mercoledì, marzo 29, 2017

Exclusive: A criminal group using SSH TCP direct forward attack is also targeting Italian infrastructure

http://securityaffairs.co/wordpress/56864/cyber-crime/ssh-tcp-direct-forward.html

Vulnerability found in Service module of Drupal

http://www.ehackingnews.com/2017/03/vulnerability-found-in-service-module.html

An insecure mess: How flawed JavaScript is turning web into a hacker's playground

http://www.zdnet.com/article/an-insecure-mess-how-flawed-javascript-is-turning-web-into-a-hackers-playground/

Dahua, Hikvision IoT Devices Under Siege

https://krebsonsecurity.com/2017/03/dahua-hikvision-iot-devices-under-siege/

Preinstalled Malware Targeting Mobile Users

http://blog.checkpoint.com/2017/03/10/preinstalled-malware-targeting-mobile-users/

How I found a $5,000 Google Maps XSS (by fiddling with Protobuf)

https://medium.com/@marin_m/how-i-found-a-5-000-google-maps-xss-by-fiddling-with-protobuf-963ee0d9caff

Critical vulnerability under “massive” attack imperils high-impact sites [Updated]

https://arstechnica.com/security/2017/03/critical-vulnerability-under-massive-attack-imperils-high-impact-sites/

Detenido en Tenerife un 'hacker' por robar información fiscal de familiares del Rey Juan Carlos

http://www.elmundo.es/espana/2017/03/10/58c2d551268e3e42148b467b.html

Content-Type: Malicious - New Apache 0-day Under Attack

http://blog.talosintelligence.com/2017/03/apache-0-day-exploited.html

Security Vulnerability in McDonald's India allows hackers to access Customer data

http://www.ehackingnews.com/2017/03/security-vulnerability-in-mcdonalds.html

Everyone Is Falling For This Frighteningly Effective Gmail Scam

http://fortune.com/2017/01/18/google-gmail-scam-phishing/

Google Points to Another POS Vendor Breach

https://krebsonsecurity.com/2017/03/google-points-to-another-pos-vendor-breach/

Millions of records leaked from huge US corporate database

http://www.zdnet.com/article/millions-of-records-leaked-from-huge-corporate-database/

Twitter Accounts Hacked with Swastikas Through Third Party App 'Twitter Counter'

http://gizmodo.com/twitter-accounts-hacked-with-swastikas-through-third-pa-1793286451

In-the-wild exploits ramp up against high-impact sites using Apache Struts

https://arstechnica.com/security/2017/03/in-the-wild-exploits-ramp-up-against-high-impact-sites-using-apache-struts/

Detecting and eliminating Chamois, a fraud botnet on Android

https://security.googleblog.com/2017/03/detecting-and-eliminating-chamois-fraud.html

Nintendo Switch’s secret browser has a flaw that could lead to a jailbreak

http://www.theverge.com/circuitbreaker/2017/3/14/14921138/nintendo-switch-exploit-jailbreak-webkit-vulnerability

Slack bug granted hackers full access to your account and messages

https://thenextweb.com/apps/2017/03/01/slack-bug-hackers-steal-account/

Hacking Unicorns with Web Bluetooth

https://www.contextis.com/resources/blog/hacking-unicorns-web-bluetooth/

Hackers who took control of PC microphones siphon >600 GB from 70 targets

https://arstechnica.com/security/2017/02/hackers-who-took-control-of-pc-microphones-siphon-600-gb-from-70-targets/

Hackers could easily bypass SBI's OTP security

http://www.ehackingnews.com/2017/02/hackers-could-easily-bypass-sbis-otp.html

A Chip Flaw Strips Away Hacking Protections for Millions of Devices

https://www.wired.com/2017/02/flaw-millions-chips-strips-away-key-hacking-defense-software-cant-fully-fix/

63 Universities and US Government agencies breached by hacker

http://www.ehackingnews.com/2017/02/63-universities-and-us-government.html

Ransomware scammers exploited Safari bug to extort porn-viewing iOS users

https://arstechnica.com/security/2017/03/ransomware-scammers-exploited-safari-bug-to-extort-porn-viewing-ios-users/

Multiple vulnerabilities found in Wireless IP Camera (P2P) WIFICAM cameras and vulnerabilities in http server

https://pierrekim.github.io/advisories/2017-goahead-camera-0x00.txt

Payments Giant Verifone Investigating Breach

https://krebsonsecurity.com/2017/03/payments-giant-verifone-investigating-breach/

Cybercrime, l'allarme di Bankitalia: un'impresa su tre sotto attacco

http://www.ilsole24ore.com/art/notizie/2017-03-05/cybercrime-allarme-bankitalia-impresa-tre-sotto-attacco-125237.shtml

UK’s largest hospital chain hit by previously unseen malware

http://www.ehackingnews.com/2017/03/uks-largest-hospital-chain-hit-by.html

Singapore’s Defence Ministry hit by 1st cyber attack

http://www.ehackingnews.com/2017/03/singapores-defence-ministry-hit-by-1st.html

Bitcoin hotel hack victim speaks out

https://www.thelocal.at/20170131/bitcoin-hotel-hack-victim-speaks-out