecurity.com/2017/03/payments-giant-verifone-investigating-breach/

Cybercrime, l'allarme di Bankitalia: un'impresa su tre sotto attacco

http://www.ilsole24ore.com/art/notizie/2017-03-05/cybercrime-allarme-bankitalia-impresa-tre-sotto-attacco-125237.shtml

UK’s largest hospital chain hit by previously unseen malware

http://www.ehackingnews.com/2017/03/uks-largest-hospital-chain-hit-by.html

Singapore’s Defence Ministry hit by 1st cyber attack

http://www.ehackingnews.com/2017/03/singapores-defence-ministry-hit-by-1st.html

Bitcoin hotel hack victim speaks out

https://www.thelocal.at/20170131/bitcoin-hotel-hack-victim-speaks-out