Post

Visualizzazione dei post da marzo, 2017

Point-and-pwn tool for posers dumbs down ransomware spreading

https://www.theregister.co.uk/2017/03/31/point_click_ransomware/

The Clever ‘DoubleAgent’ Attack Turns Antivirus Into Malware

https://www.wired.com/2017/03/clever-doubleagent-attack-turns-antivirus-malware/

WONTFIX: No patch for Windows Server 2003 IIS critical bug – Microsoft

https://www.theregister.co.uk/2017/03/31/microsoft_wont_patch_server_2003/

Detecting and mitigating elevation-of-privilege exploit for CVE-2017-0005

https://blogs.technet.microsoft.com/mmpc/?p=11695

Potent LastPass exploit underscores the dark side of password managers

https://arstechnica.com/security/2017/03/potent-lastpass-exploit-underscores-the-dark-side-of-password-managers/

Hackers suben pornografía infantil al ordenador del presidente checo

http://www.elmundo.es/f5/comparte/2017/03/27/58d8fedcca47414f2e8b465b.html

Internet Information Services (IIS) 6.0 WebDAV - 'ScStoragePathFromUrl' Buffer Overflow

https://www.exploit-db.com/exploits/41738/

Attackers Leverage Excel, PowerShell and DNS in Latest Non-Malware Attack

https://www.carbonblack.com/2017/03/15/attackers-leverage-excel-powershell-dns-latest-non-malware-attack/

Cisco WebEx Browser Extension Remote Code Execution Vulnerability

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170124-webex

Microsoft Outlook, Skype, OneDrive hit by another authentication issue

http://www.zdnet.com/article/microsoft-outlook-skype-onedrive-hit-by-another-authentication-issue/

Moodle – Remote Code Execution

http://netanelrub.in/2017/03/20/moodle-remote-code-execution/

Researchers found two Safari Zero Day Exploits at Pwn2Own

http://www.ehackingnews.com/2017/03/researchers-found-two-safari-zero-day.html

Long-Secret Stingray Manuals Detail How Police Can Spy on Phones

https://theintercept.com/2016/09/12/long-secret-stingray-manuals-detail-how-police-can-spy-on-phones/

A simple command allows the CIA to commandeer 318 models of Cisco switches

https://arstechnica.com/security/2017/03/a-simple-command-allows-the-cia-to-commandeer-318-models-of-cisco-switches/

Ransomware scammers exploited Safari bug to extort porn-viewing iOS users

https://arstechnica.com/security/2017/03/ransomware-scammers-exploited-safari-bug-to-extort-porn-viewing-ios-users/

WONTFIX: No patch for Windows Server 2003 IIS critical bug – Microsoft • The Register

https://www.theregister.co.uk/2017/03/31/microsoft_wont_patch_server_2003/

Recruiters considered really harmful: Devs on GitHub hit with booby-trapped fake job emails • The Register

https://www.theregister.co.uk/2017/03/30/github_devs_malware_mails/

Exclusive: A criminal group using SSH TCP direct forward attack is also targeting Italian infrastructure

http://securityaffairs.co/wordpress/56864/cyber-crime/ssh-tcp-direct-forward.html

Vulnerability found in Service module of Drupal

http://www.ehackingnews.com/2017/03/vulnerability-found-in-service-module.html

An insecure mess: How flawed JavaScript is turning web into a hacker's playground

http://www.zdnet.com/article/an-insecure-mess-how-flawed-javascript-is-turning-web-into-a-hackers-playground/

Dahua, Hikvision IoT Devices Under Siege

https://krebsonsecurity.com/2017/03/dahua-hikvision-iot-devices-under-siege/

Preinstalled Malware Targeting Mobile Users

http://blog.checkpoint.com/2017/03/10/preinstalled-malware-targeting-mobile-users/

How I found a $5,000 Google Maps XSS (by fiddling with Protobuf)

https://medium.com/@marin_m/how-i-found-a-5-000-google-maps-xss-by-fiddling-with-protobuf-963ee0d9caff

Critical vulnerability under “massive” attack imperils high-impact sites [Updated]

https://arstechnica.com/security/2017/03/critical-vulnerability-under-massive-attack-imperils-high-impact-sites/

Detenido en Tenerife un 'hacker' por robar información fiscal de familiares del Rey Juan Carlos

http://www.elmundo.es/espana/2017/03/10/58c2d551268e3e42148b467b.html

Content-Type: Malicious - New Apache 0-day Under Attack

http://blog.talosintelligence.com/2017/03/apache-0-day-exploited.html

Security Vulnerability in McDonald's India allows hackers to access Customer data

http://www.ehackingnews.com/2017/03/security-vulnerability-in-mcdonalds.html

Everyone Is Falling For This Frighteningly Effective Gmail Scam

http://fortune.com/2017/01/18/google-gmail-scam-phishing/

Google Points to Another POS Vendor Breach

https://krebsonsecurity.com/2017/03/google-points-to-another-pos-vendor-breach/

Millions of records leaked from huge US corporate database

http://www.zdnet.com/article/millions-of-records-leaked-from-huge-corporate-database/

Twitter Accounts Hacked with Swastikas Through Third Party App 'Twitter Counter'

http://gizmodo.com/twitter-accounts-hacked-with-swastikas-through-third-pa-1793286451

In-the-wild exploits ramp up against high-impact sites using Apache Struts

https://arstechnica.com/security/2017/03/in-the-wild-exploits-ramp-up-against-high-impact-sites-using-apache-struts/

Detecting and eliminating Chamois, a fraud botnet on Android

https://security.googleblog.com/2017/03/detecting-and-eliminating-chamois-fraud.html

Nintendo Switch’s secret browser has a flaw that could lead to a jailbreak

http://www.theverge.com/circuitbreaker/2017/3/14/14921138/nintendo-switch-exploit-jailbreak-webkit-vulnerability

Slack bug granted hackers full access to your account and messages

https://thenextweb.com/apps/2017/03/01/slack-bug-hackers-steal-account/

Hacking Unicorns with Web Bluetooth

https://www.contextis.com/resources/blog/hacking-unicorns-web-bluetooth/

Hackers who took control of PC microphones siphon >600 GB from 70 targets

https://arstechnica.com/security/2017/02/hackers-who-took-control-of-pc-microphones-siphon-600-gb-from-70-targets/

Hackers could easily bypass SBI's OTP security

http://www.ehackingnews.com/2017/02/hackers-could-easily-bypass-sbis-otp.html

A Chip Flaw Strips Away Hacking Protections for Millions of Devices

https://www.wired.com/2017/02/flaw-millions-chips-strips-away-key-hacking-defense-software-cant-fully-fix/

63 Universities and US Government agencies breached by hacker

http://www.ehackingnews.com/2017/02/63-universities-and-us-government.html

Ransomware scammers exploited Safari bug to extort porn-viewing iOS users

https://arstechnica.com/security/2017/03/ransomware-scammers-exploited-safari-bug-to-extort-porn-viewing-ios-users/

Multiple vulnerabilities found in Wireless IP Camera (P2P) WIFICAM cameras and vulnerabilities in http server

https://pierrekim.github.io/advisories/2017-goahead-camera-0x00.txt

Payments Giant Verifone Investigating Breach

https://krebsonsecurity.com/2017/03/payments-giant-verifone-investigating-breach/

Cybercrime, l'allarme di Bankitalia: un'impresa su tre sotto attacco

http://www.ilsole24ore.com/art/notizie/2017-03-05/cybercrime-allarme-bankitalia-impresa-tre-sotto-attacco-125237.shtml

UK’s largest hospital chain hit by previously unseen malware

http://www.ehackingnews.com/2017/03/uks-largest-hospital-chain-hit-by.html

Singapore’s Defence Ministry hit by 1st cyber attack

http://www.ehackingnews.com/2017/03/singapores-defence-ministry-hit-by-1st.html

Bitcoin hotel hack victim speaks out

https://www.thelocal.at/20170131/bitcoin-hotel-hack-victim-speaks-out

Dishwasher has directory traversal bug • The Register

https://www.theregister.co.uk/2017/03/26/miele_joins_internetofst_hall_of_shame/

GiftGhostBot scares up victims' gift-card cash with brute-force attacks • The Register

https://www.theregister.co.uk/2017/03/24/giftghostbot_harvests_giftcard_creds/

Did you know: Crimelords behind DDoS attacks offer customer loyalty points?

https://www.theregister.co.uk/2017/03/24/ddos_attack_business_models/

Amazing new WikiLeaks CIA bombshell: Agents can install software on Apple Macs, iPhones right in front of them • The Register

https://www.theregister.co.uk/2017/03/23/wikileaks_cia_darkmatter_vault_7/

Malware 'disguised as Siemens firmware drills into 10 industrial plants'

https://www.theregister.co.uk/2017/03/22/malware_siemens_plc_firmware/

Swearing Trojan Continues to Rage, Even After Authors’ Arrest | Check Point Blog

http://blog.checkpoint.com/2017/03/21/swearing-trojan-continues-rage-even-authors-arrest/

Russian mastermind of $500m bank-raiding Citadel coughs to crimes • The Register

https://www.theregister.co.uk/2017/03/22/russian_citadel_malware_pleads_guilty/

New bug lets hackers temporarily kill your Google Nest Cam - TechRepublic

http://www.techrepublic.com/article/new-bug-lets-hackers-temporarily-kill-your-google-nest-cam/

Microsoft's 'Application Verifier' bug-finder is easily pwnable • The Register

https://www.theregister.co.uk/2017/03/22/microsoft_application_verifier_security_problems/

World's worst botnet fiends switch from ransomware to stock scam spam • The Register

https://www.theregister.co.uk/2017/03/21/necurs_botnet_spam_surge/

What should password managers not do? Leak your passwords? What a great idea, LastPass • The Register

https://www.theregister.co.uk/2017/03/21/lastpass_vulnerabilities/

Nest CCTV cameras can be easily blacked out by Bluetooth burglars • The Register

https://www.theregister.co.uk/2017/03/21/nest_security_cameras_bluetooth_burglar/

Cisco reports bug disclosed in Wikileaks' Vault 7 CIA dump • The Register

https://www.theregister.co.uk/2017/03/19/cisco_goes_public_with_its_first_vault7_response/

Ubiquiti network gear can be 'hijacked by an evil URL' – thanks to its 20-year-old PHP build

https://www.theregister.co.uk/2017/03/16/ubiquiti_networking_php_hole/

UK's Association of British Travel Agents cops to data breach • The Register

https://www.theregister.co.uk/2017/03/16/abta_breach_data/

Dormant Linux kernel vulnerability finally slayed • The Register

https://www.theregister.co.uk/2017/03/16/linux_kernel_vuln/

Why are creepy SS7 cellphone spying flaws still unfixed after years, ask Congresscritters • The Register

https://www.theregister.co.uk/2017/03/15/ss7_cellphone_spying_flaw_still_unfixed/

WhatsApp blind-sided by booby-trapped photo vulnerability • The Register

https://www.theregister.co.uk/2017/03/15/booby_trapped_photo_whatsapp_telegram_risk/

Government websites pair up to host Apple ID phishing attack | Netcraft

https://news.netcraft.com/archives/2017/03/15/government-websites-pair-up-to-host-apple-id-phishing-attack.html

Boffins Rickroll smartphone by tickling its accelerometer • The Register

https://www.theregister.co.uk/2017/03/15/boffins_rickroll_smartphone_by_tickling_its_accelerometer/

Twitter app pwned by pro-Turkey hackers: Users' accounts sling 'Nazi' slurs • The Register

https://www.theregister.co.uk/2017/03/15/twitter_app_hack/

Hyper-V guest escape, drive-by PDF pwnage, Office holes, SMB flaws – and more now patched • The Register

https://www.theregister.co.uk/2017/03/15/microsoft_massive_patch_tuesday_bundle/

Hackers who took control of PC microphones siphon >600 GB from 70 targets

https://arstechnica.com/security/2017/02/hackers-who-took-control-of-pc-microphones-siphon-600-gb-from-70-targets/

Hackers could easily bypass SBI's OTP security

http://www.ehackingnews.com/2017/02/hackers-could-easily-bypass-sbis-otp.html

A Chip Flaw Strips Away Hacking Protections for Millions of Devices

https://www.wired.com/2017/02/flaw-millions-chips-strips-away-key-hacking-defense-software-cant-fully-fix/

63 Universities and US Government agencies breached by hacker

http://www.ehackingnews.com/2017/02/63-universities-and-us-government.html

Google and Mozilla's message to AV and security firms: Stop trashing HTTPS | ZDNet

http://www.zdnet.com/article/google-and-mozillas-message-to-av-and-security-firms-stop-trashing-https/

Vulnerability in Microsoft SMBv3 protocol crashes Windows PCs

http://www.infoworld.com/article/3165231/microsoft-windows/vulnerability-in-microsoft-smbv3-protocol-crashes-windows-pcs.html

Telepresence robot 'hackable' – security researchers • The Register

https://www.theregister.co.uk/2017/03/13/telepresence_robot_hackable/

MAC randomization: A massive failure that leaves iPhones, Android mobes open to tracking • The Register

https://www.theregister.co.uk/2017/03/10/mac_address_randomization/

Oops! 185,000-plus Wi-Fi cameras on the web with insecure admin panels • The Register

https://www.theregister.co.uk/2017/03/09/185000_wifi_cameras_naked_on_net/

That CIA exploit list in full: The good, the bad, and the very ugly

https://www.theregister.co.uk/2017/03/08/cia_exploit_list_in_full/

We found a hidden backdoor in Chinese Internet of Things devices – researchers • The Register

https://www.theregister.co.uk/2017/03/02/chinese_iot_kit_backdoor_claims/

WordPress photo plugin opens 'a million sites' to SQLi database feasting • The Register

https://www.theregister.co.uk/2017/03/01/wordpress_nextgen_gallery_sqli/

Online shops plundered by bank card-stealing malware after bungling backend Aptos hacked • The Register

https://www.theregister.co.uk/2017/03/01/aptos_craptos_security/