Google announced to have patched a number of critical vulnerabilities affecting the Nexus devices that lead to the complete hack of the device. Google announced to have patched a critical vulnerability affecting the Nexus devices that could be exploited by an attacker on the same Wi-Fi network. The company confirmed that it is not aware […]

A security expert discovered an authentication bypass vulnerability in both iOS devices that allows thwarting lock screen passcode. The security researcher Benjamin Kunz Mejri from Vulnerability Laboratory has discovered  an authentication bypass-sized hole in both  iPhones and iPads running iOS 8 and iOS 9 that can be exploited by attackers to thwart lock screen passcode. This […]

Experts at Kaspersky Lab have linked a series of cyber attacks started in 2001 to a single threat actor called the Poseidon Group. Experts at Kaspersky Lab have identified a single threat actor behind a long-known campaign of cyberattacks financially motivated. The group of hackers identified by Kaspersky dubbed Poseidon Group attempts to extort money […]

A flaw in Cisco ASA Software could allow an unauthenticated, remote attacker to cause a reload of the affected system or to remotely execute code. It’s a bad period for IT manufacturers, recently the security community has discovered serious and anomalous  vulnerabilities affecting popular products like Juniper equipment and Fortinet Forti OS firewalls. Now, it is now the […]

The IRS detected roughly unauthorized attempts using 464,000 unique SSNs, and 101,000 attempts allowed crooks in generating PINs. The U.S. Internal Revenue Service (IRS) recently confirmed that cyber criminals abused the Electronic Filing PIN application. The Electronic Filing PIN application is running on irs.gov and allows taxpayers to generate a PIN that they can use to file tax […]

Fraudsters operating on the AlphaBay darknet market have deployed a replica of the popular marketplace to steal login credentials from peers. Paul Mutton, security experts at Netcraft, discovered a fake version of the Alphabay Market (pwoah7foa6au2pul.onion), one of the most popular black markets hosted in the dark web. Paul Mutton speculates that fraudsters have deployed […]

UK Police and FBI have arrested a teenager suspected to be Cracka, the hacker who hacked the CIA Director John Brennan. The Federal Bureau of Investigation (FBI) and British law enforcement have identified and arrested a teenage hacker alleged member of the hacking crew “Cracka with Attitude.” The Cracka with Attitude is the group of […]

According to Israel’s Channel 10 Iranian hackers succeeded in gaining access last year to the computer database of a retired Israeli army chief of staff. Many reports published by security firms warn of the increasing threat represented by Iranian hackers. US and Israeli organizations represent a privileged target for these hackers, last year they used stolen private pictures of IDF’s women […]

A security expert discovered a misconfigured MongoDB installation behind a Microsoft’s career portal that exposed visitors to attacks. The security expert Chris Vickery has discovered a new misconfigured MongoDB installation used by a Microsoft’s career portal. The misconfigured MongoDB installation exposed some information and enabled read/write access to the website. The database also included information on other […]

A flaw affecting the Cisco Universal Small Cell devices allows unauthenticated remote users to retrieve devices’ firmware, so Cisco urges patching these systems. Other problems for the IT giant Cisco, the company is asking service providers using its Universal Small Cell solutions to update their systems and install a patch to solve a serious security issue. […]

What happened to some of the APT groups behind clamorous cyber attacks? Why they don’t go dark anymore after being outed, a behavior completely different from the past. I’m sure everyone remembers the Sony attack occurred in 2014, when the US Government blamed the North Korean Government for the attack, materially executed by a hacking […]

Cisco disclosed a DoS vulnerability affecting the IOS software running on the industrial switches belonging to the Industrial Ethernet 2000 Series. Last week I wrote about a vulnerability affecting CISCO Universal Small Cell kits that allows unauthenticated remote users to retrieve devices’ firmware, now another vulnerability is worrying the customers of the IT Giants. The flaw coded […]

Sergey Lozhkin, a security expert at Kaspersky Lab demonstratd how it is easy for hackers to compromise medical devices and critical healthcare infrastructure. The ascent in the Internet of Things (IoT) has left gadgets more associated, yet much of the time more vulnerable, than at any other time. From auto hacking to digital assaults against […]

Researchers at Blue Frost Security firm discovered a flaw in the FireEye Virtual Execution Engine (VXE) that allows an attacker to completely bypass virtualization-based dynamic analysis and whitelist malware. Security researchers at Blue Frost Security have found a high severity vulnerability in FireEye products that allowed an attacker to bypass the company’s detection engine and […]

Researchers at Blue Frost Security firm discovered a flaw in the FireEye Virtual Execution Engine (VXE) that allows an attacker to completely bypass virtualization-based dynamic analysis and whitelist malware. Security researchers at Blue Frost Security have found a high severity vulnerability in FireEye products that allowed an attacker to bypass the company’s detection engine and […]

In a recent investigation case, security researchers at Sucuri revealed that 26,000 different WordPress sites were exploited to launch Layer 7 distributed denial of service (DDoS) attacks. In a recent investigation case, security researchers at Sucuri revealed that 26,000 different WordPress sites were generating a sustained rate of 10,000 to 11,000 HTTPS requests per second […]

The Linux Mint website had been hacked, on Saturday, intruders were able to compromise it and serve malicious ISO of Linux Mint 17.3 Cinnamon edition. The Linux Mint website had been hacked, on Saturday 20th, February, intruders were able to compromise the website serving malicious ISO of Linux Mint 17.3 Cinnamon edition. The disconcerting announcement was made […]

The Linux Mint website had been hacked, on Saturday, intruders were able to compromise it and serve malicious ISO of Linux Mint 17.3 Cinnamon edition. The Linux Mint website had been hacked, on Saturday 20th, February, intruders were able to compromise the website serving malicious ISO of Linux Mint 17.3 Cinnamon edition. The disconcerting announcement was made […]

Anonymous launched a series of cyber attacks against government websites of Saudi Arabia to protest the execution of 47 people, including Mr. Sheikh Nimr Al Nimr. The Anonymous collective is conducting a hacking campaign against the Saudi Arabian Government to protest executions of 47 people. On January 2nd, the Government announced the executions on terrorism charges, among the […]

The FBI must provide details on the network investigative technique used to hack more than 1000 computers in a case involving child pornography. In a case involving child pornography, the FBI was ruled by a judge to provide all the code used to hack the PC of suspects and detailed information related to the procedure […]

According to security experts Russian nation-state hackers are behind cyber espionage campaigns against opposition groups and NGOs in Syria. Russia is behind a cyber espionage campaign against Syrian opposition groups and NGOs, the Kremlin wants to conduct a PSYOP to influence the sentiment of the country on the humanitarian crisis as a diversionary action for its military […]

It is a nightmare for taxpayers according to an IRS bulletin there is a 400 percent surge in tax-related phishing and malware incidents. This year the IRS already reported 1,026 malware and phishing incidents, compared to 254 this time last year. The IRS is warning taxpayers of newer forms of attacks aiming victims into disclosing […]

It is a nightmare for taxpayers according to an IRS bulletin there is a 400 percent surge in tax-related phishing and malware incidents. This year the IRS already reported 1,026 malware and phishing incidents, compared to 254 this time last year. The IRS is warning taxpayers of newer forms of attacks aiming victims into disclosing […]

Mousejack attack – Researchers at Bastille firm demonstrated how to hack computers by exploiting a flaw in many wireless mouse and keyboard dongles. A bogus wireless computer mice and keyboards can be used by threat actors to compromise laptops from up to 100 metres away. The experts demonstrated that the attack, called mousejack attack, is […]

The security expert Troy Hunt discovered that it is possible to remotely control features of a Nissan Leaf via API. The popular security expert Troy Hunt discovered a security vulnerability affecting the API implemented by Nissan to manage the LEAF cars from a mobile device. Other experts have confirmed the existence of the flaw, the vulnerability […]

Cisco has released security updates for the products CISCO ACE 4710 appliance to fix a high severity command injection vulnerability. This week CISCO published a security advisory related a Command Injection Vulnerability (CVE-2016-1297) affecting its product Cisco ACE 4710 Application Control Engine Command. The vulnerability was reported to the company by Jan Kadijk, an expert at Warpnet BV. The […]

Apple has patched more than 60 vulnerabilities affecting the Apple TV, including flaws that can lead to arbitrary code execution and information disclosure. IoT devices are enlarging our attack surface, we are surrounded by devices that manage a huge quantity of information and that could be abused by hackers. Apple has patched more than 60 […]

The journalist Steven Petrow had his computer hacked while on a plane, it was a shocking experience that raises the discussion on privacy. Experts in the aviation industry are spending a significant effort in the attempt of improving cyber security. The news that I’m going to tell you has something of incredible. The American journalist […]

Chinese ISPs (internet service providers) are redirecting users legitimate traffic to malicious websites serving malware and ads. China is know to be not very “ortodox” when talking about freedom on the internet, over the time, it developed numerous projects to monitor users’ activity. The Great Firewall Now three Israeli researchers uncovered that Chinese ISPs (China Telecom […]

The security researchers at FireEye Abdulellah Alsaheel and Raghav Pande have found a way to exploit Microsoft EMET (Enhanced Mitigation Experience Toolkit) to hack itself. The security researchers at FireEye security Abdulellah Alsaheel and Raghav Pande have found a way to exploit the Microsoft security tool Enhanced Mitigation Experience Toolkit to hack itself. The Enhanced Mitigation […]

Security experts presented the DROWN attack that exploits a new critical security vulnerability affecting the OpenSSL. Security experts have discovered a new critical security vulnerability affecting the OpenSSL, it has been estimated that more than 11 Million websites and e-mail services are open to cyber attacks. The new attack, dubbed DROWN (stands for Decrypting RSA with […]

Real pirates have hacked into a shipping company to locate valuable cargo before hijacking vessels in targeted attacks. Technology meets Piracy. The technology is enlarging our surface of attack in a dramatic way, every company in every industry is potentially a target. Let’s discuss today of a singular case that demonstrates it, pirates have hacked into […]

A group of security researchers has devised a new attack scheme to steal cryptographic keys from both Android and iOS devices. A team of security researchers from Tel Aviv University, Technion and The University of Adelaide has elaborated a new attack scheme to steal cryptographic keys from both Android and iOS devices. Last month, the same team […]

An expert presented his study on hijacking high-end drones commonly deployed by government and law enforcement agencies. The researcher Nils Rodday presented at the annual RSA conference in San Francisco the findings of its study on hacking drones. Rodday, who currently at IBM, has conducted his research while working as a graduate researcher at the University of Twente […]

Two major high street banks will change security procedures after journalists  demonstrated how to carry out SIM swap fraud attacks. The BBC reported that two major high street banks will adopt new security measures to protect their customers. The decision to modify the security procedures follows the scoop made by two journalists from BBC Radio […]

Journalist at Gawker received an email by alleged members of Anonymous containing recordings from Donald Trump ‘s voicemail inbox. The Anonymous hacking collective continues its personal battle against Donald Trump, this time hacking the voicemail of the presidential candidate. On Thursday, Gawker received an anonymous email containing recordings from Donald Trump’s voicemail inbox. The recordings […]

A group of security researchers from the Edinburgh Napier University elaborated a new DDoS amplification technique relying on the TFTP protocol. A group of security experts from the Edinburgh Napier University (Boris Sieklik, Richard Macfarlane and Prof. William Buchanan) have discovered a new vector for DDoS amplification attacks. Recently the security community has discovered several ways […]

A large percentage of Android devices is affected by security vulnerabilities that could be exploited by attackers to easily gain a Root Access. According to experts at TrendMicro a large percentage of Android devices in use today is affected by security vulnerabilities that could be exploited by attackers to easily gain a root access. The attack allows an ill-intentioned […]

Unknown hackers have stolen more than $100 million from the Bangladesh Bank account at the US Federal Reserve Bank. According to Bloomberg, the Bangladesh’s Finance Minister Abul Maal Abdul Muhith is accusing the U.S. Federal Reserve for the theft of at least $100 million stolen from the Bangladesh’s account. Bangladesh is threatening the US for a legal […]

A security researcher has devised a new technique to track users by analyzing the mouse movements, even when surfing on the Tor network. While we surf on the Internet we leave an impressive amount of traces that could be used to track our profile and also reveal our identity even we are visiting resources in the darknet. The […]

Investigators suspect the attackers behind the Bangladesh central bank ‘s hack have used a malware to gather information for the Fed’s heist. One of most intriguing stories this week is the hack of the Bangladesh account at the Federal Reserve Bank of New York. The Bangladesh’s Finance Minister Abul Maal Abdul Muhith accused the U.S. Federal Reserve of […]

The patch for the critical Java CVE-2013-5838 vulnerability released by Oracle in 2013 is ineffective and can be easily bypassed. Bad news for Java users, in 2013 Oracle released a patch to fix the CVE-2013-5838 vulnerability, but security experts discovered that it could be easily bypassed to compromise the latest versions of the software. This means […]

G.Razvan Eugen is a 24 year-old Romanian that claims to be the founder of the collective Team GhostShell that hacked numerous entities worldwide. Do you remember the notorious Team GhostShell hacking crew? GhostShell is a group of hacktivists most active in 2012 that targeted systems worldwide, the list of victims is long and includes the FBI, NASA, […]

According to experts at EndPoint security firm, crooks are buying many .om domains to carry on typosquatting attacks. Crooks are buying many .om domains to carry on typosquatting attacks. According to experts at EndPoint security firm, crooks are buying many .om domains with the purpose to fool clumsy users that mistype .om instead of .com […]

Anonymous has declared war on Donald Trump, the hacking collective will start a new powerful campaign starting April 1. The hacktivists have already expressed their disappointment on the presidential candidate’s controversial campaign rhetoric that resulted in a series of  a series of attacks. The attack against Trump started in 2015 when Anonymous defaced the website Trump.com with a […]

Pennsylvania man behind the Fappening case Charged with hacking Apple and Google e-Mail accounts belonging to more than 100 people. The culprit of the popular Fappening case may have a name, the US Department of Justice (DOJ) announced on Tuesday that it charged Ryan Collins, 36, of Pennsylvania for hacking Apple and Google E-Mail accounts […]

Proofpoint has collected evidence of new Carbanak group campaigns.The hackers are targeting banks in the Middle East, the United States and other countries. Security researchers at Proofpoint firm sustain to have collected evidence of new Carbanak group campaigns. This time the hackers are targeting banks in the Middle East, the United States and other countries. Last year, Kaspersky […]

ProtonMail, the world’s largest privacy-focused and encrypted email provider, announced today that the service is leaving beta.     ProtonMail, the world’s largest privacy-focused and encrypted email provider, announced today that the service is leaving beta and will be allowing open registrations for the first time in nearly two years. For the past couple of […]

The Ukranian power blackout has demonstrated the worrying effects of the SCADA hacking, other countries like UK fear similar attacks. All the warnings from security experts throughout the years have unfortunately been disregarded, when it comes to the hackers’ threats in strategical spots, such as that of power generation. As a result, hackers have acted […]

The Anonymous Hacker collective claims to publish Donald Trump’s personal information, including Social Security Number and addresses. Alleged members of the Anonymous collective have leaked Donald Trump’s already public “private” phone numbers and other information online. The hackers have leaked also addresses, including the one of the Palm Beach residence in Florida, and social security […]

The Swiss People’s Party confirmed that they have been the target of hackers who have stolen the personal data of over 50,000 individuals. A group of hackers, which calls itself NSHC, claims to have hacked the Switzerland’s largest party, the conservative Swiss People’s Party (SVP), and stolen the personal data of over 50,000 individuals. The cracked archive […]

The online editions of principal Swedish newspapers were knocked out for several hours by a cyber attack during the weekend. The websites if a Swedish were shut down in the weekend due to an “extremely dangerous and serious” cyber attack. The websites hit by the hackers are the Dagens Nyheter, Svenska Dagbladet, Expressen, Aftonbladet, Dagens Industri, […]

Last week at the CeBIT the Lookout’s Co-Founder and CTO Kevin Mahaffey talked about hacking Tesla Model S providing indications on possible countermeasures. Last week at the CeBIT conference held in Hanover, the Lookout’s Co-Founder and CTO Kevin Mahaffey talked about hacking Tesla Model S providing indications on possible countermeasures. Unfortunately, many security professionals provided […]

Last week at the CeBIT the Lookout’s Co-Founder and CTO Kevin Mahaffey talked about hacking Tesla Model S providing indications on possible countermeasures. Last week at the CeBIT conference held in Hanover, the Lookout’s Co-Founder and CTO Kevin Mahaffey talked about hacking Tesla Model S providing indications on possible countermeasures. Unfortunately, many security professionals provided […]

The Danish intelligence agency PET (Politiets Efterretningstjeneste) plans to start its Danish hacker academy to fight threat actors in the cyberspace. Denmark’s PET (Politiets Efterretningstjeneste), the country’s intelligence agency, announced last week plans to create a government ‘hacker academy’ in response to the need to improve country cyber security. The Danish hacker academy is a […]

Tor Project revealed how the organization has conducted a three-year long work to improve its ability to detect fraudulent software. The experts at the Tor Project are working to improve the resilience of the anonymizing network to cyber attacks, in particular, they aim to quickly detect any surveillance activity conducted by tempering the Tor system. The researchers fear […]

Tor Project revealed how the organization has conducted a three-year long work to improve its ability to detect fraudulent software. The experts at the Tor Project are working to improve the resilience of the anonymizing network to cyber attacks, in particular, they aim to quickly detect any surveillance activity conducted by tempering the Tor system. The researchers fear […]

Developers from Microsoft and Samba Team are working on a security patch to fix a severe vulnerability dubbed Badlock. Developers from Microsoft and Samba are working on a security patch to fix a severe vulnerability that affects almost every version of Windows and Samba. Samba, which is present in nearly all Linux distributions, is a free […]

Security researchers from SentinelOne have discovered a security vulnerability affecting the Apple System Integrity Protection (SIP). Security researcher Pedro Vilaça from SentinelOne has discovered a security vulnerability ( CVE-2016-1757) affecting the Apple System Integrity Protection (SIP). The SIP is a security mechanism implemented by Apple in the OS X El Capitan operating system for the protection of certain […]

#opBrussels – Anonymous has published a new video threatening revenge on the ISIS organization in response to the tragic events in Brussels. Anonymous has published a video threatening revenge on the IS after the tragic events in Brussels. The video shows a spokesman of the hacker collective vowed to track down the members of the […]

Google has issued a new security update for its Chrome 49 that patches a number of flaws, most of them discovered by external researchers. Google has updated Chrome 49 for all the available versions in order to patch several critical vulnerabilities, including the flaw discovered thanks its bounty program that were rewarded with dozen thousands of […]

Japan – The police has found on a server of a company more than 18 million login credentials, 90% of which belongs to customers of Yahoo Japan. The Japanese newspaper The Yomiuri Shimbun reported that the Tokyo’s Metropolitan Police Department has arrested the president and a number of employees at the Tokyo-based Nicchu Shinsei Corp in November. […]

A security researcher has discovered that surveillance cameras sold by more than 70 vendors worldwide were vulnerable to Remote Code Execution (RCE). According to the security researcher Rotem Kerner, surveillance cameras from 70 vendors are vulnerable to Remote Code Execution (RCE). The researcher noticed that the vendors are selling products using the same firmware that is affected […]

The VNC Roulette service is exposing on the Internet thousands of computer systems using insecure and easy to hack VNC connections. CCTV surveillance cameras, medical equipment, electricity generators, desktops, home alarm equipment and many other systems are not properly protected and open on the Internet. Now a website named VNC Roulette is offering a ransom access to […]

PayPal has just fixed a security vulnerability that could have been exploited to send malicious emails to users via its platform. Researchers at security firm Vulnerability Lab have discovered a filter bypass and an application-side input validation vulnerability that allowed attackers to inject malicious code into emails sent by the PayPal platform. “A persistent input validation & mail […]

The United States Marine Corps has launched on March 25th a new hacker support unit named Marine Corps Cyberspace Warfare Group. It is unnecessary to remind the importance of cyber capabilities in the current military environment. Government and military corps are investing to improve their cyber abilities and exploits the immense possibilities offered by the cyberspace […]

Apple failed in fixing the System Integrity Protection security mechanism and the exploits code released by a researcher fits in a Tweet . Last week security media reported a critical privilege escalation flaw (CVE-2016-1757) in the Apple System Integrity Protection (SIP) security mechanism, a vulnerability that was present at the time of the discovery in all the version […]

The IBM expert Nils Rodday revealed how to hack drones with just a $40 hardware from 2 km away by replicating its signals and blocking legitimate operators. At the Black Hat Asia hacking conference, the IBM expert Nils Rodday revealed that hackers can hijack expensive professional drones from 2 km away by replicating its signals and blocking legitimate […]

Experts from Trend Micro have discovered a serious flaw in HID door controllers that could be remotely exploited by hackers to open the doors. Security experts at Trend Micro have discovered a serious flaw in door controllers developed by the HID access control systems manufacturer that could be exploited by hackers to send one malicious UDP request to […]

Officials confirmed that the Hungarian government website came under attack from outside the country. The access to many websites was blocked. The Hungarian Government announced that its computer network was targeted by a major cyber attack that temporarily blocked the access to several websites. The attacks hit the main Hungarian government website and many other sites, including […]

Two of security researchers have shown how hackers can target connected lightbulbs to exfiltrate sensitive data from Air-Gapped networks. Two of security researchers from the Weizmann Institute have shown how hackers can target connected lightbulbs to steal sensitive data from Air-Gapped networks. The two researchers are Adi Shamir, the popular co-inventor of the RSA algorithm, and PHD student […]

US and UK are planning to simulate a cyber attacks on nuclear plants, to test their resilience in the light of the nuclear security summit. In the light of the recent events with the terrorist attacks in Europe, the fear of other similar threats becomes greater by the minute. Coordinates cyber attacks on nuclear plants would […]

Two forensics experts have demonstrated how to abuse the Windows Desired State Configuration (DSC) feature to gain persistence on the compromised machine. At the last Black Hat Asia, the forensics experts Matt Hastings and Ryan Kazanciyan from Tanium have demonstrated how to abuse the Windows Desired State Configuration (DSC) feature to gain persistence on the compromised machine. The DSC […]

The federal bureau of investigation issued an alert related the APT6 state-sponsored hacking group that has compromised the US Government networks for years. The FBI revealed that “a group of malicious cyber actors have compromised and stolen sensitive information from various government and commercial networks” since at least 2011. The alert was published online by AlenVault […]

The federal bureau of investigation issued an alert related the APT6 state-sponsored hacking group that has compromised the US Government networks for years. The FBI revealed that “a group of malicious cyber actors have compromised and stolen sensitive information from various government and commercial networks” since at least 2011. The alert was published online by AlenVault […]

According to the results of an internal review, the US passport and visa Consular Consolidated Database (CCD)  database is open to intrusion. According to the results of an internal review of the US State Department, the Consular Consolidated Database (CCD) is vulnerable to cyber attacks. The State Department considers the CCD as an “unclassified but […]

A new Flash Player zero-day vulnerability (CVE-2016-1019) has been actively exploited by threat actors in attacks against systems running Windows XP and 7. Once again a zero-day vulnerability in the Adobe Flash Player 21.0.0.197 is threatening Internet users worldwide. The news was spread by Adobe that issued a security alert on Tuesday anticipating an imminent […]

Attackers can exploit the flaws in the ARRIS SURFboard cable modems to remotely knock out the device, more than 135 million device open to attacks. The security expert David Longenecker reported security vulnerabilities affecting the popular broadband cable SURFboard modems produced by the ARRIS (formerly Motorola). The ARRIS  SB6141 model is available for sale for around $70 US, […]

According to a report recently issued by the FBI, cyber criminals have pilfered more than $2.3bn from 17,642 victims since 2013 with BEC attacks. According to the FBI, cyber criminals have stolen more than $2.3bn from 17,642 victims since 2013 in BEC attacks. The situation is critical, the number of business email compromise BEC scams continues to increase on […]

A group of boffins discovered vulnerabilities in the reCaptcha systems of Google and Facebook and devised an attack method. The security experts Suphannee Sivakorn, Iasonas Polakis, and Angelos D. Keromytis have devised an attack technique against Facebook and Google reCaptcha. The boffins from the Department of Computer Science at Columbia University have discovered security vulnerabilities […]

Sprout, the cybersecurity firm in Japan has launched BugBounty.jp, which is the first bug bounty program in Japan designed to Japanese companies. Sprout, the cybersecurity firm in Japan has launched BugBounty.jp, which is the first bug bounty platform in Japan designed to Japanese companies easily run bug bounty programs, and get helps from white hat hackers around the […]

A group of security researchers has found a security flaw in the Apple iMessage that exposed chat history and sensitive data with a single click. Recently WhatsApp has introduced the end-to-end encryption to protect its users from eavesdropping, many other companies are adopting the technical improvement, but there are some circumstances that still open their customers to […]

Swedish experts warned of an electronic warfare attack on its air traffic control systems occurred in November. Is it electronic warfare? Swedish experts suspect that the attack on its air traffic control systems last November was operated by Russian nation-state hackers, the Arlanda, Landvetter and Bromma airport reported the major problems. The Swedish experts believe the cyber attacks were […]

VMware issued a security update to fix a critical vulnerability in the VMware Client Integration Plugin, apply it as soon as possible. VMware issued a Security Advisory related to a critical security vulnerability (CVE-2016-2076) in the VMware Client Integration Plugin urging administrators to urgently apply the needed patch. The flaw could be exploited by attackers to […]

Experts at Cisco Systems discovered more than 3 million vulnerable servers exposed on the Internet while scanning for the presence of JBOSS Backdoor According to Cisco Systems, more than 3 million servers exposed on the Internet are potentially open to Samsam ransomware-based attacks because they’re running vulnerable software. Attackers are targeting vulnerabilities in servers to […]

Apple abandons the support for the Windows version of quicktime, everyone should follow Apple’s guidance to uninstall it to avoid attacks. It is official, Apple will no longer provide security updates for the Windows version of the popular QuickTime. It is important to uninstall the product that remains vulnerable to cyber attacks, recently experts discovered […]

The Italian law enforcement corp Carabinieri and the Europol have dismantled an international criminal group responsible for large-scale ATM skimming. Last Week, the Italian law enforcement corp Carabinieri, in a joint operation with the Europol, has dismantled an international criminal group responsible for large-scale ATM skimming, forgery of documents and money laundering. The operation was codenamed […]

New evidence collected by prosecutors shows lottery machines were rigged to generate predictable numbers on specific days of the year. Last year, the security director of a US lottery was discovered hacking the mechanism of the extraction in order to predict the winning tickets. According to new details revealed by The Des Moines Register, the […]

A group of experts at VoidSec used a Grey Box approach to assess the security posture of some important aspects of Avactis PHP Shopping Cart. Avactis is an open source ecommerce Shopping Cart platform most used in US and UK. Security experts from VoidSec analyzed the e-commerce software discovered an impressive number of vulnerabilities. The group of experts […]

IBM Security has warned the WordPress community about a spike in the number of attacks leveraging a specific variant of the PHP C99 Webshell. Security experts at IBM reported a spike in the number of cyber attacks pushing a variant of the popular C99 webshell in February and March, a 45 percent increase compared to the previous period. […]

Experts analyzed a dozen attacks that leveraged on malicious RTF documents created using the same Four Element Sword builder. Security experts at Arbor Networks’ Security Engineering and Response Team (ASERT) have spotted a tool used in advanced persistent threat (APT) attacks against organizations in East Asia. The researchers have analyzed a dozen attacks that leveraged on malicious Rich […]

The Australian government has presented his Cyber Security Strategy and admitted the ability to conduct offensive cyber operations. The Australian Government announced its cyber security strategy that includes AU$230 million spending over four years to improve the resilience to cyber attacks of the national critical infrastructure. The strategy is very complete, it includes defensive aspects […]

The native Windows command-line utility Regsvr32 can be exploited to bypass MS Applocker and run remote code bypassing protection mechanisms. A security researcher recently discovered a vulnerability that may very well reap chaos in the Windows world, it can be used to bypass whitelisting protections such as Microsoft’s AppLocker. The Microsoft digitally-signed binary is a […]

Software reverse engineering is frequently mentioned in several contexts, including many illegal activities. What does it mean? Software reverse engineering is frequently mentioned in the context of illegal activity: the stealing of IP, fraud with software licenses, and so forth. At the same time, reversing has legal applications, the most known of which is malware research. […]

A feature in the Ubuntu 16.04 version could be abused to expose users private data posing a serious threat to their privacy and security. A feature in the last version of Ubuntu, the Ubuntu 16.04 version, could inadvertently expose users private data posing a serious threat to their privacy. According to the open-source software expert […]

The US Government has announced to have launched a series of cyber attacks against the Islamic State coordinated by the Cyber Command. The US Government has launched its cyber offensive against the coordinated by the Cyber Command. The strategy is clear, the use of hacking operations and cyber weapons will aim to destroy computer systems […]

Who are we? Garage4hackers is one of the oldest open information security community for Information Security enthusiast and aspirants on the internet. We started off as an Orkut Community “Hackers Garage” back in 2007 and today we have more than 6K members sharing knowledge across various fields of infosec. “Our mission is to spread Infosec […]

Pro-ISIS hackers belonging to the United Cyber Caliphate issue a kill list that includes dozens of U.S. government personnel. A few days ago, the US Government announced the first attack conducted by the Cyber Command against members of the ISIS online. The US Cyber Command will run hacking operations and use cyber weapons to destroy computer […]

An interview with Pete Herzog, the co-founder and Managing Director of ISECOM, about the Hacker Highschool (HHS) initiative. Today’s teens are in a world with major communication and productivity channels open to them and they don’t have the knowledge to defend themselves against the fraud, identity theft, privacy leaks and other attacks made against them […]

Watch now and learn to Bypass Modern WAF’s Exemplified at XSS in another Series of Garage4hackers Ranchoddas Webcast. Garage4hackers presents Ranchoddas Webcast Series on  Bypassing Modern WAF’s Exemplified At XSS by Rafay Baloch Let me explain you how will you be benefited productively by watching this video. The speaker will start at a very beginner […]

A serious expert discovered a flaw in PwnedList service that could have been exploited to access millions of account credentials managed by the service. A serious vulnerability found in the PwnedList could have been exploited by hackers to gain access to millions of account credentials collected by the service. The service PwnedList allow users to check if […]

Security researchers have discovered multiple flaws in the Samsung Smart Home automation system that could be exploited by remote attackers. Security researchers from the University of Michigan have discovered multiple flaws affecting the Samsung Smart Home automation system that could be exploited by remote attackers for several attacks, including making keys for connecting front door locks. […]

OpenSSL has the patches for six flaws including two high-severity bugs that could allow attackers to decrypt HTTPS traffic and execute malicious code on the server. OpenSSL just released several patches to fix vulnerabilities in the open-source cryptographic library, including a couple of high-severity flaws (CVE-2016-2107, CVE-2016-2108) that could be exploited to decrypt HTTPS Traffic. The CVE-2016-2107 could […]

The Channel 2 journalist and Consumer Investigator Jim Strickland investigated a mysterious car theft after he received home security camera footage showing a car thief in action. The Channel 2 journalist and Consumer Investigator Jim Strickland investigated a mysterious car theft after he received home security camera footage from a viewer in Walton County. It seems […]

Marcel Lehel Lazar also known as Guccifer has admitted the hack of the Hillary Clinton ‘s private email server occurred in 2013. A Romanian hacker has claimed it was ‘easy’ to gain access to Hillary Clinton ’s email server.  Marcel Lehel Lazar, who goes by ‘Guccifer’, recently had a series of interviews with Fox and […]

The Swiss Defense Department was recently victim of a cyber attack, the offensive has come after a presentation on cyber espionage to the FIS. The Swiss Defense Department was recently a victim of a cyber attack, the offensive has come after a presentation on cyber espionage to the Federal Intelligence Service. The cyber attack was announced by […]

Lenovo fixed the Lenovo Solution Center, once again the company faces problems with pre-installed bloatware causing major security problems for users. Lenovo has fixed a security vulnerability in the Lenovo Solution Center (LSC) support tool that could be exploited by attackers to execute code with system privileges and take over the machine. Lenovo Solution Center […]

Three German security researchers have presented a PLC-based worm with Proof-of-Concept based on the Siemens SIMATIC S7-1200 PLC. Three German security researchers have presented a PLC-based worm at Black Hat Asia. The proof of concept is based on the Siemens SIMATIC S7-1200 PLC which reminds us all two well of an earlier PLC attacking worm […]

One out of every three websites were involved in transmitting malware to their users, which was found attached to their digital content. Suppose, there is a movie, released last month. You didn’t have the time to watch it in the theatre and you also want to save some money. What would you do? Go to […]

This is the first of a series of  “Hacker Interviews” that will aim to help us get a better understanding of the motivations and techniques of the hackers. The information security industry spends time and effort not only to stop hackers but also to understand and simulate them. Vulnerability assessments and penetration tests are specially […]

Hackers demonstrated to the Tech Insider how to break into any office by purchasing from Amazon and eBay $700 worth of electronic parts to clone access cards. Breaking into a company could be very easy and cheap for hackers, it could be sufficient to buy from Amazon and eBay $700 worth of parts. “We watched a […]

A study conducted by Recorded Future on PoC exploits shared online over the last year shows that social media is the main distribution channel. Security experts at the threat intelligence firm Recorded Future have conducted an interesting study on the proof-of-concept exploits shared online (e.g. On Twitter, on forum linking to personal blogs, GitHub, or Pastebin) last year. […]

The security expert David Levin was arrested and charged after discovering  serious security flaws on a couple of election websites in Florida. The security researcher David Levin, the owner of Vanguard Cybersecurity, was arrested and charged after discovering  serious security flaws on a couple of elections websites in Florida. In December Levin discovered that the elections website […]

A group of white hackers from RedTeam traveled to the Midwest to test the systems of a major power company and breach it with Social Engineering. RedTeam Security is a group of ethical hackers who specialize in offensive security, believing that the best defense is a good offense. Engaging in social engineering, in addition to […]

CVE-2016-4117 is a zero-day vulnerability affecting the Adobe Flash Player that is being exploited to launch malware-based attacks in the wild. According to Adobe, a new zero-day vulnerability in the Flash Player software is being exploited in cyber attacks in the wild, and the worrisome new is that it will not be patched until May 12th. […]

Is the North Korea behind the hack of a South Korean defense contractor? The officials announced an investigation into the security incident. There is a constant tension between South Korea and the North, now the Government of Seoul is accusing Pyongyang for a cyber attack that in April last hit a navy defence contractor, the […]

The recently discovered ImageMagick critical vulnerability (CVE-2016-3714) is being exploited in the wild for reconnaissance. The security researcher John Graham-Cumming from CloudFlare asserts that his firm recently discovered a critical vulnerability, code named CVE-2016-3714, in the popular image manipulation software, ImageMagick. The flaw could allow cyberattackers target, exploit and take over websites running the widely used […]

Facebook hopes to make security education easier for students with the release of its Capture the Flag platform to open source on GitHub! Are you interested in testing your hacking abilities? Facebook is offering a secure opportunity for you by opening it Capture The Flag (CTF) platform to test hacking skills in a legally safe environment […]

Security experts collected evidence that up to 36 global organizations have been hacked via exploits against an old flaw in SAP Business Applications A five-year-old flaw in SAP software is threatening business worldwide, at least 36 global organizations have been hacked via exploits used to trigger a vulnerability in SAP Business Applications. The flaw resides on […]

In March 2016 experts from FireEye spotted a malicious campaign conducted by a financially motivated threat actor that leveraged on a zero-day exploit. According to security experts at FireEye, a sophisticated criminal organization targeted more than 100 organizations in North America. Most of the victims are in the retail, hospitality and restaurant sectors. Threat actor […]

Recently security experts at Cisco Talos have discovered multiple exploitable vulnerabilities in 7-Zip that open users to cyber attacks. According to the Cisco security researcher Jaeson Schultz, multiple flaws in the 7-Zip compression tool could be exploited by hackers to gain the complete control on the target machine running the popular software. “Recently Cisco Talos has […]

Processors manufactured by the  Chinese ARM maker Allwinner are affected by a kernel backdoor and are present is several models of low-cost devices. In the security community is circulating the news about the presence of a backdoor in the gadgets shipped by the popular Chinese ARM maker Allwinner.  Processors manufactured by the company are present […]

The SWIFT announced that a second commercial bank was a victim of a cyber heist, the crime appears to be part of a broad online attack on global banking. A second malware-based attack hit the SWIFT (Society for Worldwide Interbank Financial Telecommunications) system. The news was spread by the SWIFT on Thursday, the attack has many similarities with […]

A few days ago group of white hat hackers from RedTeam traveled to the Midwest to test the systems of a major power company and breach it with Social Engineering. RedTeam Security is a group of ethical hackers who specialize in offensive security, believing that the best defense is a good offense. We wrote about […]

A mysterious hacker is responsible for a mass Reddit defacement of 70 subreddits, he wants to demonstrate the lack of security of the popular platform. Someone is creating the panic on Reddits, a mysterious user behind the name TehBVM (@TehBVM) claims to have already popped more than 100 Reddit subreddits. The user already targeted subreddits related […]

Anonymous alongside with BannedOffline and Ghost Squad crews are resuming the OpIcarus targeting banking websites around the world. Hackers of the Anonymous collective alongside with Ghost Squad and BannedOffline continued their attacks on the banks worldwide under the campaign named OpIcarus. The Operation OpIcarus was resumed in March 2016, both Anonymous and Ghost Squad launched several attacks on financial institutions worldwide, including the bank […]

Security and fraud experts are observing a significant increase in the number of ATM skimming attacks across the world. It’s an emergency! Security and fraud experts are observing a significant increase in the number of cyber attacks against the ATMs, in particular, skimming attacks. The popular investigator Brian Krebs recently published an interesting post that […]

A 19-year-old hacker who goes by the name Revolver claims to have breached into Pornhub server and already sold the access for $1,000. It happened during the weekend, a researcher using the 1×0123 Twitter account announced the availability of a shell access to a subdomain on Pornhub and offered it for $1,000. The figure is obviously […]

As the gaming industry continues to become a more lucrative market, it has also increasingly become more attractive to cybercriminals. As the gaming industry continues to become a more lucrative market, it has also increasingly become more attractive to cybercriminals. These cyber attackers are employing the same tactics used to hack online banks and retailers. […]

The FireEye researcher Genwei Jiang revealed the exploit chain related to phishing attacks leveraging CVE-2016-4117 flaw recently fixed by Adobe. Security experts at FireEye have recently spotted an attack leveraging on an Adobe zero-day vulnerability (CVE-2016-4117) recently patched. The CVE-2016-4117 flaw affects older versions of the Adobe Flash, a few days ago the company was informed of a new zero-day […]

The white hat hacker Tavis Ormandy has discovered a critical exploitable memory overflow bug in the core Symantec Antivirus Engine The popular white hat hacker Tavis Ormandy from the Google Project Zero has discovered a critical exploitable flaw (CVE-2016-2208) in the Symantec antivirus system. The expert discovered an exploitable memory overflow vulnerability in the core […]

GhostShell is back, it exposed data from 32 companies and  launched a new campaign to punish negligent network administrators. The popular hacker crew GhostShell is back and is launching a new campaign to sensitize administrators to the importance of a proper security posture, but he’s doing it in his own way. GhostShell is a group of hacktivists most […]

A security expert discovered security flaws that could let anyone to steal as much as $25 Billion from one of the biggest Indian banks. The security researcher Sathya Prakash discovered that the critical vulnerabilities reside in the mobile banking application used by the bank customers. Prakash explained that the exploitation of the flaw allowed him to steal […]

IBM has targeted hackers, bringing Watson (its computer brain) in the game, with the help of eight prominent US universities IBM’s computer brain, or else Watson, has been known to multitask, already involved in fighting cancer and cooking and so many other things. Right now, the focus of IBM has been placed towards dealing with […]

The vulnerability CVE-2016-4010 allows an unauthenticated attacker to execute PHP code at the vulnerable Magento server and fully compromise the shop. The Israeli security expert Nethanel Rubin (@na7irub) has reported a critical flaw (CVE-2016-4010) in the eBay Magento e-commerce platform that could be exploited by hackers to completely compromise shops online. The vulnerability rated 9.8/10 has been […]

GhostShell is back and I had the opportunity to interview him. It is important to understand the thoughts and opinion of talented minds like GhostShell. Yesterday I reported the news of the return of one of the  most popular hacker, Ghost Shell who exposed data from 32 companies and  launched a new campaign to punish […]

Phineas Fisher, the notorious Hacking Team hacker, stole $10,000 from a bank and donated the equivalent in Bitcoin to Kurdish anticapitalists in Rojava. Phineas Fisher (@GammaGroupPR), revealed on Reddit that he breached a bank and turned the stolen money to a Kurdish anti-capitalists that operate in the Rojava autonomous region. The region in located in the north of the […]

Cisco issued a series of patches for the AsyncOS operating on CISCO WSA that fix multiple high severity Denial-of-Service (DoS) vulnerabilities. Cisco has released security patches for the AsyncOS operating system that run on the Web Security Appliance, also called CISCO WSA. The security updates fix multiple high severity Denial-of-Service (DoS) vulnerabilities. Below the details […]

The Ecuador Bank Banco Del Austro of Cuenca was hacked by threat actors that once again involved the SWIFT systems to stole $12 Million. A third bank was the victim of a cyber heist, the Ecuador Bank was hacked by threat actors that targeted the SWIFT systems and stole $12 Million. In  February hackers have stolen $81 Million from the […]

A researcher received a $5,000 bounty after finding two flaws that could have allowed attackers to run brute-force attacks on Instagram accounts. The Belgian security researcher Arne Swinnen discovered two security flaws affecting the Instagram platform that allowed attackers to launch brute force attacks against its accounts. The bug hunter received a $5,000 bounty from Facebook […]

A worm is infecting routers and other wireless devices across the world made by the Ubiquiti Networks company. An insidious worm is infecting routers and other wireless devices made by Ubiquiti Networks across the world. ISPs worldwide reported the malware-based attacks, the threat can take complete control of the wireless networking equipment by exploiting a year-old remote […]

The FBI issued a notification warning actors in the private sector about a rapid diffusion of KeySweeper, a keystroke loggers disguised as USB phone chargers. The FBI is warning actors in the private sector about a rapid diffusion of stealthy keystroke loggers disguised as USB phone chargers. The FBI issued a Private Industry Notification warning of the […]

The Pastejacking Attack exploits JavaScript to override the clipboard content and trick victims into running malicious code. The security expert Dylan Ayrey has devised a new attack technique dubbed Pastejacking attack that leverages on the victim’s clipboard. The possibility of manipulating clipboard without a victim noticing it a known for a long time, it is possible to do […]

Today I want to share you my interview with one of the greatest white hat hackers in the IT Security Industry, the ingenious Samy Kamkar. Samy Kamkar (@SamyKamkar) is one of the most prolific experts that periodically presents new astonishing creations to the IT security industry. Most of you will remember for sure MagSpoof, Combo Breaker, SkyJack, OwnStar, OpenSesame, […]

Today I want to share you my interview with one of the greatest white hat hackers in the IT Security Industry, the ingenious Samy Kamkar. Samy Kamkar (@SamyKamkar) is one of the most prolific experts that periodically presents new astonishing creations to the IT security industry. Most of you will remember for sure MagSpoof, Combo Breaker, SkyJack, OwnStar, OpenSesame, […]

Incapsula experts Igal Zeifman and Dan Breslaw unmasked the availability of stresser and booter DDoS services on Fiverr website at very affordable prices. The Freelancer-finding site Fiverr is offering DDoS attacks-as-a-service for just five dollars. The site connects professionals that offer any kind of services to buyers. If you are searching for a developer to hire, […]

Leaked WPAD queries could result in domain name collisions with internal network naming schemes exposing corporate to MITM attacks. The U.S. Computer Emergency Readiness Team(US-CERT) issued the Alert (TA16-144A) to warn of leaked WPAD queries could result in domain name collisions with internal network naming schemes. The WPAD queries are intended for resolution on private or enterprise DNS […]

  Dozens of HTTPS-protected websites belonging to Visa are vulnerable to Forbidden Attack, nearly 70,000 servers are at risk. A new attack technique dubbed ‘Forbidden attack’ expose dozens of HTTPS Visa sites vulnerable to cyber attacks and roughly another 70,000 servers are at risk. A group of international researchers (Hanno Böck, Aaron Zauner, Sean Devlin, Juraj Somorovsky, […]

Today I propose you an interview with Sneaker, one of the members of the GhostSec crew. The Sneaker is a very intriguing expert involved in counterterrorism operations against the ISIL members online. Ghost Security (GhostSec) is an internationally-based counterterrorism group that specializes in intel collection, threat analysis and digital weapons. Its cyber operations consist of collecting actionable […]

Hacker interview – Today I have the honor to interview Claudio Guarnieri, aka Nex, one of the most talented hackers and security researchers. Claudio is known as one of the most active civil rights advocate, he is known for his researchers at the Citizenlab, he is creator of the @cuckoosandbox and @malwr. Enjoy the interview! Hi Claudio, […]

A couple of experts demonstrated how to wirelessly change the time on NTP servers over long distances using an inexpensive equipment. The HACK IN THE BOX conference is a hotbed of interesting hacks,  today I will present you the results of a research conducted by the researchers Yuwei Zheng and Haoqi Shan from Qihoo360 firm that explained […]

Mikko Hypponen does not need any introduction, he is a true star, one of those professionals who have indelibly marked the evolution of the cyber security industry. I consider Mikko a legend, and I’m happy to share with you this interview. Enjoy it!   Hi Mikko, you are a legend of the hacking community, can […]

The US Computer Emergency Response Team has issued a warning after the discovery a security issue the popular medical application MEDHOST PIMS (PIMS). Many security experts believe that medical industry lack of a proper security posture, despite it is a high-tech sector the vast majority of medical equipment was not designed with a security by design […]

The independent researcher Maxim Rupp reported an unpatchable flaw in the ICS Environmental Systems Corporation (ESC) 8832 Data Controller. Vulnerable SCADA and industrial control systems represent the entry point in critical infrastructure for hacking attacks. In many cases, patch management of these systems is very complex and in some specific scenarios known flaws could not be fixed for various […]

The researchers from the Trustwave’s Spiderlabs team discovered that a Windows zero-day is available for sale in a popular crime forum for $90,000. A Windows zero-day flaw was offered for sale at US$90,000 on the Russian crime forum exploit.in. The flaw could be exploited by hackers to gain a full deep access to an already compromised […]

A study of Duo Security revealed that Lenovo Accelerator Application support tool contains a high-risk flaw that allows remote code execution. Once again bad news for Lenovo users, the company is informing them that the Lenovo Accelerator Application contains a high-risk vulnerability that could be exploited by hackers to remotely execute code on the machine and […]

GhostShell is back and leaked 36 million records from vulnerable networks to invite experts to pay attention to the new MEAN Stack. GhostShell is back and once again to warn us about the poor security posture of many services, this time, he announced to have leaked 36 million accounts/records. The hacker is inviting experts to pay attention to […]

A group of Israeli researchers demonstrated how to steal RSA encryption keys through a PC’s noises during cryptographic operations. If you think that air-gapped networks are totally secure you are wrong, in the past, many research teams have devised methods to steal data from computers disconnected from the Internet. They demonstrated that it is possible […]

More than 19 months after its public disclosure the CVE-2014-3704 is still exploited in attacks against Drupal-based websites. It was October 2014, when Drupal patched a critical SQL injection vulnerability (CVE-2014-3704) that was affecting all Drupal core 7.x versions up to the recently-released 7.32 version, which fixed the issue. The patch issued by Drupal fixed the […]

The anti-phishing company PhishMe that observed that as of the end of March 93 percent of all phishing emails contained a ransomware. Ransomware is becoming a privileged instrument of cyber criminals to rapidly earn money, the diffusion of this type of threat is changing the threat landscape scenario, for example, as of the end of March, […]

Hackers discovered it is possible to remotely control features of Mitsubishi Outlander PHEV by hacking the mobile applications designed by the car vendor. A team of experts from the UK security firm Pen Test Partners has demonstrated that it is possible to remotely control some feature of the popular SUV Mitsubishi Outlander plug-in hybrid electric vehicle […]

Boffins released a paper describing how computer processors can be programmed to give elevated privileges to hackers and run fabrication-time attacks. A team of researchers from the University of Michigan recently released a paper describing how computer processors can be programmed to give elevated privileges to hackers.  The paper titled, “A2: Analog Malicious Hardware,” describes […]

The FTC’s chief technologist gets her mobile phone number hijacked, she shared her experience of a victim of such kind of Id Theft. The incident that I’m going to tell you is worrisome, the US Federal Trade Commission’s chief technologist Lorrie Cranor gets her phone number hijacked. The FTC’s chief technologist was hacked by someone posing […]

China is ready to launch its first hack proof quantum communication satellite, are we entering a new era of telecommunications. Satellites have a crucial role in our digital society, almost every industry is benefiting from their services for this reason their security is a pillar of the cyber security strategy of governments worldwide. Attackers are posing […]

A security expert discovered that a crafted PDF document that includes an embedded JPG2000 image can trigger a buffer overflow in the Chrome PDF reader. The security expert Aleksandar Nikolic from the Cisco Talos group has discovered an arbitrary code execution vulnerability (CVE-2016-1681) in PDFium, which is the PDF reader component installed by default in Google Chrome […]

Experts have discovered several SQL injection vulnerabilities in the European Union Websites, the European Parliament and the European Commission sites The security experts Vulnerability Lab CEO Benjamin Kunz Mejri and Marco Onorati have discovered a number of SQL injection vulnerabilities in the websites of the European Parliament and the European Commission. The exploitation of the flaws in […]

Is Two-factor authentication the solution for any kind of hacks? A text message could be used to take over your Google Account. Following the recent data breaches suffered by IT giants (e.g. MySpace, LinkedIn, Twitter) security experts are inviting users to avoid sharing login credentials on multiple websites and to enable two-factor authentication (2FA) when it […]

WauchulaGhost Hacker groups linked to Anonymous hijack ISIS supporters’ Twitter accounts and flood their profiles with PORN picture and irreverent messages. Anonymous is continuing its online battle against the ISIS propaganda machine, this time, Twitter accounts managed by the terrorist organization have been flooded with a large number of pornographic posts. It seems that the attacks […]

The newfound critical vulnerability on Twitter seems to allow remote code execution! Which is the reason behind the recent Twitter security issues? The newfound critical vulnerability on Twitter seems to allow remote code execution! The last days we have seen some cases that have to do with Twitter’s security making us wonder if the famous […]

The “heterogony of end” is a famous expression formulated in 1886 by the German philosopher Wihelm Wundt, what about the Hacking Team case? After the hack of the controversial government spying and hacking tool vendor Hacking Team by an outside attacker, a large  numbers of media headlines worldwide reported the events. [1,2,3] The hacker announced […]

Security researchers have found a vulnerability that could allow attackers to send massive messages on Telegram bypassing its limitations. Security researchers have devised a method to send massive messages on Telegram. The experts have found a flaw that allows them so send messages of any size as showed in the proof-of-concept provided by the researchers. […]

Cyber criminals are offering for sale a hi-tech gadget named Contactless Infusion X5t to scan nearby contactless payment cards and clone them. The British Daily Mail published an interesting article on a new gadget used by crooks to clone up to 15 contactless bank cards a second from victims, and it can do it by […]

Hackers contracted by the DoD under the Hack the Pentagon initiative have found more than 100 vulnerabilities exceeding Government’s expectations. Do you remember the ‘Hack the Pentagon‘ initiative? ‘Hack the Pentagon’ is the initiative launched by the US Government this year to test the resilience to cyber attacks of the US defenses. The Pentagon has launched the […]

Adobe states that the Flash Player zero-day vulnerability (CVE-2016-4171) has been exploited in targeted attacks. It will be fixed later this week. Once again Adobe Flash Player is the target of hackers in the wild. Adobe has released security updates for several of its products announcing that the fix for a critical Flash Player zero-day vulnerability […]

In February Verticalscope platform was hacked and more than 45 Million passwords from  1,000 websites running on it have been leaked online. Data breaches, a never ending saga! Recently we reported a number of clamorous data breaches, hundred thousand million credentials were offered for sale in dark web. LinkedIn, mySpace, VKontakte, and Twitter are some of […]

xDedic marketplace is offering everyone from entry-level cybercriminals to APT groups fast, cheap and easy access to legitimate organizational servers. Security experts from Kaspersky Lab have conducted an interesting investigation of a massive Russian underground market, dubbed xDedic, that offers access to more than 70,000 servers online. Everyone accessing the marketplace could buy and sell […]

A security advisory recently released by CISCO announce that three Cisco wireless kits are affected by a critical bug, but no fix is available at the moment. SOHO devices are among most targeted network components in the wild, they are often poorly protected or not properly configured exposing users to serious risks. In these cases, […]

If you need to test your environment in a short period of time the WarBerry Pi is the right device to gather information on the target network. WarBerry Pi is a device that could be used by pen testers to collect as much information as possible in a short period of time, without being noticed. In order […]

On Tuesday evening Github became aware of unauthorized attempts to access a large number of its accounts, in response the company has reset their passwords. GitHub announced it has reset the passwords of a number of accounts after the company noticed unauthorized access. The hackers used credentials leaked online after the numerous data breaches suffered […]

The value of the Ethereum Currency is plummeting after a hack, the Digital currency Ethereum may have less than a month to live. The value of the Ethereum digital currency is plummeting following a hack on The DAO’s Ethereum holdings. The DAO is a decentralized and virtual organization that was established to fund new projects, […]

The security expert and malware researcher @dvk01uk reported a very unusual phishing attack on PayPal leveraging on Javascript. The phishing is still a very profitable technique for crooks, phishers try to improve old tactic in a new fashion in order to steal victims’ information. One of the most common suggestions to mitigate phishing attacks is […]

Adobe Flash Player 22.0.0.192 release fixes the Flash Player zero-day vulnerability (CVE-2016-4171) exploited by the APT group dubbed ScarCruft. Adobe has issued the Flash Player 22.0.0.192, a release that fixes the Flash Player zero-day vulnerability (CVE-2016-4171) exploited by the APT group dubbed ScarCruft in attacks on high-profile targets. The Flash Player flaw CVE-2016-4171 affects versions 21.0.0.242 and earlier for […]

An unnamed hacker hacked the video conferencing software used by the Quebec Liberal Party and shared the news with the media. Politicians are a privileged target of hackers, in many cases they totally ignore the risk of a cyber attack and their staff is not aware of ongoing espionage activities. We read about hackers that […]

David Dworken is the name of the student that hacked into the Pentagon US military’s website between classes at Maret High School and that the Government thanked. Recently we have reported the first results of the “Hack the Pentagon” program that allowed the discovery of numerous flaws in the computers of the US Government. News […]

David Dworken is the name of the student that hacked into the Pentagon US military’s website between classes at Maret High School and that the Government thanked. Recently we have reported the first results of the “Hack the Pentagon” program that allowed the discovery of numerous flaws in the computers of the US Government. News […]

Apple issued a security update to fix a nine-month-old DNS parsing flaw affecting Apple AirPort routers but avoided providing further info on the issue. Apple has issued a security update to fix a nine-month-old DNS parsing vulnerability affecting its AirPort routers. Apple has released a firmware update 7.6.7 and 7.7.7 that runs on  AirPort Express, AirPort Extreme and […]

A Chinese security researcher has discovered a Windows design flaw dubbed BadTunnel that affects all versions of Windows. The Chinese researcher Yang Yu, director of Xuanwu Lab of Tencent has discovered a design flaw in Microsoft Windows that affects all versions of the popular operating system. The vulnerability could allow an attacker to hijack a target organization’s […]

Like the FBI Director Comey also Zuckerberg use tapes to cover the webcam of his laptop, evidently he fear that someone could spy on him. A Facebook post published by Mark Zuckerberg to celebrate more than 500 million people now use Instagram is attracting the attention of IT experts. In the image that is included in the […]

Godless is a new strain of Android Malware recently spotted by experts from Trend Micro that leverages multiple rooting exploits. Godless is a new strain of malware that uses multiple rooting exploit to compromise Android mobile devices. The mobile malware is a sort of hacking platform that includes an open-source rooting framework called android-rooting-tools. The […]

Experts from Cisco Talos discovered multiple security issues in the Libarchive library that is used by hundreds of other projects, including FreeBSD. Security vulnerabilities in the popular open source compression toolkit Libarchive affect countless of other projects that include the library. The flaw was discovered by experts from the Cisco Talos team that supported the Libarchive development team to […]

WordPress has recently issued the version 4.5.3 that patches more than two dozen vulnerabilities, including 17 bugs introduced in the last three releases. WordPress is one of the most popular content management systems for this reason is a privileged target of hackers. It is quite easy to scan the web searching for websites running old version affected […]

Researchers discovered more than a dozen flaws in Uber app and websites, many of them allow hackers to access driver and passenger info. Security experts from the Integrity firm have found more than a dozen flaws in the Uber website that could be exploited by hackers to access driver and passenger data. The researchers discovered a total […]

This disclosure of an unpatched Remote Code Exec flaw in the Swagger API framework compromises NodeJS, Ruby, PHP, and Java. Swagger is a representation of RESTful API that allows developers to get interactive documentation, client SDK generation and discoverability. The Swagger generators are privileged tools for organisations to offer developers easy access to their APIs. Currently, the […]

Fansmitter is a new acoustic data exfiltration method devised by a group of researchers from Ben-Gurion University of the Negev. We all know that air-gapped networks aren’t totally secure, in the past, many research groups have devised methods to steal data from computers disconnected from the Internet. It is possible, for example, to exfiltrate data […]

PayPal has fixed a vulnerability that could have been exploited by attackers to deliver malicious images through the payment pages of the website. The Security researcher Aditya K Sood discovered a vulnerability that could have been exploited by attackers to deliver malicious image through the payment pages of the PayPal website. The expert noticed that the […]

Today I propose you an interview with Rahul Sasi, the Founder of Machine learning based cloud security company CloudSek. Rahul Sasi (@fb1h2s) is the Founder of Machine learning based cloud security company CloudSek. He was an Admin member for Garage4hackers.com. He is ePrior to founding CloudSek he was a Sr Engineer at Citrix where he held […]

Facebook has fixed a serious logic flaw that could have been exploited by hackers to delete any video uploaded in comments on someone’s Facebook post. Facebook has fixed a serious security vulnerability in the Facebook’s platform that could have been exploited by hackers to delete any video uploaded in comments on someone’s Facebook post. The security […]

Today I propose you an interview with Cesar Cerrudo, CTO at IOActive Labs, famous for his research on ICS/SCADA, Smart Cities, IoT, software security. Cesar Cerrudo is CTO at IOActive Labs, leading the team in producing ongoing cutting edge research on ICS/SCADA, Smart Cities, IoT, software security. But Cesar, first of all, has chosen the […]

Lenovo fixed two flaws (CVE-2016-5249, CVE-2016-5248) in the Lenovo Solution Center, once again the company faces problems with pre-installed bloatware. Lenovo has fixed two high severity vulnerabilities, CVE-2016-5249, and CVE-2016-5248, in its Lenovo Solution Center that could be exploited by hackers to gain access to vulnerable machines and to kill any process running on them.  The […]

The Saudi-based group of hackers known as OurMine has another illustrious victim, after Mark Zuckerberg they have also hacked the Google CEO Sundar Pichai’s Quora account. OurMine is a hacking collective that is scaring IT giants, the list of victims is very long and include names like Mark Zuckerberg, Twitter co-founder Evan Williams, David Guetta Daniel Ek, former […]

Experts from the ISACA organization confirmed that SWIFT hackers have stolen $10 million from a Ukrainian bank through SWIFT system. It is happened again, unknown hackers have stolen $10 million from an unnamed Ukrainian bank through SWIFT loophole. The news was spread by the Kyiv branch of ISACA, the Information Systems Audit and Control Association, that confirmed […]

Security experts from Sucuri firm have discovered a large botnet of compromised CCTV devices used by crooks to launch DDoS attacks in the wild. Researchers have encountered a denial-of-service botnet that’s made up of more than 25,000 Internet-connected closed circuit TV devices. We discussed several times about the IoT and the lack security by design that makes […]

A Google Widevine DRM flaw in the Chrome browser can be exploited to easily download videos streamed from websites such as Amazon Prime Video and Netflix. The flaw was discovered by researchers from the Ben-Gurion University of the Negev in Israel and the Telekom Innovation Laboratories in Germany. According to the experts, the issue exists […]

Symantec has fixed dozens of critical vulnerabilities affecting its solutions that can be exploited by remote attackers for arbitrary code execution. The popular Google Project Zero hacker Tavis Ormandy last month reported a number of critical security issues in Symantec solutions, and this is the good news. The bad news is that Symantec promptly fixed one […]

The Thomson Reuters terrorist database World-Check used by banks and intelligence agencies worldwide was leaked online, 2.2 million records exposed. There is a terrorist database used by banks and intelligence agencies worldwide, it is called World-Check and unfortunately, it was leaked online. The leaked database is dated back 2014 and contains some 2.2 million records. […]

Cisco released security patches for some of its products that fix critical and high severity flaw that could be remotely exploited by hackers. Cisco has released security patches for a number of high-severity vulnerabilities in the CISCO Management and other security products. One of the flaws, a critical vulnerability in the Cisco Prime Collaboration Provisioning (CVE-2016-1416), […]

Researchers discovered two flaws in the Siemens SICAM PAS widely used in the energy industry. One of the vulnerabilities is still unpatched. Security experts from Positive Technologies that have reviewed the Siemens SICAM PAS (Power Automation System) solution have discovered two information disclosure vulnerabilities (CVE-2016-5848 and CVE-2016-5849) that can be exploited by a local attacker. The experts […]

The Lizardsquad’s botnet known as LizardStresser is now leveraging on Internet of Things devices, latest waves of DDoS attack reached 400Gbps. The Lizardstresser DDoS botnet has been increasing in popularity throughout 2016 and is being used increasingly to target the Internet of Things. Arbor Networks reported in their blog, a marked increase since the start […]

Two security experts have conducted a study that allowed them to spot over 100 snooping Tor Nodes spying on Dark Web Sites. The attempts of snooping traffic from Tor nodes are not a novelty, in the past, we have reported the activity of threat actors that set up malicious exit nodes to de-anonymize users. Early 2014, researchers […]

Hacking a Facebook profile -An unidentified hacker successfully took over a Facebook account with a social engineering attack that involved a fake passport Today I desire to discuss with an interesting case, a hacker successfully took over a Facebook account with a social engineering attack. The hacker demonstrated that it is possible to bypass any […]

For the cyber security experts, Karsten Nohl doesn’t need to be introduced, he is volcanic, a shining professional. Karsten Nohl is one of the most famous hackers in the world, laymen know him as the hacker that revealed to the world how to spy on anyone through the vulnerability in the SS7 protocol. XXX is […]

The researcher Dmytro Oleksiuk published details of ThinkPwn flaw, a UEFI zero-day that could be exploited by hackers to disable security features. Once again the IT giant Lenovo is in the headlines, some products of the company and some others from other PC vendors, are affected by a UEFI vulnerability, dubbed ThinkPwn, that can be exploited […]

Billy Rios is one of the most skilled hackers that revealed us how is vulnerable to hacking attacks our society. Are you interested in the hacking of critical infrastructure? Are you worried about the security of medical devices? Billy Rios is one of the most skilled hackers that could provide you the answers to your questions. […]

The security researcher from Government Lab Mohammed Adel has found a vulnerability in the UK Defence Gateway that exposes army data. The security researcher from Government Lab Mohammed Adel has found a vulnerability in the UK Defence Gateway, an application only for the staff use, that could be exploited by attackers to gain access to the […]

A vulnerability in the firmware running on many D-Link products allows attackers to take over cameras and other 120 products. A month ago, the Senrio research team discovered and exploited a remote code execution vulnerability in the latest firmware of the D-Link DCS-930L Network Cloud Camera. The vulnerability allows code injection which lets the attackers […]

A research discovered two zero-day vulnerabilities residing in the official BMW web domain and ConnectedDrive portal that allow remote hack. Once again IoT devices are affected by a serious flaw that could be exploited by hackers to compromise them, this time we speak of Car Hacking. Almost any modern connected vehicle uses a drive-by-wire system that […]

Today, thanks to the support of Aveek Sen, I have interviewed the hacker that goes online with the pseudonymous of s1ege. s1ege is a member of the Ghost Squad and was one of earlier components of the AnonGhost hacker collective. The split occurred as Mauritania Attacker and few others of AnonGhost joined ISIS. Enjoy the interview […]

A Ukrainian Hacker has breached the servers of the Polish Telecom Company Netia SA and leaked on an underground forum the stolen data. A Ukrainian hacker going by the pseudonym of Pravy Sektor has hacked the servers of Poland’s telecom company Netia SA, the second largest telecom company in the country. The hackers stole personal details […]

Dear readers, I’m really proud and excited to share with you my interview with a legend Mr John McAfee. John McAfee is one of the spiritual father of modern cyber security, he developed the first commercial antivirus, but John is much more. He is the “artist” of security, a modern juggler of technology. Multi-talented and […]

Experts have made a disconcerting discovery on the Dark Web, they have found a sophisticated government malware that could be used to target Energy Grids. We have discussed several times about the militarization of the cyberspace and the risks that a government malware goes out of control, what about is a powerful hacking tool is […]

Enjoy the interview with Chema Alonso (@chemaalonso), Chief Digital Officer at Telefonica, who is one of the most talented cyber security experts. Chema Alonso is currently Chief Digital Officer at Telefonica, he is one of the most talented cyber security experts, a skilled hacker that is considered a star of the IT security industry. Enjoy the […]

Microsoft has just fixed a the CVE-2016-3238 Print Spooler vulnerability that allows attackers to hack any version of Microsoft Windows. The July Microsoft Patch Tuesday includes security bulletins that address 50 security holes. Six security bulletins are rated critical, reading the them one advisory will catch the attention of the reader. Microsoft has fixed a security […]

Following a short disappearance, the xDedic market – the infamous ‘eBay’ of hacked servers, has made a new appearance on the Tor network. The xDedic market is still offering everyone from entry-level cybercriminals to APT groups fast, cheap and easy access to legitimate organizational servers. The domain (xdedic[.]biz) went offline following a report from Kaspersky […]

Shard is a free tool that could be used by hackers to discover shared passwords between most popular web services, including Facebook, LinkedIn, Reddit, Twitter, or Instagram. In the past months, we have read about numerous data breaches, LinkedIn, MySpace, VerticalScope are just a few examples of illustrious victims. Hundreds of thousands of millions of credentials have flooded the […]

US sentences the Chinese hacker involved in the theft of industrial secrets on the F-22 and F-35 fighter jets, C-17 transport aircraft and F-35 aircraft. The Chinese national Su Bin (also known as Stephen Su and Stephen Subin), 50, has been sentenced to 46 months jail for intellectual property theft. The Chinese hacker admitted having […]

Enjoy the interview with WauchulaGhost (@wauchulaghost), one of the most active hackers in the fight against the IS online. Military, law enforcement, and hackers have the same the same goal, disrupt the propaganda activities managed by the Islamic State and interfere with IS daily functions, like paying its fighters. There is a silent cyber army of […]

A group of researchers has developed Riffle, a new anonymity scheme that provides better security and performance than others, including Tor. Tor is probably the most popular anonymizing network, million of users leveraged on it to protect their privacy and online anonymity. Now Massachusetts Institute of Technology researchers revealed a new anonymity architecture that could rival Tor. […]

Today, thanks to the support of Sneaker, I have interviewed the hacker that goes online with the pseudonym of Mr Xer . I’m continuing to interview hackers that try to destroy the online propaganda of the Islamic State, people that are involved in a silent battle that many people still ignore. Today I’ll present you […]

The popular OpenSSH is affected by a user enumeration bug that could be exploited by a remote attacker to check a list of hacked credentials. A bug (CVE-2016-6210) in the popular OpenSSH crypto library could be exploited by a remote attacker to enumerate users on systems running SSHD. An attacker can exploit the bug to check […]

Enjoy the interview with Zeus Anon to understand which phenomena are influencing the cyberspace and how hackers are fighting the ISIS online propaganda. I’m continuing to interview hackers that every day fight against the ISIS supporters, people that live in the shadow that are engaged in hard battles. Enjoy the interview! Hi Zeus, first of […]

A security expert revealed a number of flaws in the big player’s two-factor authentication methods that could allow crooks to steal money. Social media bug bounty hunter, Arne Swinnen, has revealed a number of flaws in the big player’s 2 factor authentication (2FA) methods that could enable a malicious user to illicit large sums of […]

According to the ICO Baby monitors are still open to hackers across the UK, the ICO issued a list of recommendations to avoid privacy breaches. Early this year, the Shodan search engine launched a feature that lets users easily access vulnerable webcams. In September 2015, researchers from the Rapid7 security firm discovered a number of security vulnerabilities affecting several Video […]

This critical flaw CVE-2016-4631 resides in the ImageIO and could be exploited by a remote attacker to steal sensitive information from Apple devices. Apple fans, I have a bad news for you, just one specially-crafted message can expose your personal information, including your authentication credentials stored in the memory of your Apple device. This means […]

Today, it is a pleasure for me to interview an Italian colleague, Matteo Meucci, a great professional, a perfect mix of talent and discipline. Enjoy the interview.   Hi Matteo, you are one of the most respected Italian experts on cyber security. Could you tell me which his your technical background and when you started hacking?  […]

18 out of 276 vulnerabilities fixed by Oracle with the last Patch Update resides in the OIT libraries that are used by products of numerous major vendors. The last critical Patch Update released by Oracle this week is in the headlines for the number of patches it includes. It includes the fixes for 276 vulnerabilities, 19 of […]

Today I have interviewed The r00t, a young and skilled hacktivist that participated in many hacking campaigns online, he is a former Lulzsec volunteer. He assumed the name r00t recently, he was known with a different pseudonymous online, but he preferred to remain anonymous. The interview is very interesting, enjoy it! Hi, you are a young talented […]

In military jargon, the term Red Team is traditionally used to identify highly skilled and organized groups acting as fictitious rivals and/or enemies to the “regular” forces, the Blue Team. Whenever we discuss Information Security from a defensive point of view, we are inclined to think about protection, damage control, and reaction. However, adopting an […]

Let’s continue the series of interviews with talented hackers some of them like Scrub are involved in anti-ISIS campaigns. Scrub is a member of #GhostSquadHackers and currently involved in the #opTurkey campaign. Enjoy the Interview. You are a popular talented hacker that has already participated in several hacking campaigns, could you tell me more about. I started off […]

The security expert Brian Krebs investigated the links between the Carbanak cybercrime gang and the Infocube security firm. Today I want to share with you the findings of an investigation of the popular cyber security expert Brian Krebs. This time, Krebs investigated the link between a cybercrime gang and a security firm. The security company […]

A group of hackers has devised a method to hack Pokemon Go to and reveal the exact location of characters all around you. Pokemon Go is the game of the moment, its viral and the attention of the media is very high on the gaming novelty. As the players know, they haven’t the precise location of nearby Pokemon […]

According to the US-based Akamai Technologies Distributed Denial Of Service (DDoS) attacks have a great level of sophistication today. The Morris Worm of 1989 caused massive damage and losses with its unintentionally caused Denial Of Service (DoS) attacks. Fast forward to today, attacks have sharpened teeth targeting almost every IT service, from telco to gaming firms. […]

According to the US-based Akamai Technologies Distributed Denial Of Service (DDoS) attacks have a great level of sophistication today. The Morris Worm of 1989 caused massive damage and losses with its unintentionally caused Denial Of Service (DoS) attacks. Fast forward to today, attacks have sharpened teeth targeting almost every IT service, from telco to gaming firms. […]

Let’s continue the series of interviews with talented hackers some of them like NeckrosTheTerrible are involved in anti-ISIS campaigns. NeckrosTheTerrible is a member of #GhostSquadHackers and currently involved in the #opTurkey campaign. Enjoy the Interview. You are a popular talented hacker that has already participated in several hacking campaigns, could you tell me more about. I been hacking […]

The Indian security expert and bug hunter Avinash has accessed and downloaded the entire Vine source code and it was really easy. A hacker has accessed and downloaded the source code of the Twitter’s Vine application. Vine is a short-form video sharing service, acquired by Twitter in 2012, that allows users to share small videos of 6 seconds […]

Enjoy my interview with the Zilla from GhostSquadHackers, I believe it is essential for cyber security experts to know how hackers work and why some of them are hunting the ISIS online. Zilla is another member of the #GhostSquadHackers, one of the hacker crews most active against IS propaganda online. You are a popular talented hacker […]

A team of researchers has found a couple of critical flaws in PHP and exploited them to hack PornHub, on one of the most popular adult websites. Diclaimer: This article is written to discuss the security implications and technical aspects of a hack that was recently done. If you by anyway are offended by the […]

Another interview with one of the black souls of the Internet, Korrupt, which is involved in various hacking campaigns. Enjoy the Interview.   You are a popular talented hacker that has already participated in several hacking campaigns, could you tell me more about. I started programming about 12 years ago and became a web developer […]

Today I have interviewed one of the core members of the popular TeaMp0isoN crew, as usual, these chats are very precious for experts that want know more about hacking activities. Enjoy the Interview. Could you tell me which his your technical background and when you started hacking? Which are your motivations? My technical background in […]

Another interview with one of the black hat hackers on the internet, he is Revolxy from PøwerfulGreəkArmy hacker crew. Enjoy the Interview. You are a known hacker that has already participated in several hacking campaigns, could you tell me more about. I have participated in campaigns such as #OpTurkey , #OpISIS and #OpPedo. I’m targeting government […]

Experts discovered that Wireless keyboards from several vendors don’t use encryption when communicating with USB dongle being opened to KeySniffer attacks Security experts from Bastille firm have devised a method of attack dubbed KeySniffer to remotely intercept keystrokes or send commands to a targeted computer. The researchers have analyzed non-Bluetooth wireless keyboards from 12 manufacturers discovering that […]

Shad0w Security (Shad0wS3C) claimed responsibility for the data breach of the EJBCA that resulted in the exposure of credentials and certificates. Shad0w Security claimed responsibility for the data breach of the EJBCA – Open Source PKI Certificate Authority . Shad0w Security recently breached into a Switzerland Branch of EJBCA – Open Source PKI Certificate Authority and stole dozens of certificates […]

Today I have interviewed one of the core members of the popular GhostSquadHackers crew, he is OffLine, the Admin. Enjoy the Interview. Could you tell me which his your technical background and when you started hacking? Which are your motivations? I’ve participated in many operations. The one I’m known for was OpIcarus where I’d get in […]

Today I have interviewed one of the core members of the popular GhostSquadHackers crew, he is BannedOffLine, the Admin. Enjoy the Interview. Could you tell me which his your technical background and when you started hacking? Which are your motivations? I’ve participated in many operations. The one I’m known for was OpIcarus where I’d get in […]

Today I have interviewed RazorBlade, (@JustAnotherBoat), another hacker involved in several hacking campaigns. Enjoy the Interview. Could you tell me which his your technical background and when you started hacking? Which are your motivations? I started hacking about 2 years ago but my curiosity allowed me to gain Alot of experience.   What was your […]

QRLJacking is an attack technique devised by a cyber security researcher to Hijack bypass QR Code Based Quick Login System. Many desktop applications such as Line, WeChat, and WhatsApp allow users to authenticate themself with the Secure Quick Response Login method that relies on QR-code. The QR-code-based authentication system allows users to quickly access a website […]

Authorities in South Korea are blaming hackers from North Korea for a massive data breach affecting 10 million Interpark online shoppers. North Korea launched a new cyber attack against the South, according to the Government of Seoul a massive data breach exposed data belonging to an Internet shopping mall. This week, authorities in South Korea accused […]

Another attack hit the Democratic Party organization, this time, the Democratic Party’s congressional fundraising DCCC committee was hit by hackers. The Democratic Party organization continues to be under attack, this time, the Democratic Party’s congressional fundraising committee was hit by hackers. According to the Reuters, the FBI is investigating a security breach of the systems of the […]

A security duo designed a hacking UAV dubbed Danger Drone, with it a drone equipped with a tiny PC that run a suite of hacking tools. What do you think if I propose you to use a drone to hack into a network? And what about air-gapped networks hacking? In order to hack into an isolated network, the […]

A security duo designed a hacking UAV dubbed Danger Drone, with it a drone equipped with a tiny PC that run a suite of hacking tools. What do you think if I propose you to use a drone to hack into a network? And what about air-gapped networks hacking? In order to hack into an isolated network, the […]

Israeli experts discovered a vulnerability within the JavaScript that proxy PAC files that allows HTTPS URLs interception via Proxy Attacks. Israeli security firm, Safebreach, has discovered a vulnerability within the JavaScript that proxy PAC files used for auto-configuration. Hackers could be used to extrapolate URLs and manipulate them. Proxy Auto Config or PAC files work […]

Israeli experts discovered a vulnerability within the JavaScript that proxy PAC files that allows HTTPS URLs interception via Proxy Attacks. Israeli security firm, Safebreach, has discovered a vulnerability within the JavaScript that proxy PAC files used for auto-configuration. Hackers could be used to extrapolate URLs and manipulate them. Proxy Auto Config or PAC files work […]

Today I have interviewed Watcher one of the hackers belonging to #GhostSec that fights IS propaganda online. GhostWatcher participated in various hacking campaigns, including #OpISIS and #OpPedoHunt. Enjoy the Interview. You are a talented hacker that has already participated in several hacking campaigns, could you tell me more about. I never refer to myself as a talented hacker. Mostly […]

The group of hackers known as China 1937CN Team compromised the announcement screen systems at many major airports in Vietnam. According to the 2015 version of the ‘Transportation Systems Sector-Specific Plan’ the transportation industry is increasingly exposed to cyber threats. The sector is becoming a privileged target of hackers worldwide, the last incident in order of […]

Today I present you The PøwerfulGreəkArmy (aka PGA), a hacker collective focused in the fight against the ISIS propaganda online. Enjoy the Interview. Tell me more about PGA? Which is your motivation? So ,we are a new hacking team with 7 skilled hackers. Our motivation is to stop pedophiles and ISIS doing actions. PGA ‘s […]

The Chinese authorities have arrested 10 members of the popular Wooyun ethical hacking community, including the founder Fang Xaiodun. Chinese authorities have arrested popular white hats operating in the country, including the founder of one of the larger online ethical hacker community. The reason behind the arrest is still a mystery, the news was reported […]

Weston Hecker, a security researcher with Rapid7, has devised a $6 tool to open guest rooms and hack into Point-of-Sale systems. It is not difficult to image that it is quite easy for hackers to hack a hotel room door, but it is surprising to discover that it is possible to do with a $6 […]

The Israeli intelligence firm Intsights has breached a Telegram ISIS group, members shared info on US bases in Kuwait, Bahrain, Saudi Arabia. The Israeli security firm Intsights claims to have breached a Telegram group run by jihadists that were planning to attack a list of US bases in Kuwait, Bahrain, Saudi Arabia. The company announced to […]

Security experts have uncovered several critical flaws in Cisco Small Business Routers that in some cases could result in the take over of the device Security experts Adam Zielinski and Harri Kuosmanen reported to CISCO several critical and high severity flaws in the CISCO Small Business Routers. According to CISCO, the CVE-2015-6397 flaw affects RV series […]

At Black Hat USA, the security researcher Elie Bursztein demonstrated the dangers of found USB drive and how to create a realistic one. Giving a look at the titles of the presentations in the agenda of the Black Hat USA Conference 2016 I noticed an interesting topic proofed by the security expert Elie Bursztein, the […]

The rise of the Internet of Things is being heralded by many as the beginning of a new Industrial Revolution. Technology firms are now linking objects ranging from household appliances to industrial machinery to the internet. With telecommunications firms on board, manufacturers are coming up with new, innovative uses for everyday objects. Yet linking these […]

Gh0s7 is a hacker that has participated in several hacking campaigns which is known for its efforts against the ISIS propaganda online. Enjoy the interview! Did you participate in several hacking campaigns? could you tell me more about you? I was the founder of Ghost Squad Hackers , when i started my hacktivism and (if it […]

Apple has chosen the Black Hat 2016 security conference to announce the launch of its bug bounty program, hackers can earn up to $200,000 for a flaw. Great news for bug hunters, finally Apple announced that it will pay hackers that will find bugs in its products. Apple is the last IT giant to launch […]

Researchers have demonstrated how crooks can make ATMs spit out thousands of dollars in cash in just a few minutes by using data stolen from EMV cards. When the EMV (Europay, MasterCard, and Visa) was introduced, the vast majority of security experts believed solved the problems caused by easy to clone magnetic stripe cards. EMV chip-equipped […]

Huston police identified and arrested 2 men while it was investigating a series of car thefts made using a pirated software running on the thieves’ laptop Two men have stolen more than 100 vehicles by using a laptop running a common software that’s used by technicians and auto dealers. The two criminals, Michael Arce, 24, and […]

Are you searching for a hacker that attacks ISIS online propaganda every day? CtrlSec is the right person. Enjoy the interview! Did you participate in several hacking campaigns? could you tell me more about you? I actually just had some experience with web design, I decided to start doing something with ISIS when me and a group of other people […]

The security expert Salvador Mendoza demonstrated that is it easy to steal Samsung Pay tokens and reuse them to make fraudulent purchases. The security researcher Salvador Mendoza has discovered a flaw in the Samsung Pay system that could be exploited by hackers to remotely skim credit cards. The attackers can steal Samsung Pay tokens and […]

At the DEF CON conference, a group of three researchers from Red Balloon Security has demonstrated how to hack a computer through its monitor. It is a common error consider monitors as a passive device that could not be exploited by attackers to hack our systems. The reality is quite different, attackers could hijack every monitor […]

The US-CERT warns of the presence of multiple flaws in the Nuuo NVRmini and other network video recorders of the same vendor. The US-CERT has issued a security advisory related to the presence of multiple vulnerabilities in the Web interface of a Netgear ReadyNAS Surveillance video recorder  and various devices manufactured by the video recording company […]

Today I have interviewed The Phantom Squad, one of the most dreaded groups of hackers on the Internet. Enjoy the Interview. You are a talented hacker that has already participated in several hacking campaigns, could you tell me more about. We started in November 2015. We have taken down PSN and have also targeted other […]

The systems of the Oracle MICROS payment terminals division have been infected by a malware, systems worldwide are potentially at risk. The hack that I’m going to tell you could have a serious and a huge impact, the systems of the Oracle MICROS payment terminals division have been infected. MICROS is among the top three […]

A team researchers at Arizona State University (ASU) is crawling the Darkweb searching for zero-days for Proactive Cybersecurity Threat Intelligence Can finding zero-day vulnerabilities be as easy as crawling the Darkweb? Security researchers at Arizona State University (ASU) think so and they’re already seeing some success.  In a paper titled, “Darknet and Deepnet Mining for […]

Today I had a pleasure to speak with a true talent of the hacking community.Nikie, she is an intriguing figure that I want to present you. Enjoy the interview! Hi Nikie, you are a talent of the hacking community, can you tell more about your technical background? When did you start hacking? I wouldn’t call myself […]

The security expert Rafael Fontes Souza has discovered vulnerabilities in the website of HP (Hewlett Packard) and decided to explain concepts of code review to mitigate the risk of this failure and prevent future attacks. “I would like to make it clear, I am writing this report for educational purpose, I contacted HP Security-Team that […]

Today I have interviewed Claudio Caracciolo one of the most renowned Security Professional that works like Chief Security Ambassador for ElevenPaths Claudio Caracciolo  wrote a book and is known for his effective interpersonal skills and his ability as an international speaker. Enjoy the Interview. You are one of the world’s most talented cyber security experts, […]

The bug hunting company Exodus announced its bug bounty program. Who will pay more for a 0-day exploit? Reflecting on the zero-day market. Almost every IT giant has launched its bug bounty program, the last in order of time is Apple that last week announced the initiative during the Black Hat Conference. How much is […]

Once again Microsoft failed in fixing a severe Secure Boot vulnerability that can be exploited to install rootkits on Windows devices. Microsoft has accidentally leaked the Secret keys to Bypass UEFI Secure Boot. The Secure Boot is a UEFI (Unified Extensible Firmware Interface) feature that should prevent the execution of unauthorized code during the boot process. The […]

A severe design flaw in the Linux kernel could be exploited by attackers to hijack traffic, inject malware into connections, and run a wide range of attacks. A severe flaw in the Linux kernel could be exploited by attackers to hijack traffic, inject malware into downloads and web pages, and run a wide range of […]

Today I have interviewed RootPhantom, another member of the popular hacker crew Phantom Squad. Enjoy the interview!   You are a talented hacker that has already participated in several hacking campaigns, could you tell me more about. We did bring down PSN and Xbox services last year. Could you tell me which his your technical […]

A new hack leveraging on two distinct vulnerabilities could be exploited to open every Volkswagen vehicles that have been sold since 1995 Do you have a Volkswagen? A new hack leveraging on two distinct vulnerabilities could be exploited to open every Volkswagen vehicles that have been sold since 1995, including models from Audi, Citroen, Fiat, Ford, […]

A group of experts devised a technique dubbed DiskFiltration to exfiltrate data from air-gapped networks relying on acoustic signals emitted from HDDs We are aware that air-gapped networks aren’t totally secure, security experts have devised several methods to exfiltrate information across the years. The last technique presented by a group of researchers was dubbed ‘DiskFiltration’ […]

Guccifer 2.0, the alleged hacker behind the DNC hack released another trove of documents about House Democrats, including Nancy Pelosi’s sensitive data. The hack to the US Presidential election is becoming even more mysterious, while security experts are blaming the Russia for the cyber espionage, a strange figure claims the responsibility for the security breach. […]

Security Researchers demonstrated at the Def Con hacker conference how it is easy to open some Bluetooth-based smart locks. Last week security researchers Ben Ramsey and Anthony Rose of Merculite Security demonstrated at the Def Con conference how it is easy to open some Bluetooth-based smart locks. The duo analyzed 16 smart locks from companies […]

Two researchers have devised a cryptocurrency scheme dubbed DDoSCoin that pays everytime a user participates in a DDoS attack against certain servers. The assistant professor at the University of Colorado Eric Wustrow and the phD student at the University of Michigan Benjamin VanderSloot have conducted a curious proof-of-concept project aimed at the creation of a cryptocurrency that […]

Dear Readers, today I want to present you Dêfãult Vírüsa one of the most intriguing hackers on the Internet. He is the Admin of #AnonSec & @L0sExtraditable hacker groups Enjoy the Interview. You are a talented hacker that has already participated in several hacking campaigns, could you tell me more about. Our page on EncyclopediaDramatica should […]

Are you searching for a cyber security expert that attacks ISIS online propaganda every day? VujaDeGhost is one of them. Enjoy the interview! Have you participated in any hacking campaigns? I have not personally participated in the hacks that have been in the news or have been plastered all over Twitter as of late. That being said, I […]

The NSA-linked unit The Equation Group has been hacked and a data dump containing exploits and tools has been leaked online. Is it legitimate? It is the topic of the moment, the group The Shadow Brokers has hacked the NSA-linked unit the Equation Group and leaked online exploits and hacking tools. The hackers had dumped online […]

Customers of Cisco and Fortinet security firms need to patch their products to fix the flaws exploited by the Equation Group exploits and hacking tools. While security experts are analyzing the hacking tools leaked in the data dump by the Shadow Brokers, security firms are working to fix the vulnerabilities exploited by the Equation Group toolsets. Both […]

Kaspersky Lab discovered the Operation Ghoul, a campaign targeting industrial, manufacturing and engineering organizations in more than 30 countries. Security experts from Kaspersky have discovered a profit-driven campaign dubbed Operation Ghoul. Threat actors behind the Operation Ghoul targeted more than 130 organizations in 30 countries, including companies operating in the industrial and engineering sectors. Hackers targeted mainly […]

Researchers tested the BENIGNCERTAIN tool included in the NSA data dump that allows attackers to extract VPN passwords from certain Cisco devices. Following the disclosure of the NSA dump, IT vendors Cisco and Fortinet issued security patches to fix the flaws exploited by the Equation Group in their products. Now, security researchers have uncovered another […]

A group of researchers demonstrated that a number of existing facial recognition systems can be fooled by 3D facial models made from Facebook photos. Facial recognition systems still have a certain margin of error, for example, trying to identify people of color. A group of researchers from the University of North Carolina demonstrated that a number […]

A security expert analyzed a BHU Wi-Fi router and found that it is easy to hack by an unauthenticated attacker that can access sensitive information. Tao Sauvage, an expert from IOActive, has analyzed a BHU Wi-Fi router that he purchased during a travel. The BHU Wi-Fi router appears like a surveillance box, but according to the […]

IoT devices are dramatically enlarging our surface of attack, hackers can exploit smart sockets to shut down Critical Systems. I love some of the gangster nicknames people come up with. Knuckles, Fat Tony , Stab Happy or even Bambi. Names are characteristic of their personality and attitude. It’s time to add Toaster Socket to the […]

Today I have interviewed Mr C, aka @NotCracka another interesting figure of the hacking community. Enjoy the Interview. Could you tell me which his your technical background and when you started hacking?  The unique technical background I have is related my participation to the Anonops IRC where people teach me about advanced web attacks, including the […]

The Navis WebAccess application used in the transportation sector worldwide is affected by a high severity SQL injection vulnerability. A software used in the US ports is affected by a high severity SQL Injection vulnerability (CVE-2016-5817). The flaw was discovered by a hacker behind the online moniker “bRpsd,” the expert has discovered the vulnerability in […]

Security experts have improved the ExtraBacon exploit included in the NSA Equation Group arsenal to hack newer version of CISCO ASA appliance. The data dump leaked online by ShadowBrokers is a treasure for security experts and hackers that are analyzing every tool it contains. Cisco and Fortinet have confirmed their network appliance are vulnerable to the exploits […]

Thailand – A gang of foreign criminals stole millions of baht by hacking ATMs in the country. The gang is linked the one that hacked ATMs in Taiwan. Hackers belonging to a cybercrime gang from Eastern Europe have stolen over 12 Million Baht (approximately US$346,000) from a 21 ATMs in Thailand. The crooks have targeted […]

Cisco has started releasing patches for its ASA software to address the Equation Group’s EXTRABACON exploit included in the NSA data dump leaked online. Security firms and IT giants are analyzing the huge archive leaked by the Shadow Brokers crew after the hack of the NSA-linked Equation Group. We reported that some of the exploits […]

The Security Engineer April King from Mozilla has released the Observatory Tool, a free tool for the security assessment of websites. Mozilla has launched the ‘Observatory,’ a tool developed by the Security Engineer April King that allows administrators and developer to test their websites. “Observatory is a simple tool that allows site operators to quickly […]

New World Hackers is one of the most popular groups of hackers, it conducted several hacking campaigns against multiple targets. Enjoy the interview! Did you conduct several hacking campaigns? Could you tell me more about you and your team? We have been dedicated to operations, such as taking down BBC, Donald Trump, NASA, and XBOX. […]

Shad0wS3C hacker group has hacked the Paraguay’s Secretary of National Emergency (SNE) and leaked online a dump from a PostgreSQL database. Not so long ago I interviewed Gh0s7, the leader of the Shad0wS3C hacker crew, now he contacted me to announce the hack of the Paraguay’s Secretary of National Emergency (SNE). “The reason for this data […]

Saudi government facilities have been hit cyber attacks, the Government is investigating with the support of Saudi cyber experts. Saudi government facilities have been targeted by major cyber attacks, in response, the Government has convened a group of cyber experts to examine the events. According to the Saudi Press Agency, Saudi cyber experts held urgent talks […]

NorthScripts is one of the members of the PøwerfulGreəkArmy hacker group, a young team that conducted several hacking campaigns against multiple targets. Enjoy the interview! Could you tell me more about you? Could you tell me which his your technical background and when you started hacking?  I started hacking in 2013, but got better in 2015 when I […]

A group of Israeli researchers has devised a new technique dubbed USBee to hack air-gapped networks and exfiltrate information. Mordechai Guri, head of  R&D at Ben-Gurion’s Cyber Security Center and the chief scientist officer at Morphisec Endpoint Security, and his team have devised a new technique dubbed USBee to hack air-gapped networks and exfiltrate information. […]

Today I have the pleasure to share with you the interview with one of the most popular Spanish cyber security experts, Lorenzo Martinez. Enjoy it! Lorenzo Martinez is the CTO of Securizame, a Spanish security company fully oriented to consultancy, ethical hacking, forensics and security trainings. He is also one of the four editors and […]

Apple issued security fixes for Mac OS X and Safari to patch zero-day flaws exploited by Pegasus spyware to spy on mobile users. A few days ago, we reported a detailed analysis of the Trident exploit that triggers three vulnerabilities in order to remotely hack Apple mobile devices through the installation of the Pegasus spyware. The […]

The notorious Romanian hacker Guccifer has been sentenced to 52 months in prison by a US court for aggravated identity theft and hacking. The notorious Romanian hacker Guccifer has been sentenced to prison by a US court. Marcel Lehel Lazar (44), this is the real name of Guccifer, has been sentenced to 52 months in prison […]

Today I present you the Riddler, aka Binary, the founder of the BinarySec group, a hacker collective focused in the fight against the ISIS propaganda online. Enjoy the Interview. You are a popular talented hacker that has already participated in several hacking campaigns, could you tell me more about. Could you tell me which his […]

Experts from Fortinet discovered a Russian website called Fake-Game the offers a Phishing-as-a-Service platform to anyone. The Phishing attacks are still one of the most effective methods to grab users’ credentials on the web. Experts from Fortinet have discovered a Russian-language site called ‘Fake-Game’ that offers Phishing-as-a-Service. “During our monitoring, we discovered that this same business model is […]

Today I present you 0xOmar  (@0XOMAR1337) an expert very active in the hacking community online with a great experience. Enjoy the Interview. Why do you use the nickname of TeaMp0isoN? I know them and you are not a member of the original crew. Trick was very good friend of mine invited me to join TeaMp0isoN in 2012 […]

Today I present you 0xOmar  (@0XOMAR1337) an expert very active in the hacking community online with a great experience. Enjoy the Interview. Why do you use the nickname of TeaMp0isoN? I know them and you are not a member of the original crew. Trick was very good friend of mine invited me to join TeaMp0isoN in 2012 […]

Two security experts from the Rapid 7 firm revealed that tens of thousands of CISCO ASA boxes are still vulnerable to the NSA EXTRABACON exploit. A few weeks ago the Shadow Brokers hacker group hacked into the arsenal of the NSA-Linked Equation Group leaked online data dumps containing its exploits. ExtraBacon is one of the exploits […]

Today I’ll present you  @h0t_p0ppy, a skilled online hacktivist that participated in the major hacking campaigns, including#OpWhales, #OpSeaWorld, #OpKillingBay, and #OpBeast, Enjoy the Interview. You are a popular talented hacker that has already participated in several hacking campaigns, could you tell me more about. I have participated in campaigns against animal abuses. There are many ops for […]

Today I’ll present you  @h0t_p0ppy, a skilled online hacktivist that participated in the major hacking campaigns, including#OpWhales, #OpSeaWorld, #OpKillingBay, and #OpBeast, Enjoy the Interview. You are a popular talented hacker that has already participated in several hacking campaigns, could you tell me more about. I have participated in campaigns against animal abuses. There are many ops for […]

The security expert and blogger Rob Fuller demonstrated how sniff credentials from a laptop via Ethernet adapter on USB, even if the PC is locked. The security expert and blogger Rob Fuller demonstrated how to exploit a USB SoC-based device to sniff credentials from a locked laptop. The expert has modified the device in a […]

Today I’ll present you AnonRising IRC, a very active collective of hacktivist that participated in the major hacking campaigns. Enjoy the interview You and your AnonRising IRC team are talented hackers that have already participated in several hacking campaigns, could you tell me more about you? We have participated in many operations list is below […]

U.S. authorities have arrested two alleged members of the Crackas With Attitude group involved in dumping details of officials with the FBI and the DHS. The FBI has identified and arrested two men from North Carolina men that are suspected to be members of the notorious ‘Crackas With Attitude‘ hacker group that dumped details of government […]

The manufacturer USBKill.com has commercialized USB Kill 2.0, a USB dongle that is able to fry any computer through the USB ports. The Hong Kong-based technology manufacturer USBKill.com has created a USB dongle that is able to fry any computer into which it’s plugged by using an electrical discharge. The attack is simple, the USBKill use […]

Today I have the pleasure to share with you the interview with Francisco Moraga, a popular cyber security expert also known as @BTshell . Enjoy it! You are one of the most respected experts on cyber security. Could you tell me which his your technical background and when you started hacking? My name is Francisco Moraga, […]

Cisco disclosed the existence of the CVE-2016-6399 flaw that can be exploited by remote unauthenticated attackers to trigger DoS conditions in ACE products. Experts at Cisco have disclosed the existence of a high-severity vulnerability, tracked as CVE-2016-6399, that can be exploited by remote unauthenticated attackers to trigger DoS conditions in some of Application Control Engine (ACE) […]

Every collective has its tactics and tools, Today I’ll present you Anonandmore, a hacker that is very active online. Enjoy the Interview.   You are a talented hacker that is very active online, could you tell me more about you. Could you tell me which his your technical background and when you started hacking? I started […]

Everyone is a potential victim, even the wannabe hackers that try to exploit Facebook Hacker Tools to hack into friends’ accounts. When dealing with cybercrime everyone, is a potential victim, even the hackers, this is the case of a Crimeware-as-a-Service hack that turns wannabe crooks into victims. For those who are looking to hack the Facebook accounts […]

A security researcher disclosed a critical MySQL zero-day affecting all the default configuration of all MySQL versions including 5.5, 5.6 and 5.7. The security researcher Dawid Golunski has disclosed a critical zero-day vulnerability affecting the popular database management system (RDBMS) MySQL. The researcher decided to disclose the critical flaw because Oracle failed to release a […]

Today I have the pleasure to share with you the interview with Francisco Francisco J. Rodriguez. He is a member of the Spanish Cyber Security Institute, Cybersecurity and Cybercrime Research and collaborating with State security forces. His twitter @0fjrm0 and his talk about Real Time Cyberattacks at https://goo.gl/ge6G9i  You are one of the world’s most talented […]

Are you still using Adobe Flash Player? Are you browsing the web with IE or Edge? Does your company use an Exchange Server? Apply security updates asap! It’s time to patch your systems, especially if you have installed Adobe Flash Player. Adobe has released Security updates to fix critical Flash vulnerabilities that affect any OS (Windows, Mac, […]

The security expert Issam Rabhi (@issam_rabhi) has discovered a cross-site scripting vulnerability in Google France. The giant already fixed it. A security expert from French security outfit Sysdream, Issam Rabhi (@issam_rabhi), discovered a cross-site scripting vulnerability in Google France. Yes, you‘ve got it right, the website of the IT giant was affected by one of the […]

Cisco has released several Security Updates to fix many vulnerabilities in its products, including a nasty RCE in WebEx Meetings servers. Cisco has issued a patch to address the remote code execution flaw (CVE-2016-1482) that affects company WebEx Meetings servers. The remote code execution flaw (CVE-2016-1482) could be exploited by remote, unauthenticated attackers to execute arbitrary commands […]

Mozilla plans to fix the cross-platform RCE flaw that threatened Tor anonymity. The flaw affects certificate pinning protections implemented by Mozilla. Mozilla plans to release a Firefox update to address the cross-platform remote code-execution vulnerability recently patched in the Tor browser. The tor is inviting its users to install the security update urgently, and Mozilla follows close […]

Cisco revealed the existence of another zero-day vulnerability, tracked as CVE-2016-6415, in the Equation Group archive leaked by the Shadow Broker hackers. This summer a group of hackers known as Shadow Brokers hacked into the arsenal of the NSA-linked group Equation Group and leaked roughly 300 Mb of exploits, implants, and hacking tools. The existence of the […]

A group of security researchers from the Chinese firm Tencent have found a series of flaws that can be exploited to remotely hack a Tesla Model S. Security experts at the Keen Lab at Chinese firm Tencent have found a series of vulnerabilities that can be exploited by a remote attacker to hack an unmodified […]

A mistake allowed us a peek into the North Korea Internet infrastructure, a security researcher discovered that Pyongyang has just 28 websites. The North Korea is one of the countries that most of all is investing to improve its cyber capabilities and that has one of the largest cyber armies. But North Korea is also known for […]

Microsoft recently issued the patches to fix set of flaws in Internet Explorer, years after their discovery by black-hats in the hacking underground. Microsoft finally fixed a set of vulnerabilities in Internet Explorer years after they were discovered by black-hats in the hacking underground. I have contacted a black hat in the underground that who made […]

Cisco has issued a security patch to address a remote hijacking vulnerability, tracked as CVE-2016-6374, in the Cloud Services Platform (CSP). This patch is very important, CISCO urges all customers who run CSP 2100 software to install the 2.1.0 update that addresses a “high” risk remote code execution flaw. The CISCO Cloud Services Platform (CSP) is […]

Following an investigation by Pen Test Partners, British Telecom (BT) has released a firmware upgrade for their popular range of Wi-Fi extenders. The investigation uncovered vulnerabilities within the firmware when left the device exposed to possible XSS (Cross Site Scripting) Exploits as well as the ability to change the user’s password without notification. By combining […]

Today I’ll present the hacker Toxic Venom, a member of P.G.A hacking group that is one of the most active teams in this period You  are a popular hacker that has already participated in several hacking campaigns, could you tell me more. I began hacking 5 years ago. I was drawn by the Anonymous collective as […]

Kaspersky Lab presented an investigation on the future of ATM Biometric Skimmers and how cybercriminals could exploit them. A recent investigation by Kaspersky Labs reports that a number of underground sellers are offering skimmers, which have the capability of stealing users biometric data such as fingerprints. A number of others are researching iris scanning and […]

Today we will speak with Anonrising freesec, a hacker that is very active online and that is also fighting online terrorism. You are a talented hacker that has already participated in several hacking campaigns, could you tell me more about you. Sure, I’ve been working with OPDdosISIS mainly against ISIS, taking sites down (2013-2015) also Im […]

The Police in the Australian State of Victoria issued a warning to the local population of malware-laden USB drives left in letterboxes. USB drives are a privileged vector of attack, security experts have demonstrated that it is possible to hide malicious code in memory stick that could compromise almost every computer. We are aware that […]

The hosting company OVH was the victim of a 1 Tbps DDoS attack that hit its servers, this is the largest one ever seen on the Internet. The hosting provider OVH faced 1Tbps DDoS attack last week, likely the largest offensive ever seen. The OVH founder and CTO Octave Klaba reported the 1Tbps DDoS attack on Twitter […]

According to the popular cyber security experts an unknown nation state actor may be running tests for taking down the entire internet infrastructure. What happens if someone shuts down the Internet? Is it possible? Our society heavily depends on technology and the Internet is the privileged vector of the information today. Blocking the Internet could […]

Microsoft encourages Windows users to remove the Windows Journal application by following the steps found in Microsoft update KB3161102. Microsoft has removed the Windows Journal application from its OSs due to the presence of multiple security flaws that can be exploited by hackers through specially crafted Journal files (.jnt) which are used to store notes […]

The hosting provider OVH continues to face massive DDoS attacks launched by a botnet composed at least of 150000 IoT devices. Last week, the hosting provider OVH faced 1Tbps DDoS attack, likely the largest one ever seen. The OVH founder and CTO Octave Klaba reported the 1Tbps DDoS attack on Twitter sharing an image that lists the […]

Cisco issued a security advisory about a vulnerability, tracked as CVE-2016-6406, affecting the Email Security Appliance Internal Testing Interface. Cisco Systems reported the existence a vulnerability (CVE-2016-6406) in the email security appliances that could be exploited by a remote unauthenticated attacker to gain complete control of the security solution. The vulnerability is related the Cisco IronPort AsyncOS […]

The notorious zero-day broker company Zerodium has raised the value for a remote IOS jailbreak that reached $1.5 million. The popular zero-day broker Zerodium, which is specialized in Buys and Sells zero-day exploits, has tripled the bug bounty for a remote iOS 10 exploit. The company is willing to pay a jailbreak vulnerability to US$1.5 million. […]

If you have a D-Link DWR-932 B LTE Wireless router you need to know that it is affected by more that 20 security issues, including backdoor accounts. D-Link ‘s DWR-932B LTE router and access point has been found vulnerable to a number of backdoors as well as a default WPS (Wi-Fi Protected Setup) PIN. Security […]

Researchers devised two correlation attacks, dubbed DefecTor, to deanonymize Tor users using also data from observation of DNS traffic from Tor exit relays. Law enforcement and intelligence agencies dedicate an important commitment in the fight of illegal activities in the Dark Web where threat actors operate in a condition of pseudo-anonymity. A group of security researchers at […]

Cisco Talos Team disclosed a zero-day flaw affecting the JPEG 2000 image file format parser implemented in the OpenJPEG library.  Security experts at Cisco Talos group have discovered a serious vulnerability (TALOS-2016-0193/CVE-2016-8332) affecting the JPEG 2000 image file format parser implemented in OpenJPEG library. An attacker could exploit the flaw to trigger the heap corruption and execute […]

The UK Government confirms the opening of the UK first national anti-cybercrime centre, the National Cyber Security Centre (NCSC). UK confirms to be one of the most advanced countries on cyber security and announce the imminent opening of the UK’s first national anti-cybercrime centre, the National Cyber Security Centre (NCSC). The anti-cybercrime centre will open in London […]

According to the Government of the South Korea, the county military cyber command was hacked last month in the attempt to infect the vaccine routing server. The Government of Seoul revealed that its cyber command center was hacked last month. The South Korean experts have found evidence of the malware in the systems at the cyber command […]

The notorious hacker Peace_of_Mind has hacked and defaced the official hacking and trading forum w0rm.ws and doxed its alleged owners. ‘Peace_of_Mind‘ (PoM) is a very active actor in The Real Deal Market and The Hell black markets, he offered for sale the dumps from clamorous data breaches, including Yahoo, LinkedIn and MySpace The w0rm.ws a famous hacking platform, it is an ‘invite only’ […]

Hackers could use Insulin Pumps as weapons, this is not a sci-fi movie, but a disconcerting reality. The OneTouch Ping insulin pumps manufactured by Animas, a company owned by Johnson & Johnson, are affected by multiple several vulnerabilities that can be exploited by remote hackers to harm the diabetic patients who use them. While the security […]

A joint operation of international law enforcement agencies allowed the arrest of suspected Lizard Squad Hackers in the US and Netherlands. Law enforcement in the US and in the Netherlands have arrested last month two teenagers suspected of being members of the dreaded hacking groups Lizard Squad and PoodleCorp. Both hacking teams are known for powerful […]

X.Org released patches and updates to fix several flaws found in many client libraries that could be exploited to cause DoS and escalate privileges. X.Org is a widely used open-source implementation of the X Windows System (aka X11 or X-Windows) that is the graphical windowing system adopted by Unix and Linux operating systems. A set […]

Security experts have discovered more than 500,000 vulnerable Internet of Things (IoT) devices that could be potentially recruited in the Mirai botnet. In the last weeks, security experts observed two of the powerful DDoS attacks of ever that hit the hosting provider OVH and the websites of the popular security expert Brian Krebs. Malware researchers believe that the […]

Cisco has rolled out several critical software patches for the CISCO Nexus 7000-series switches and the related NX-OS software. According to the Cisco Security Advisory, an attacker could exploit the vulnerabilities to gain remote access to vulnerable systems and execute code or commands. According to Wednesday’s Cisco Security Advisory, both the Nexus 7000 and 7700 […]

The security researcher Matt Weeks discovered a way to abuse the Microsoft Just Enough Administration (JEA) technology to escalate user profiles. Just Enough Administration aka JEA is a Microsoft technology that enables the delegated administration for carry on task with PowerShell. With JEA in place, it is possible to properly configure a role for administrators giving […]

Simone Margaritelli has done a reverse engineering of the Smarter Coffee IoT Machine Protocol to control the machine from his terminal. What is the lesson? While security industry is stressing the need to adopt a security by design approach for IoT devices, security researchers continue to find flawed and poorly designed smart objects. Clearly, such kind of devices […]

A German nuclear plant suffered a disruptive cyber attack, the news was publicly confirmed by the IAEA Director Yukiya Amano. According to the head of the United Nations nuclear watchdog, the International Atomic Energy Agency (IAEA) Director Yukiya Amano, a nuclear power plant in Germany was hit by a “disruptive” cyber attack two to three […]

MITRE has challenged the security community to devise new methods that could help in detecting rogue IoT devices on a network. The non-profit research and development organization MITRE has challenged security researchers to propose new methods and technologies that could help in detecting rogue Internet of Things (IoT) devices on a network. The goal of […]

The TV5Monde director-general has told the BBC that his TV was almost destroyed by a targeted cyber attack conducted by the Russian APT28 group. On April 2015, the TV5Monde was hit by a severe cyber attack that compromised broadcasting of transmissions across its medium. The attackers also hijacked the Channel TV5Monde website and social media accounts of […]

The security research Dawid Golunski reported a Root Privilege Escalation in the Apache Tomcat (RedHat-based distros) tracked as CVE-2016-5425. Apache Tomcat packages provided by default repositories of RedHat-based distributions (i.e. CentOS, RedHat, OracleLinux, Fedora, etc.) create a tmpfiles.d configuration file with insecure permissions. The configuration file /usr/lib/tmpfiles.d/tomcat.conf could be modified by a member of the tomcat group or by a malicious […]

Cloudflare firm has published a report that analyzes two recent attacks that were powered by large IoT botnets based on the Mirai Threat. The IoT botnets represent one the most dangerous threats in the security landscape, recently we have assisted to cyber attacks powered by these infrastructures that reached magnitude never seen before. The recent DDoS attacks powered […]

Microsoft October security bulletins patch tens of vulnerabilities, including four Microsoft zero-day vulnerabilities that have been exploited in the wild. Microsoft has released its monthly Patch Tuesday update that includes a total of 10 security bulletins, five the flaws addressed by the updates are zero-day vulnerabilities affecting Internet Explorer, Edge, Windows and Office products. They could be exploited by […]

 Blockchain.info, the world’s most popular Bitcoin wallet and Block Explorer service went down this week due to a DNS Hijacking attack. Crypto-currencies continue to be a privileged target of cyber criminals, Bitcoin wallets and services provided by many companies operating in the industries have been targeted by criminal organizations as never before. Blockchain.info, the world’s […]

Attackers are exploiting a recently patched high-severity DoS flaw, tracked as CVE-2016-2776, in the in the popular DNS software in BIND. Last month a vulnerability in the popular DNS software BIND, tracked as CVE-2016-2776, has been patched. The flaw could be exploited by a remote attacker to trigger a DoS condition using specially crafted DNS packets. The […]

Dell issued the SonicWALL Email Security OS 8.3.2 release to address high severity issues that can be exploited to take control of the appliance. Security researchers at Digital Defense discovered multiple vulnerabilities while assessed the SonicWALL Email Security virtual appliance (Version 8.3.0.6149). According to the experts. The flaws could be exploited by attackers to conduct a wide […]

Cisco fixed a critical vulnerability in the Cisco Meeting Server, tracked as CVE-2016-6445,  that allows remote attackers to impersonate legitimate users. A security vulnerability in Cisco Meeting Server, tracked as CVE-2016-6445, could be exploited by attackers to impersonate legitimate users. Experts from Cisco uncovered the vulnerability during a routine security audit of a customer. The hole resides […]

Tor Project and Mozilla are working together to improve the security of Tor users and make harder for attackers to unmask them. Intelligence and law enforcement agencies continue to invest in order to de-anonymize Tor users. In the past, we received news about several techniques devised by various agencies to track Tor users, from the correlation attacks to the hack […]

Akamai Technologies revealed that hackers are exploiting a 12-year-old bug in OpenSSH to hack into millions of IoT devices with SSHowDowN Proxy attacks. IoT devices are a privileged target for hackers, design flaws and wrong configurations open to the attackers. Recently we read about massive DDoS attacks powered by huge botnets powered by hundreds of […]

A Microsoft security duo released a new tool dubbed NetCease designed to make hard for attackers to conduct reconnaissance. Microsoft experts have released a tool dubbed NetCease that was designed to make hard reconnaissance activities of hackers. The NetCease tool was developed by two researchers of the Microsoft Advanced Threat Analytics (ATA) research team, Itai Grady and Tal Be’ery. The […]

Symantec observed a significant increase in the number of email-based attacks using malicious Windows Script File (WSF) attachments. Experts from Symantec are observing a significant increase in the number of email-based attacks leveraging malicious Windows Script File (WSF) attachments.  Over the past three months, threat actors have adopted the tactic in the wild, mostly criminal […]

NRSC hack – A platform used by the National Republican Senatorial Committee for the donations was hacked and donors’ financial data have been exposed. Other rumors around the Presidential Election, once again, it’s a hacking story in the headlines, the NRSC hack. Donations sent to the National Republican Senatorial Committee (NRSC) between March 16 and October 5, 2016 on […]

The group calling itself The Shadow Brokers who hacked the NSA-linked Equation Group announced the launch of a crowdfunding campaign for the stolen arsenal. This summer the hacker group Shadow Brokers hacked the NSA-linked group known as the Equation Group and leaked 300 Mb of hacking tools, exploits, and implants. The Shadow Brokers launched an all-pay auction for the full archive containing the […]

“VeraCrypt is much safer after this audit, and the fixes applied to the software mean that the world is safer when using this software.” The security researcher Jean-Baptiste Bédrune from Quarkslab and the cryptographer Marion Videau  have discovered a number of security vulnerabilities in the popular encryption platform VeraCrypt. A new audit of the disk-encryption […]

Experts from the White Fir Design discovered cybe rcriminals exploited a zero-day flaw in an e-commerce plugin for WordPress to upload a backdoor. According to the experts from the firm White Fir Design, crooks exploited a zero-day flaw in an e-commerce plugin for WordPress to upload backdoors to affected websites. The plugin is WP Marketplace, a […]

Experts at ElevenPaths, a Telefonica’s cyber security unit, provided further details on political cyberattacks leveraging on advanced malicious codes. On 19 July at 11pm Ankara time, Wikileaks published the first emails that were grabbed from the Turkish AKP. The organization led by Julian Assange, being in line with its policy on publication of secret information, […]

According to a security researcher, the Trump Organization’s mail servers run on an outdated version of Microsoft Windows Server. Hillary Clinton is over in the storm for the violation of its private email server, even Trump has used the case to attack the rival. The irony of fate, now we are here discussing because also Trump’s staff […]

Information Security experts have discovered an SQL injection zero-day vulnerability in Joomla component ja-k2-filter-and-search. Information Security Researchers Dimitrios Roussis and Evangelos Apostoloudis have discovered an SQL injection vulnerability in component ja-k2-filter-and-search (https://www.joomlart.com/joomla/extensions/ja-k2-search) of Joomla, a popular open-source Content Management System (CMS). This component has been used in various Joomla sites. Through the use of the […]

Czech police, working with the FBI, has arrested a Russian man at a hotel in Prague that is suspected to be involved in the 2012 LinkedIn hack. Czech authorities, with the support of the FBI, have arrested a Russian hacker suspected of conducting cyber criminal activities against the US. “Policemen investigation department of the Criminal […]

A flaw in Intel chips could be exploited to launch “Side channel” attack allowing attackers bypass protection mechanism known as ASLR. A vulnerability in the Intel’s Haswell CPUs can be exploited to bypass the anti-exploitation technology address space layout randomization (ASLR) that in implemented by all the principal operating systems. The ASLR is a security mechanism […]

A group of security experts discovered that the Microsoft Skype Messaging service exposes user keystrokes during a conversation. A group of researchers from the University of California Irvine (UCI) and two Italian Universities discovered that the popular Skype Messaging service expose user keystrokes during a call. The researchers have devised a method to record the acoustic emanations of […]

Experts from Kaspersky have discovered a new APT dubbed FruityArmor APT using a zero-day vulnerability patched this month by Microsoft. A new APT group, dubbed FruityArmor, targeted activists, researchers, and individuals related to government organizations. According to experts at Kaspersky Lab, the FruityArmor APT conducted targeted attacks leveraging on a Windows zero-day vulnerability, tracked as CVE-2016-3393, recently […]

Experts disclosed a new Linux kernel vulnerability dubbed Dirty COW that could be exploited by an unprivileged local attacker to escalate privileges. The security expert Phil Oester discovered in the Linux kernel a new flaw, dubbed ‘Dirty COW‘ that could be exploited by a local attacker to escalate privileges. The name “Dirty COW” is due to the […]

A severe distributed denial-of-service (DDoS) it targeting the Managed DNS infrastructure of cloud-based Internet performance management company Dyn. A severe distributed denial-of-service (DDoS) it targeting the Managed DNS infrastructure of cloud-based Internet performance management company Dyn. Many users of major websites are not able to reach web services such as Twitter, GitHub, The list of affected websites […]

A massive DDoS attack targeted the Dyn DNS service and caused an extended Internet outage. How the attackers powered the attack? Yesterday a massive DDoS attack targeted the DNS service of the Dyn company, one of the most authoritative domain name system (DNS) provider, and caused an extended Internet outage. A large portion of Interner users was not able […]

NewWorldHacking & Anonymous powered the massive DDoS attack against the Dyn DNS service that caused a serious Internet outage for many netizens. The cyber attacks against the Dyn DNS service that affected a huge portion of Internet users in the US is monopolizing the media. IT security experts have no doubts, hackers powered the massive DDoS […]

The popular American hacker The Jester defaced a Russian Government website in retaliation for the recent attacks against US targets. We are in the middle of a battle in the cyberspace, with the advent of Presidential elections experts observed an intensification of the hacking attacks. While hackers target parties and personnel involved in the Presidential campaigns, the US Government threatens Russia is […]

Researchers at InTheCyber firm have discovered a new easy exploitable and dangerous vulnerability affecting messaging systems. InTheCyber – Intelligence & Defense Advisors (www.inthecyber.com), a leader in offensive & Defensive Cyber Security, has discovered in its R&D Labs a new easy and dangerous vulnerability affecting messaging systems. Voicemail caller-id spoofing it’s a quite old flaw. When the […]

The security firm RSA revealed to have discovered in early October, hackers advertising access to a huge IoT botnet on an underground criminal forum. Last week, a massive DDoS attack against the Dyn DNS service, one of the most authoritative domain name system (DNS), caused an extended Internet outage. A large portion of internet users was not able to […]

Recently a massive DDoS attack has disconnected a large portion of users from the Internet, hackers exploited IoT devices. Is your router secure? “Are we ready to live in a world where all devices are exposed to cyber attacks?” That is how I opened my presentation in QurtubaCON16 – cyber security event at Córdoba City (Spain) […]

Researchers demonstrated how to crack GSM A5/1 Stream Cipher using a general-purpose graphics processing unit computer with 3 NVIDIA GeForce GTX690 cards. A group of security researchers from the Agency for Science, Technology and Research (A*STAR), demonstrated that the crypto scheme used in the GSM mobile phone data can be easily hacked within seconds. Actually, […]

The Morphus Labs warns about another major threat, the domain hijacking incident, a threat that can completely subvert your information security strategy. The Morphus Labs warns this week about another major threat. Renato Marinho and Victor Pasknel treated a domain hijacking incident, a threat that can completely subvert your information security strategy. They give details […]

Adobe has issued a security patch for its Flash Player that fixes a critical vulnerability, tracked as CVE-2016-7855, used in targeted attacks. Adobe has released a security update for its Flash Player that address a critical vulnerability, tracked as CVE-2016-7855,  that has been exploiting in the wild by threat actors. According to the security advisory issued […]

CyberX experts at the SecurityWeek’s 2016 ICS Cyber Security Conference disclosed a critical flaw in the Schneider Industrial Firewalls. This week, at the SecurityWeek’s 2016 ICS Cyber Security Conference, researchers at industrial security firm CyberX disclosed several important vulnerabilities. The experts demonstrated how hackers can target ICS systems and passing security measures in places. Among the vulnerabilities disclosed by […]

Massive DDoS attacks caused broadband outages to StarHub customers,it is the first time that Singapore has experienced such an attack on its infrastructure. StarHub in Singapore is the latest victim of a massive DDoS attacks powered with compromised IoT devices against its DNS infrastructure. It seems that hackers used kit owned by its customers, the company mitigated […]

The threat actor behind the Blackgear cyber-espionage campaign that is targeting Japanese entities is the same that hit Taiwan in 2012. According to security experts from Trend Micro, Japanese organizations were targeted in an espionage campaign dubbed Blackgear. Attackers behind the Blackgear appear to be the same that targeted users in Taiwan in 2012, they used […]

Libtiff library is affected by three vulnerabilities but unfortunately one of them, tracked as CVE-2016-8331, is still unpatched. Libtiff is a library for reading and writing Tagged Image File Format (abbreviated TIFF) files and according to the experts from CISCO Talos it is affected by three vulnerabilities. The bugs could be exploited by hackers to hack a […]

A security researcher presented a small hardware named Icarus box that is able to hijack a variety of popular drones mid-flight. It could be very easy to hijack nearly any drone mid-flight by using the hardware presented by the Trend Micro researcher Jonathan Andersson at the PacSec hacking conference in Japan this week. Andersson, who leads […]

Researchers from ENSILO have devised a method, called AtomBombing, to inject malicious code in Windows OS that bypasses modern anti-malware tools. Security experts from ENSILO have devised a method, called AtomBombing, to inject malicious code in Windows operating system that could not be detected by modern anti-malware tools. The Atom Tables are data structures used by the operating system to […]

Security experts observed attackers launching a powerful LDAP DDoS, the new amplification method could peak Terabit-Scale attacks. LDAP DDoS attacks are the novelty in the threat landscape, the Lightweight Directory Access Protocol (LDAP) protocol could be abused to power massive DDoS attacks. The LDAP is an open standard application protocol for accessing and maintaining distributed […]

An 18-year-old man from Arizona, Meetkumar Hiteshbhai Desai, was arrested this week because he is suspected for the severe disruption of 911 service. A few weeks ago, a group of researchers from Ben-Gurion University of the Negev’s Cyber-Security Research Center demonstrated how it is possible to significantly disrupt the US’ 911 emergency call system. An attacker […]

Experts from the firm Sucuri observed a spike in the number of attacks in less than 24 hours after Joomla released patches for two critical flaws. On October 25, Joomla released the version 3.6.4 to fix two high severity vulnerabilities, CVE-2016-8870, and CVE-2016-8869. The first flaw, tracked as CVE-2016-8870, could be exploited by attackers to create user accounts even if […]

The Chinese APT Lotus Blossom is trying to lure victims with fake invitations to Palo Alto Networks’ upcoming Cybersecurity Summit. The Chinese APT Lotus Blossom, also known as Elise and Esile, is behind a new cyber espionage campaign that is trying to lure victims with fake invitations to Palo Alto Networks’ upcoming Cybersecurity Summit. With this […]

Security researchers at CRITIFENCE cyber security labs publicly announced this morning (November 1, 2016) major cyber security vulnerabilities affecting one of the world’s largest manufacturers of SCADA and Industrial Control Systems, Schneider Electric.   The zero-day vulnerabilities dubbed PanelShock, found earlier this year by Eran Goldstein, CTO and Founder of CRITIFENCE, a leading Critical Infrastructure, […]

Google has disclosed a Windows zero-day vulnerability after 7-day deadline it gives vendors when the flaw is actively exploited in the wild by hackers. Google has once again publicly disclosed a zero-day vulnerability affecting current versions of Windows operating system  and Microsoft still hasn’t issued a patch. Yes, you’ve got it right! There is a […]

Experts from ERPScan revealed that a SAP flaw patched in September still impacts more than 900 SAP systems exposed to the Internet. An information disclosure vulnerability in SAP that was patched in September impacts more than 900 SAP systems that are exposed to the Internet. According to the expert Sergiu Popa from Quenta Solutions who reported the […]

Stealth Cell Tower, it is an antagonistic GSM base station concealed in an office printer that could be used for surveillance purposes. Are you angry with your boss or your colleagues? Do you want to spy on them? The engineer Julian Oliver has demonstrated how to do it with a tiny cellphone base station concealed in […]

The security expert Dawid Golunski disclosed critical vulnerabilities in MySQL, MariaDB and PerconaDB can lead fully compromise of servers. Critical vulnerabilities affecting the MySQL, MariaDB and PerconaDB can lead fully compromise of servers. The flaws could be exploited by attackers to arbitrary code execution, root privilege escalation and, of course, server compromise. Dawid Golunski from Legal […]

A DOM-based cross-site scripting vulnerability in the cloud-based development platform Wix.com put million websites at risk. The cloud-based development platform Wix.com is affected by a DOM-based cross-site scripting vulnerability that could be exploited by attackers to gain full control over any website running on the popular platform. Millions of websites hosted on Wix.com are potentially […]

Cisco issued patches for two critical vulnerabilities affecting several products, including Cisco 900 Series Routers and Cisco Prime Home servers. Cisco has issued patches for two critical vulnerabilities affecting several products, including Cisco 900 Series Routers and Cisco Prime Home server and cloud-based network management platform. The company published two security advisories to report the […]

BLACKOPS Cyber (BOC) reported to the authorities that a well-known ISIS hacking team was sharing access links to widely used surveillance systems. BLACKOPS Cyber (BOC), a U.S. based Cyber Intelligence firm, located a new type of threat in October which is indicative of the latest focus of the terrorist organization – technical resource development for […]

At the Black Hat Europe 2016 two security researchers devised undetectable attacks that could be used to hack PLC systems avoid being detected. Security researchers at the Black Hat Europe 2016 have presented a new attack method that could be used to hack programmable logic controllers avoid being detected. programmable logic controllers are essential components for […]

Security researchers demonstrated that a Wrong oAuth 2.0 implementation allows a remote simple hack that exposes more than 1 Billion Android App Accounts. A remote simple hack devised by a group of security researchers threatens an amazing number of Android and iOS apps. An attacker can use the technique to sign into any victim’s mobile […]

Enterprises running Exchange Server using two-factor authentication on Outlook Web Access (OWA) could be hacked due to a design flaw. New troubles for enterprises running Exchange Server, two-factor authentication implementations on Outlook Web Access (OWA) could be easily bypassed due to a design flaw. An attacker can bypass two-factor authentication to access email inboxes, calendars, contacts and […]

Tesco Bank halted all online transactions after a cyber heist affected thousands of its customers. An investigation is ongoing. Tesco Bank is going to adopt a strong measure in response to a cyber attack, the financial institution will freeze customers’ online transactions. The measure was announced by the chief executive Benny Higgins, the bank has admitted […]

WikiLeaks confirmed that the email publication server suffered a massive DDoS attack since it published a new set of DNC hacked emails dubbed as DNCLeak2. A couple of days before the 2016 Presidential election, WikiLeaks has published a new set of emails hacked from the Democratic National Committee (DNC). The new set, dubbed DNCLeak2, includes 8,200 emails, the […]

Carnegie-Mellon CERT warns of a flawed implementation of HNAP in D-Link routers (CVE-2016-6563) that could be exploited for remote execute code. According to the Carnegie-Mellon CERT the implementation of the Home Network Automation Protocol (HNAP) of D-Link routers is affected by a stack-based buffer overflow vulnerability tracked as  CVE-2016-6563. The flaw could be exploited by a […]

Microsoft has issued a security patch that fixes the zero-day vulnerability tracked as CVE-2016-7255 exploited by Russian hackers. Microsoft has issued security patches that fixed also the zero-day vulnerability exploited by Russian hackers. One of the zero-days tracked as CVE-2016-7255  has been patched in the MS16-135 bulletin that also addresses two information disclosure and three […]

The residents in two apartment buildings Finland faced more that a week of serious problem due to a DDoS attack that targeted the building control systems. What does a DDoS with everyday life? The recent attack against the Dyn DNS service powered by an IoT botnet demonstrated the weakness of modern society to cyber threats. Anyway, to better explain […]

The effects of cyber-attacks against SCADA/ICS are well known, however, there is a great confusion when dealing with mitigation techniques. The Majority are aware of the impact cyber-attacks can have on Industrial Control Systems however, the reality in terms of mitigation techniques are shrouded with confusion and a reactive approach. Recent 0-day vulnerability dubbed as […]

Siemens released security updates and temporary fixes to fix a privilege escalation flaw, tracked CVE-2016-7165, that affects several industrial products. Siemens has released security updates and temporary fixes to address a privilege escalation vulnerability, tracked CVE-2016-7165, that affects several industrial products. The flaw could be exploited by attackers to escalate their privileges if the flawed products […]

The OpenSSL Project has released the OpenSSL 1.1.0c update that addresses several vulnerabilities, including a high-severity DoS flaw (CVE-2016-7054). The OpenSSL Project has released an update for the 1.1.0 branch (OpenSSL 1.1.0c) to fix a number of vulnerabilities. One of the issues solved with the update is the high severity denial-of-service (DoS) flaw CVE-2016-7054 that […]

At PwnFest 2016, hackers compromised Windows 10’s Microsoft Edge web browser in just 18 seconds and devised the first attack on VMware Workstation 12.5.1. This week, at the PwnFest 2016 contest held at the Power of Community security conference in Seoul, hackers compromised Microsoft Edge operating on Windows 10 Red Stone 1 and for the first […]

BlackNurse attack allows to power massive DDoS attacks that are able to knock large servers offline with limited resources. Researchers discovered a simple method, called BlackNurse attack, to power massive DDoS attacks that could allow lone attackers to knock large servers offline with limited resources. “This attack is not based on pure flooding of the internet connection, […]

VMware has patched a critical out-of-bounds memory access vulnerability, tracked as CVE-2016-7461, affecting its Workstation and Fusion products. The flaw, that resides in the affects the drag-and-drop function, can be exploited by attackers to execute arbitrary code on the host operating system running Fusion or Workstation. The security vulnerability affects Workstation Player and Pro 12.x, and […]

The Dutch hacker Sven Olaf Kamphuis who was charged for Spamhaus attack, a massive DDoS attack, will not spend any time in the jail. The Dutch hacker Sven Olaf Kamphuis who was charged for the massive DDoS attack against the  anti-spam group Spamhaus, the biggest attack of ever, escaped prison Monday. The Spamhaus Project is an international nonprofit […]

The CVE-2016-4484 vulnerability can be exploited to gain a Linux Root shell by simply pressing the Enter Key for 70 Seconds. It could be quite easy to bypass the authentication procedures on some Linux systems just by holding down the Enter key for around 70 seconds. In this way, it is possible to open a shell […]

For the second time this year, the hacker group OurMine breached one of the online accounts of the Facebook CEO Mark Zuckerberg. For the second time, this year hackers seems to have breached the Facebook CEO Mark Zuckerberg. The notorious hacking group known as OurMine has claimed credit for hacking Mark Zuckerberg’s online accounts. The news […]

Samy Kamkar has created a new hacking tool, dubbed PoisonTap, to easily hack into a password-protected computer. PoisonTap is a new hacking tool that could be used by attackers to easily access to a password-protected computer, hijack all its Internet traffic, and also install backdoors. Try to imagine who is the hacker behind this new tool? […]

Today we will speak with Kapustkiy, which continues to be in the headlines due to the recent strings of attacks against embassies. Kapustkiy is a pentester that is targeting organizations and embassies across the world. Recently he breached the Paraguay Embassy of Taiwan (www.embapartwroc.com.tw), while a few days ago the hacker and his friend Kasimierz (@Kasimierz_) hacked the Indian Embassies […]

Drupal developers have released updates for versions 7 and 8 that fix security issues which could expose websites to cyber attacks. The Drupal development team has released security updates for versions 7 and 8. The updates fix security vulnerabilities that could expose websites running on the popular CMS and data they manage to security risks, […]

The GeekedIn recruitment project scraped user data from GitHub and other similar websites, but data were inadvertently leaked online. The popular security expert Troy Hunt, who operates the data breach notification service the owner ‘Have I Been Pwned,’ recently received a 600 Mb MongoDB backup file containing data from a tech recruitment website called GeekedIn. […]

The hackers of the Darksec crew have breached into the website of the Canadian Government (http://www.cic.gc.ca/) and plan to leak data online. The number of data breaches continues to increase, the criminal underground is fuelled by billion of harvested credentials. A couple of days ago the Darksec hackers (@DarkSecHackers) who told me that his crew was planning […]

The ICS-CERT has published two security advisories to describe a number of flaws in surveillance products from Moxa and Vanderbilt firms. Surveillance systems produced by Moxa SoftCMS and IP cameras manufactured by Vanderbilt are affected by serious vulnerabilities that can be exploited by remote attackers to obtain full control of flawed systems. The ICS-CERT has published a […]

The security expert Michele Orru from FortConsult has released an automated phishing toolkit dubbed ‘PhishLulz’ for penetration testing activities. The security expert Michele Orru from FortConsult, aka @antisnatchor, has released an automated phishing toolkit dubbed ‘PhishLulz’ for penetration testing activities. The PhishLulz tool was presented at the Kiwicon hacking event held Wellington New Zealand last week. PhishLulz is […]

Canada Armed Forces recruitment website was taken down after it was hacked and would-be recruits are redirected to a Chinese government page. The Canadian Armed Forces recruitment website was hacked last week, visitors have been redirected to the Chinese government’s main page instead of the legitimate website. According to CTV television, anyone trying to sign […]

The Tropic Trooper APT continues to target Asia, this time government Taiwanese organizations and companies in the energy sector. The Tropic Trooper APT that has been active at least since 2012, it was first spotted last year by security experts at Trend Micro when it targeted government ministries and heavy industries in Taiwan and the military in the Philippines. Now […]

Speake(a)r attack – Security researchers have demonstrated how to turn headphones into a microphone to spy on all target conversations A group of security researchers at Ben Gurion University have demonstrated that it is possible to turn headphones into a microphone to spy on all target conversations in the background without raising suspicious. The team […]

A researcher released a PoC exploit for the cve-2016-9311 flaw that can cause the crash of the NTP daemon and triggers a DoS condition on Windows systems. The NTP protocol could be exploited by hackers as an attack vector. The NTP is a networking protocol widely used  for the clock synchronization purpose between systems over packet-switched, […]

A group of researchers from the security firm Promon has demonstrated how cyber criminals could take control of the Tesla Car and steal it. A group of security experts from security firm Promon has demonstrated how to exploit the Tesla app (for both Android and iOS) to locate, unlock and steal a Tesla Model S. The […]

The European Commission was the victim of a massive DDoS attack that brought down its internet access for hours on Thursday. A massive DDoS attack targeted the European Commission website, fortunately, according to an official statement from the organization the internal security team repelled the attack without damages. The experts from the European Commission confirmed that some servers […]

Kapustkiy hacked the High Commission of Ghana & Finland in India, he also confirmed to have joined the Powerful Greek Army hacked crew. Last week, the hacker Kapustkiy, one of the most active hackers at this moment, hacked the India Regional Council, today he sent me a message to announce to have hacked the High Commission […]

Bounty hunter Kevin Roh has discovered several security vulnerabilities in the Uber UberCENTRAL Tool that exposed user data. Security expert and bounty hunter Kevin Roh has discovered several security vulnerabilities in Uber’s UberCENTRAL Tool that exposed user data. The UberCENTRAL service was launched in July, according to the company it is a dashboard that enables any business to request, manage, […]

Last week, unknown attackers hacked the computer systems of the San Francisco’s Municipal railway giving riders a free ride all day on Saturday. Last week, hackers crashed the computer system of the San Francisco’s Municipal railway, unknown attackers took offline the ticket kiosks offline and gave riders a free ride all day on Saturday, until […]

The Japanese Government is investigating a reported security breach suffered by the High-speed Defence Information Infrastructure (DII) network. The Defence Information Infrastructure is a high-speed large-capacity communication network connecting SDF bases and camps. The Defence Information Infrastructure comprises two distinct networks, one connected to the Internet and an internal network. The security breach took place […]

Deutsche Telekom confirmed that more than 900,000 routers began to have serious problems connectivity problems due to a cyber attack. More than 900,000 routers belonging to Deutsche Telekom users in Germany were not able to connect to the Internet due to an alleged cyber-attack. The affected routers were used by the Deutsche Telekom customers also […]

Security experts who conducted an audit on cURL discovered nearly a dozen vulnerabilities that were patched in the last release. The cURL (read “see URL”) is an open source command line tool and library designed for transferring data through various protocols. The cURL is included in a wide range of applications, including networking devices, printers, smartphones, IoT devices […]

Roughly 26,500 accounts of the UK National Lottery players were accessed by cybercriminals, authorities are investigating the case. According to the operator Camelot, roughly 26,500 accounts of the UK National Lottery players were accessed by cybercriminals. The security breach was spotted on November 28th during a routine online security monitoring. “We do not hold full debit card […]

According to a report published by the threat intelligence firm Recorded Future cybercriminals earn between $1,000 and $3,000 a month. How much money earns a cyber criminal? According to a report published by the threat intelligence firm Recorded Future crooks earn between $1,000 and $3,000 a month, but one of five earns $20,000 a month or […]

Ill-intentioned could destroy everything using the USBKill device, including gaming console, mobile devices, Google Pixel and also circuits in modern cars. Ill-intentioned could destroy everything using the USBKill device, including gaming console (Xbox One, PS4), mobile devices, Google Pixel and also circuits in modern cars. The USBKill is manufactured by the Hong Kong-based technology manufacturer USBKill.com, it is […]

The hacker Kapustkiy has breached the Venezuela Army and leaked 3000 user records containing personal information such as names, emails, and phones. We left the young hacker Kapustkiy after his hack at the High Commission of Ghana & Fiji in India when he also confirmed to have joined the Powerful Greek Army hacked crew. The hacker breached […]

According to the FSB unnamed foreign hackers are planning to undermine Russian Banks with cyber attacks and PSYOPS via social media. The Kremlin is accusing unnamed foreign hackers of plotting to undermine the Russian banks in the country. The Russian Government believes that foreign powers plan to conduct a PSYOps to destabilize the banks. Hackers […]

A group of security researchers discovered a new method dubbed Distributed Guessing Attack to hack VISA credit card in just 6 seconds. A group of security researchers from the Newcastle University devised a method to hack VISA credit cards is just six seconds. The technique relies on a Distributed Guessing Attack in which online payment websites […]

The Russian state-controlled bank VTB confirmed that its websites had been targeted by a cyber attack. It is the last attack in order of time. The Russian state-controlled bank VTB confirmed that its websites had been targeted by a cyber attack. The VTB is the second largest bank in the country. Fortunately, the defenses of the […]

Nintendo presented its bug bounty program for 3DS consoles, the company is willing to pay between $100 and $20,000 for vulnerabilities found in the product. Good news, Nintendo joins the club of the “bug bounty program,” companies that decide to exploit this mechanism to involve ethical hacking communities. The company is the last in order of […]

Nintendo presented its bug bounty program for 3DS consoles, the company is willing to pay between $100 and $20,000 for vulnerabilities found in the product. Good news, Nintendo joins the club of the “bug bounty program,” companies that decide to exploit this mechanism to involve ethical hacking communities. The company is the last in order of […]

The North Korean operating system Red Star OS isn’t hacker proof, researchers demonstrated that it can be easily hacked remotely. Red Star OS is an operating system used by the population in North Korea. According to two German researchers from the IT security company ERNW who analyzed it early this year, it is characterized by a high […]

Many Sony cameras could be hijacked by hackers and infected with Mirai-like malware due to the presence of a sort of secret backdoor. Sony has closed a sort of debug backdoor that was spotted in 80 web-connected surveillance cameras. The hardcoded logins in the firmware of the Sony cameras can be exploited to hijack the […]

In November, an unknown attacker hacked the computer systems of the San Francisco’s Municipal, now an individual hacked back the San Francisco Muni hacker. A couple of weeks ago, an unknown attacker hacked the computer systems of the San Francisco’s Municipal railway giving riders a free ride all day on Saturday. Now the same hacker seems […]

A security expert discovered a serious five-year-old privilege-escalation vulnerability, tracked as CVE-2016-8655, that affects every Linux distro. In October, the security expert Phil Oester discovered a flaw in the Linux kernel, dubbed ‘Dirty COW‘ that could be exploited by a local attacker to escalate privileges. The name “Dirty COW” is due to the fact that it’s triggered by a […]

Security firm’ Eioneus Systems’ claims to have found a serious security flaw in Universal Account Number(UAN) website (India). In a recent incident an information security firm’ Eioneus Systems’ claims to have found a serious security flaw in Universal Account Number(UAN) website (India) which could have led to the theft of millions of user’s data. Eioneus Systems […]

On Tuesday night, a group of unknown hackers took control of the Israeli TV broadcast Channel 2 and played Muslim call to prayer. On Tuesday night, a group of hackers took control of an Israeli news Channel 2 and played Muslim call to prayer. The hackers want to protest a controversial bill that limits the […]

The Finnish security expert Jouko Pynnönen discovered a vulnerability in the Yahoo email service that allowed hackers to read anyone messages. A vulnerability in the Yahoo email service allowed hackers to read anyone messages. The giant IT has recently patched the flaw that was discovered by Jouko Pynnönen, a Finnish Security researcher from security firm Klikki […]

Alleged Asian hackers have targeted the German heavy industry giant ThyssenKrupp to steal company secrets. Hackers from Southeast Asia targeted the German heavy industry giant ThyssenKrupp in the attempt of obtaining “technological know-how and research results.” The news was announced on Thursday by a company spokesman that confirmed a report in the Wirschaftswoche weekly and added that the company […]

Enjoy the interview with Gabriel Bergel  (@gbergel), one of the most talented hackers in the wild. Gabriel is an Infosec Rockstar and Viking-Cyborg (he loves Vikings and has had 2 chips inserted in his hands). He is the Founder & organizer of @8dot8, He’s CSO and owner of ‪@hacking4def, He’s CSA of‪ @ElevenPaths, He’s coordinator of ‪@info_CCI and […]

A Turkish hacker is advertising into the hacking underground a new DDoS platform, dubbed Surface Defense (Translation to English). According to the security firm Forcepoint the hacker started prompting the DDoS platform in Turkey. He was offering a tool known as Balyoz, the Turkish word for Sledgehammer, that can be exploited by hackers to launch […]

Experts at the Nuclear Industry Summit (NIT) explained how to reduce the risk of damaging cyberattacks at nuclear facilities. The threat of cyber attacks on nuclear power plants and other nuclear facilities is substantial and on the increase, according to experts at the Nuclear Industry Summit, held earlier in the year. Hackers are becoming more […]

Waiting for security patches, the CERT/CC suggests to stop using Netgear R7000 and R6400 routers to avoid being hacked. Other routers potentially exposed. IoT devices are privileged targets for threat actors, the Mirai botnet is the demonstration of the effects of a massive attack powered with smart objects, including routers, CCTV and DVRs. Now the security experts […]

A PricewaterhouseCoopers SAP software, the Automated Controls Evaluator (ACE), is affected by a critical security flaw that could be exploited by hackers. A software developed by PricewaterhouseCoopers for SAP systems, the Automated Controls Evaluator (ACE), is affected by a critical security flaw. The vulnerability was discovered by the security firm ESNC who analyzed the tool. The Automated Controls […]

Experts from the Tor project have launched an early alpha version of Sandboxed Tor Browser 0.0.2. to protect users’ anonymity. Experts from the Tor project have launched an early alpha version of Sandboxed Tor Browser 0.0.2. The Sandboxed Tor Browser aims to isolate the Tor Browser from other processes of the operating system in order to limit its ability […]

A security flaw was discovered in some NetGear routers that could be easily exploited by a remote attacker to gain root access on the device and remotely run code. Some versions of Netgear routers remain affected by a security flaw that could be exploited by hackers to gain root access on the device and remotely […]

Intel Security McAfee VirusScan Enterprise for Linux is affected by ten vulnerabilities that can be chained for remote code execution with root privileges. The security expert Andrew Fasano discovered multiple vulnerabilities in the Intel Security’s McAfee VirusScan Enterprise solution for Linux, one of them can be chained by attackers to gain root privileges and remote execute code. Mr. […]

Adobe issued security patches that address multiple flaws in 9 products, including fixes for zero-day vulnerabilities that has been exploited in the wild. Adobe has issued security updates to fix vulnerabilities in nine products, including patches for zero-day flaws that has been exploited in targeted attacks. The version 24.0.0.186 of Flash Player addresses 17 vulnerabilities, some of them can […]

Experts from Trustwave discovered an authentication bypass vulnerability affecting the Mac version of Skype, experts classified it as a Skype backdoor. Security experts from Trustwave have discovered a backdoor in the Mac version of Skype. The flaw, aAn authentication bypass vulnerability, affects the Desktop API that could be used by third-party apps to implement a Skype communication. […]

The black hat hacker Cryptolulz broke into the database of the website of Russian embassy of Armenia (www.embassyru.am) and leaked data. The black hat hacker Cryptolulz, a former member of the Powerful Greek Army, hacked the website of Russian embassy of Armenia (www.embassyru.am). “I would like to tell you that I have successfully penetrated the site” […]

Security researchers discovered a new phishing campaign leveraging Punycode and a bug in Office 365 defense systems to deceive victims. Office 365 business email users continue to be the target of phishing campaigns, a new wave of attacks was leveraging Punycode to avoid detection of Microsoft’s default security and desktop email filters. Punycode is a method added […]

The BlackEnergy hacker group that targeted the Ukrainian grid one year ago, now identified as TeleBots, are targeting Ukrainian banks. The BlackEnergy hacker group that targeted the Ukrainian grid one year ago causing a power outage in the country are now targeting Ukrainian banks. The Ukrainian government accused Russia of being involved in the attack, […]

The Shadow Brokers group has changed the model of sale, it has put up the NSA’s hacking arsenal for direct sale on an underground website. The Shadow Brokers – Summary of the events We have seen the notorious hacker group at the end of October, when the hackers leaked a fresh dump containing a list of servers that […]

 Cryptolulz666 is back targeting government websites to demonstrate that it is very simple for hackers to bring down them with DDoS attacks. A few days ago a reported the attack conducted by the black hat hacker Cryptolulz ( @Cryptolulz666), a former member of the Powerful Greek Army, who hacked the website of Russian embassy of Armenia (www.embassyru.am). […]

The exploitation of the CrashDB code injection issue could allow an attacker to remotely execute arbitrary code on machines running Ubuntu Linux distro. New problems for Ubuntu Linux distribution, the security expert Donncha O’Cearbhaill discovered a critical vulnerability that could be exploited by a remote attacker to compromise a target computer using a malicious file. The vulnerability, a […]

A hacker devised a $300 device, dubbed PCILeech, that could be exploited by an attacker to gain full control of a Mac or MacBook. The Swedish hacker and penetration tester Ulf Frisk has devised a $300 device, dubbed PCILeech, that could be exploited by an attacker to gain full control of a Mac or MacBook. The device is able […]

Cryptolulz666 is once again in the headlines, this time he hacked the Indian Institute of Technology – IIT Bombay, one of the best Indian colleges. Cryptolulz666 is back, now he hacked the Indian Institute of Technology – IIT Bombay, one of the best Indian colleges, that has a current world rank of 200. The hacker broke into the database of […]

Security experts observed malvertising campaign leveraging the DNSChanger malware to compromise multiple models of home routers. The Christmas season can be the busiest time of the year for online shopping in many countries. Researchers at Proofpoint have recently announced the discovery of a new and improved version of the DNSChanger Exploit Kit. “Since the end […]

The security expert Chris Evans has disclosed a zero-day exploit successfully tested on Ubuntu and Fedora distributions that may affect other distros. The security expert Chris Evans has disclosed a zero-day exploit for Ubuntu and Fedora distributions. The flaw is a full drive-by download exploit that may impact also other Linux distributions. The researcher successfully the full […]

The Russian-speaking hacker Rasputing was attempting to sell the allegedly stolen login credentials from the US Election Assistance Commission (EAC). According to the security firm Record Future, a Russian-speaking hacker was offering for sale stolen login credentials for a U.S. agency that tests and certifies voting equipment, the U.S. Election Assistance Commission (EAC). The EAC Agency […]

Security experts from Wordfence observed a huge increase in Brute Force attacks in the last three weeks. The security firm Wordfence is warning the WordPress community of a spike in the number of brute force attacks against websites running WordPress. has increased significantly in December compared to the previous period. The researchers observed brute force attacks […]

A cyber attack against the Government Ukraine energy company Ukrenergo may be the root cause of power outage that occurred in Ukraine late on Saturday. A new cyber attack may be the root cause of power outage that occurred in Ukraine late on Saturday. According to the Ukraine energy company Ukrenergo, the power outage occurred at the midnight between […]

A researcher at IOActive disclosed several vulnerabilities found in Panasonic Avionics in-flight entertainment, aka IFE systems. The in-flight entertainment (IFE) and communications systems manufactured by Panasonic Avionics are among the most common components in the aviation industry. According to data provided by the company,  it has delivered more than 8,000 in-flight entertainment and communications systems and […]

Google released the Project Wycheproof, an open source tool designed to test most popular cryptographic software libraries against known attacks. Google presented the Project Wycheproof, an open source Crypto Library Testing Tool that was launched to allow development teams to discover security vulnerabilities in popular cryptographic software libraries. “Project Wycheproof tests crypto libraries against known attacks. It is […]

The OurMine crew has hacked the Netflix US Twitter account (@Netflix) to post tweets promoting its website and hacking services. On Wednesday, hackers belonging to the OurMine group hijacked the Netflix’s US Twitter account (@Netflix). OurMine took over the Twitter account to promote its website. The incident is very serious, considering that the Netflix US Twitter account has 2.5 […]

Many Groupon customers reported massive theft after crooks have placed orders in their name by using victims’ credentials likely retrieved elsewhere. Fraudsters are targeting Groupon users stolen thousands of pounds from their bank accounts. Many customers reported a massive theft after crooks placed orders in their name by using victims’ credentials likely retrieved elsewhere. Hackers take over the […]

An expert found flaws in NETGEAR WNR2000 routers that could be remotely exploited by an attacker to take full control of the affected device. The security expert Pedro Ribeiro discovered vulnerabilities in NETGEAR WNR2000 Routers, including a zero-day flaw, that could be exploited remotely to take full control of the device if remote administration is enabled. […]

Cisco is warning customers about a critical privilege escalation flaw that has been exploited in attacks against the Cisco CloudCenter Orchestrator systems. Cisco has warned its customers of a critical privilege escalation flaw in Cisco CloudCenter Orchestrator systems, tracked as CVE-2016-9223, that has been exploited in cyber attacks. The Cisco CloudCenter is a hybrid cloud management […]

The servers of the Steam gaming platform and Origin are down. Phantom Squad and PoodleCorp are claiming responsibility for the attacks. It’s holiday time and hackers can transform this period in a nightmare for gamers. Two years ago Lizard Squad hackers took down the networks of Sony PSN and Microsoft XBox Live. Now the notorious Phantom Squad […]

Christmas time is a critical period for the gaming industry that is threatened by hackers that want to paralyze their services with massive attacks. Yesterday I reported the DDoS attacks launched by Phantom Squad and PoodleCorp against Steam and Origin Servers, and unfortunately they are not alone. Hackers threaten to take down Xbox Live and PSN […]

The notorious white hat hacker Kapustkiy hacked the Russian Visa Center in the USA and accessed information of around 3000 individuals. The Russian Visa Center is an organization that helps Americans to obtain Russian Visa, this morning the white hat hacker Kapustkiy informed me that he broke into the database its website and accessed data of around […]

@cripthepoodle is one of the members of the dreaded PoodleCorp hacker crew recently he targeted Steam platform, let’s him meet. You are a talented hacker that is very active online, could you tell me more about you. Could you tell me which his your technical background and when you started hacking? I started to get […]

A security expert discovered a critical vulnerability in the PHPMailer that leaves millions of websites vulnerable to remote exploit. A critical vulnerability, tracked as CVE-2016-10033, affects PHPMailer, one of the most popular open source PHP libraries used to send emails. It has been estimated that more than 9 Million users worldwide leverages on this library. Millions […]

Hackers compromised the Sony Music Entertainment Twitter account and posted the messages on Britney Spears’s Death. Experts blame OurMine crew. Sony Music Entertainment’s Twitter account was compromised and hackers posted the news of the Britney Spears’s death. “RIP @britneyspears #RIPBritney 1981-2016” and “Britney spears is dead by accident! We will tell you more soon #RIPBritney.” states […]

Let’s speak with PhantomSquad, one of the most active groups of hackers that was involved in recent attacks against the gaming industry. You are a talented hacker that is very active online, could you tell me more about you. Could you tell me which his your technical background and when you started hacking? I was beginning […]

According to data provided by IBM Managed Security Services, the number of ICS attacks in 2016 continues to increase worldwide. Industrial control systems (ICS) continues to be a privileged target of hackers. According to IBM Managed Security Services, the number of cyber attacks increased by 110 percent in 2016 compared to 2015. According to the researchers […]

According to the firm SecuriTeam, several ZyXEL customized routers are affected by many vulnerabilities that could be easily exploited by hackers. According to the firm SecuriTeam, multiple ZyXEL customized routers are affected by many vulnerabilities. The devices are distributed by the Thai IPS TrueOnline. The ZyXEL customized routers are offered for free to the customers with default settings, including default accounts […]

Security experts from Kaspersky Lab discovered an interesting one-stop-shop for purchasing hacking goods while investigating activity of a popular RAT. Security experts from Kaspersky Lab discovered an interesting one-stop-shop for purchasing hacking goods. The malware researchers were analyzing traffic from a number of infected machines that appear to be generated by the HawkEye RAT. HawkEye is […]

A security expert discovered a vulnerability in the MONyog tool that could be exploited by a normal user to elevate his privilege access. The security researcher and penetration tester Mutail Mohamed (@muleyl) discovered a vulnerability in the MONyog, the most secure and scalable MySQL monitoring tool of the server monitoring tool. The application URL is https://www.webyog.com/product/monyog and the affected version is MONyog […]

Today I have the pleasure to interview @Firox_, one of the most intriguing characters of the hacking community. You are a popular talented hacker that has already participated in several hacking campaigns, could you tell me more about. Well, unlike most hackers out there, I do not publicly participate in campaigns or operations under this […]

Researchers at the security firm CheckPoint have discovered three fresh critical zero day vulnerability in the last PHP 7. Security researchers at the firm CheckPoint have discovered three fresh critical 0-day vulnerabilities in last PHP 7. These vulnerabilities allow an attacker to take full control over 80 percent of websites which run on the latest release […]

#OpSingleGateway – The hacker Gh0s7 hacked the Thailand’s National Statistical Office (http://nso.go.th) in response to the recent arrests operated by the Government. The hacker Gh0s7 broke into the database of the Thailand’s National Statistical Office (http://nso.go.th ) and leaked data through the Mega service at the following URL https://mega.nz/#!F8o0kCLb!8C30-rqQip7cvKhf-af3xwNX6PXO6KGN9wDEon5XqEs The hacker acted alone, he decides to hack into a […]

The code associated with Russian hacking operation dubbed Grizzly Steppe by the Obama administration infected a laptop at a Vermont utility. Russian hackers are again in the headlines because according to US officials, they hacked a Vermont utility, raising concerns about the security of the electrical grid of the country. Researchers discovered on a laptop a […]

Today I met casually online a hacker that goes online with the moniker @TellingTheFeds.  I desire to share with you, our chitchat. Could you tell me more about you and your past activities?  I’ve done a lot of Covert (Off the record) Activities. I don’t really talk too much about my past, I came from scripting […]

Today I interview the notorious black hat hacker @Docksing, he is an authentic star of the hacking underground. Enjoy it! You are a popular talented hacker that has already participated in several hacking campaigns, could you tell me more about. It wouldn’t be smart to answer that, but if I were to participate, I wouldn’t put […]

Changing travelers flight bookings is too easy. Absolutely astounding the Karsten Nohl research on the insecurity of traveler flight information. The current travel booking systems is deeply insecure, it lacks of cyber security by design and the notorious hackers Karsten Nohl and Nemanja Nikodijevic have demonstrated it at the 33rd Chaos Communications Congress held in Hamburg […]

The security expert Dawid Golunski from Legal Hackers has reported critical RCE flaws in the popular PHP libraries SwiftMailer, PhpMailer and ZendMail. Recently the security expert Dawid Golunski from Legal Hackers has reported a critical RCE vulnerability, tracked as CVE-2016-10033, in one of the popular open source PHP library, the PHPMailer. The critical vulnerability in the […]

A mysterious hacker is breaking into unprotected MongoDB databases, stealing their content, and asking for a ransom to return the data. Co-founder of the GDI Foundation Victor Gevers is warning of poor security for MongoDB installations in the wild. The security expert has discovered 196 instances of MongoDB that were wiped by crooks and being held for […]

Google hacker Tavis Ormandy discovered a serious flaw that affects the Kaspersky antivirus software and the way it manages inspection digital certificates. Experts from Kaspersky are solving a problem that disabled certificate validation for 400 million users. The problem was spotted by the notorious Google hacker Tavis Ormandy, the vulnerability affects the Kaspersky antivirus software […]

One of the most discussed topics these days are the various nefarious uses that a Drone can be put to or just flown where they shouldn’t be. 2016 has been an eventful year bagged with mixed sentiments around the US presidential election, Brexit and Global terrorism striking the World’s news outlets. Simultaneously not far behind […]

Many users speculated about a possible compromise of the address of www.google.com.br. Did someone hack it? Let’s see what has happened. Two days ago, we followed many news and comments regarding the compromise of the address www.google.com.br. At the beginning, many (me included) discredited the news, however, big online portals quickly started to propagate the […]

CyberZeist claims that he hacked the FBI’s website exploiting a zero-day flaw in Plone, but the Plone security team declared the FBI hack is a hoax. Security Affairs was probably the first blog to spread the news of the alleged FBI hack. I was contacted by the notorious hacker CyberZeist, he is very popular in the […]

ClearSky Security discovered a new campaign conducted by the Iranian OilRig APT leveraging digitally signed malware and fake University of Oxford domains. The OilRig hacker group is an Iran-linked APT that has been around since at least 2015. Researchers at Palo Alto Networks have been monitoring the group for some time and have reported attacks launched against government agencies, financial institutions and technology companies in Saudi Arabia, Israel, the United Arab Emirates, Lebanon, Kuwait and Qatar, the United States, […]

Turkish Energy Minister Berat Albayrak believes that power outages in Istanbul and other areas in Turkey have also been caused by cyber attacks. According to Turkish Energy Minister Berat Albayrak, Istanbul and other areas in Turkey have been experiencing power outages since last week. The power outages were caused by sabotage of underground powerlines and cyberattacks originating in […]

A flaw in Brave Browser could be exploited by attackers to trick users into visiting a fake or malicious website to serve either malware or conduct phishing attacks. Brave is an open source project that promises to block Internet greed and ugliness while improving speed and protecting privacy. Basically, it blocks ads containing pixels and cookies […]

According to the Australian Communications and Media Authority Antipodes the number of hacked systems more than double to 27,000 in just a day. MongoDB ransom attacks soar, according to the Australian Communications and Media Authority Antipodes the number of hacked systems more than double to 27,000 in just a day. According to the experts, the […]

The ShadowBrokers is the hacker crew stolen the arsenal of the NSA-Linked Equation Group is offering for sale the stolen NSA Windows Hacking Tools. The ShadowBrokers is the hacker crew that leaked a portion of the arsenal of the NSA-Linked Equation Group, a precious archive containing hacking tools and exploits. At the end of October,  the hackers leaked a fresh […]

Experts at Juniper have discovered that an update for its Juniper SRX firewalls opens a root-level account on the network device. The company started warning its users, every user who issued the “request system software” command with the “partition” option is affected by the issue. The failure of the system update leaves it in a state where root CLI […]

According to the BSI more than 6,000 online stores running eBay’s Magento platform have been hacked across the last two years. According to the Germany’s Federal Office for Information Security, more than 6,000 online stores running eBay’s Magento platform have been hacked across the last two years. Crooks targeted the e-commerce platform in order to steal credit […]

The Internet Systems Consortium (ISC) has issued security updates to address four high severity flaws in the DNS software BIND. The Internet Systems Consortium (ISC) has issued updates to solve four high severity flaws in the DNS software BIND. The flaw could be exploited by a remote attacker to cause a DoS condition. An attacker can […]

Let’s try to analyze some facts about the Italian EyePyramid espionage campaign. Prof. Corrado Aaron Visaggio helped us in this difficult task. The Italian EyePyramid espionage campaign raised to me two simple questions: (i) Are the criminals geniuses or dummies? (ii) How can an old, known, easy-to-detect malware infect so many machines belonging to different […]

According to the release notes the latest version of WordPress 4.7.1 addresses eight security vulnerabilities and other 62 bugs. Wednesday the latest version of WordPress 4.7.1 was released by the WordPress Team, it is classified as a security release for all previous versions. According to the release notes, the new version addresses eight security flaws […]

The popular hacker Kapustkiy hacked a website belonging to the Government of Venezuela in protest against the dictatorship of Nicolas Maduro. The White hat hacker Kapustkiy has hacked the Government of Venezuela and leaked data on Pastebin http://pastebin.com/ud0pewGL. Kapustkiy hacked the website www.gdc.gob.ve by exploiting a Local File Inclusion (LFI) vulnerability in: http://www.gdc.gob.ve/2.0/gui_resources/css/?f=../../../../../../../../../../etc/passwd “I have found a LFI in the […]

A security issue can be used to intercept and read encrypted messages. Is this a WhatsApp backdoor? Which are potential risks? Is the popular messaging service Whatsapp affected by a backdoor? According to a blog post published by The Guardian, the application was affected by a vulnerability that could be exploited by attackers to intercept and read messages. […]

Security experts from FireEye have spotted a new variant of the infamous Ploutus ATM malware that infected systems in Latin America. Ploutus is one of the sophisticated ATM malware that was first discovered in Mexico back in 2013. The threat allows crooks to steal cash from ATMs using either an external keyboard attached to the machine […]

Security experts from Cisco Talos discovered several flaws in the Aerospike Database Server, a high-performance, and open source NoSQL database. Security experts from Cisco Talos have discovered several vulnerabilities in the Aerospike Database Server, a high-performance, and open source NoSQL database. It is used by several major brands for high-performance applications, including Kayak, AppNexus, Adform, adMarketplace and […]

Researchers Exploitee.rs discovered a flaw in Samsung SmartCam IP cameras that could be exploited to execute commands and hijack vulnerable devices. Samsung SmartCam IP cameras are affected by a serious vulnerability that could be exploited by remote attackers to execute commands and hijack vulnerable devices. Samsung Electronics sold the Samsung Techwin security division to the Hanwha […]

On Monday, Russian State Television Channel One leaked online the BBC Sherlock Final episode, the broadcaster blames hackers. On Monday, a Russian state television Channel One blamed hackers for the leak online of the final episode of the BBC drama Sherlock a day before its actual planning. The Russian Channel One was set to transmit the end-of-season […]

The security researcher Pedro Ribeiro disclosed several vulnerabilities in the ZyXEL customized routers that could be easily exploited by hackers. Details on serious vulnerabilities in a number of routers freely distributed by the TrueOnline Thai ISP were published on Monday after private disclosures made to the vendors in July went unanswered. The security researcher Pedro Ribeiro from […]

The infamous Carbanak cybercrime gang is back and is leveraging Google services for command-and-control of its malicious codes. The dreaded Carbanak cybercrime gang is back and is adopting a new tactic for its attacks, it is leveraging Google services for command-and-control of its malware. The criminal organization is named Carbanak cybergang because of the name […]

The US-CERT has issued a warning after the Shadow Brokers hackers have offered to sell what it claims to be an SMB Zero-Day exploit. The United States Computer Emergency Readiness Team (US-CERT) has issued a warning after the Shadow Brokers hacker group has offered to sell what it claims to be an SMB Zero-Day exploit. […]

Cisco Security Team has noticed traces of traffic from the dormant Necurs botnet and they are warning of a possible new massive ransomware spam campaign. Security researchers at Cisco Security Team have noticed traces of traffic from the dormant Necurs botnet and they are warning of a possible new massive ransomware spam campaign. “The research […]

The hacker @Sc0rp10nGh0s7 from the Shad0w Security group has broken in the server of the National Aids Research Institute NARI (India). The hacker @Sc0rp10nGh0s7 from the Shad0w Security crew has broken in the server of the National Aids Research Institute NARI (India). The hacker accessed a more than 1 GB archive containing the results for dozens […]

The New York Times is investigating the hack of its Twitter video account (@nytvideo) that was used to post a fake news on Sunday morning. @nytvideo is the newspaper is the New York Times video account and has more than 250,000 followers on the platform. Yesterday around 9:40 a.m. ET the Twitter account shared a fake news […]

More than two years after the disclosure of the HeartBleed bug, 200,000 services are still affected. Systems susceptible to Heartbleed attacks are still too many, despite the flaw was discovered in 2014 nearly 200,000 systems are still affected. Shodan made a similar search in November 2015 when he found 238,000 results, the number dropped to 237,539 […]

Tavis Ormandy, a security expert at Google Project Zero, has discovered a critical remote code execution vulnerability in the Cisco WebEx browser extension. Google Project Zero researcher Tavis Ormandy has discovered a critical remote code execution vulnerability in the Cisco WebEx browser extension. Cisco’s initial fix does not appear to be complete, which has led to […]

Tavis Ormandy, a security expert at Google Project Zero, has discovered a critical remote code execution vulnerability in the Cisco WebEx browser extension. Google Project Zero researcher Tavis Ormandy has discovered a critical remote code execution vulnerability in the Cisco WebEx browser extension. Cisco’s initial fix does not appear to be complete, which has led to […]

Google announced Gmail will soon stop allowing users to attach JavaScript (.js) files to emails for obvious security reason. Google announced Gmail will soon stop allowing users to attach JavaScript (.js) files to emails for obvious security reason. JavaScripts files, like many other file types (i,e, .exe, .jar, .sys, .scr, .bat, .com, .vbs and .cmd) […]

A hacker discovered a XXE flaw in the EpubCheck library that affects major epub services causing information disclosure and denial of service conditions. The security expert and bug hunter Craig Arendt (@craig_arendt) has discovered flaws in major eBook readers including the ones commercialized by Amazon, Apple, and Google. The expert discovered different XML external entity (XXE) […]

A security researcher has discovered that the President Trump’s Twitter account is exposed to the risk of hack due to security misconfigurations. While the experts are warning the press about the fact that the American President Trump is still using his personal insecure Android smartphone, we have discovered that his Twitter is exposed to the risk […]

A critical flaw tracked as CVE-2017-3792 affects three different models of the CISCO TelePresence MCU platform, MCU 5300 Series, MSE 8510 and MCU 4500. A critical vulnerability tracked as CVE-2017-3792 affects three different models of the CISCO TelePresence MCU platform. Cisco TelePresence MCU platform is a high-definition multimedia conferencing bridge that is widely adopted due to its […]

A security expert discovered a flaw in a ransomware protection service that opened Uber service, and many others, to cyber attacks. The Russian penetration tester Vladimir Ivanov from the security firm Positive Technologies has discovered a vulnerability in anti-ransomware backup service Code42. The flaw could be exploited by attackers to steal data from the organizations using […]

Anonymous declared war to US President-elect Donald Trump, hackers are threatening to expose his alleged affairs with Russians. Anonymous declared war to US President-elect Donald Trump, recently the collective threatened to expose his “financial and personal ties with Russian mobsters.” The group is claiming to have inside information on some of Trump’s dirty affairs with Russians, […]

Hundreds of thousands of Netgear routers are vulnerable to password bypass, the company issued updates only for a number models. An impressive number of Netgear routers is affected by two flaws that can lead to password disclosure. It has been estimated that hundreds of thousand devices, potentially more than one million Netgear routers, could be hacked, by both a […]

Security experts at PaloAlto Networks have observed a new campaign that has been launched by a cyber espionage group known as Gaza Cybergang. Security experts at Palo Alto Networks have uncovered a new cyber espionage campaign conducted by the Gaza Cybergang hacker group, also known as “Gaza Hackers Team” and “Molerats.” On September 2015, security experts at Kaspersky Lab observed an increase […]

An Islamic Jihad master hacker resident in the Gaza strip pleads guilty to hacking into drones belonging to the Israeli Defense Force, faces up to nine years in jail. A resident in the Gaza strip pleads guilty for hacking into drones belonging to the Israeli Defense Force. An Israeli court accepted a guilty plea from Islamic Jihad […]

A group of researchers from the University Alliance Ruhr has found a cross-site printing bug in the old PostScript language. Popular printer models manufactured by Dell, Brother, Konica, Samsung, HP, and Lexmark are affected by security vulnerabilities that could be exploited by hackers to steal passwords, steal information from the print jobs, and shut down the devices. The […]

The Spanish law enforcement claims to have arrested the popular hacker Phineas Fisher, but someone using his email account denied it. Spanish law enforcement has arrested the notorious hacked Phineas Fisher (@GammaGroupPR), the cyber security expert that breached the surveillance firms Hacking Team and Gamma International. In May 2016, Phineas Fisher stole $10,000 from a bank and donated the equivalent […]

A new dangerous Zero-day Content Injection vulnerability has been discovered in the WordPress CMS, it affects the WordPress REST API. A new dangerous vulnerability has been discovered in the WordPress CMS, it is a zero-day content injection flaw in the WordPress REST API. The vulnerability discovered by a security researcher at firm Sucuri could be […]

Dutch Government announced that all ballots in the election next month will be counted by hand in order to avoid any interference due to cyber attacks. Recent US 2016 Presidential Election has given the world an important lesson, foreign hackers are a dangerous threat even for democracy. Recently Franche Defense Minister Le Drian comments expressed concerns […]

Given the high trust we have on Gmail we tend to believe that all messages that fall into our inbox are legit and safe, but there is something to know … 1.    Introduction Taking good care of e-mail messages is certainly among the first recommendations of any information security policy and user awareness program. The involved […]

The experts at Cisco have discovered a critical authentication bypass vulnerability in the Cisco Prime Home during an internal security testing. Cisco has released a security update for CISCO Prime Home remote management and provisioning solution to fix a flaw that could be exploited to authentication bypass. The experts at Cisco have discovered the critical […]

The US-CERT issued a security advisory to warn of a zero-day memory corruption vulnerability in the SMB (Server Message Block) protocol that can be exploited by a remote attacker. The US-CERT is warning of a zero-day memory corruption vulnerability in the SMB (Server Message Block) protocol that can be exploited to cause a denial of service condition or […]

The web-based SCADA system Honeywell XL Web II Controller is affected by multiple flaws that can be remotely exploited to expose passwords in clear text. A popular web-based SCADA system designed by Honeywell is affected by multiple vulnerabilities that can be remotely exploited to expose passwords in clear text. In order to access the password in clear […]

HackerHouse researchers have discovered that media content protected by Digital Rights Management (DRM) can be used to uncloak Windows Tor Browser users. The anonymity of the Tor users is threatened by a new issue related the Microsoft’s DRM. Windows users running the Tor browser can be de-anonymized with a trick based on the Microsoft DRM (Digital Rights […]

A hacker hijacked over 150,000 Printers publicly exposed online to warn owners of cyber attacks. Recently a group of researchers from the University Alliance Ruhr has found a cross-site printing bug in the old PostScript language. Popular printer models manufactured by Dell, Brother, Konica, Samsung, HP, and Lexmark are affected by security vulnerabilities that could be exploited by […]

A study conducted on iOS mobile apps revealed that many of them are affected by security vulnerabilities that expose users to man-in-the-middle (MitM) attacks. A new study confirms that dozens of iOS apps are affected by vulnerabilities that could be exploited by hackers to run man-in-the-middle (MitM) and intercept data from connections even if protected by TLS. […]

F5 Networks BIG-IP appliances are affected by a serious vulnerability, tracked as CVE-2016-9244 and dubbed ‘Ticketbleed’ that exposes it to remote attacks The F5 Networks BIG-IP appliances are affected by a serious flaw, tracked as CVE-2016-9244 and dubbed ‘Ticketbleed’, that can be exploited by a remote attacker to extract the content of the memory, including sensitive […]

F5 Networks BIG-IP appliances are affected by a serious vulnerability, tracked as CVE-2016-9244 and dubbed ‘Ticketbleed’ that exposes it to remote attacks The F5 Networks BIG-IP appliances are affected by a serious flaw, tracked as CVE-2016-9244 and dubbed ‘Ticketbleed’, that can be exploited by a remote attacker to extract the content of the memory, including sensitive […]

A flaw in ESET Endpoint Antivirus is exploitable to get remote root execution on Apple Mac systems via Man-In-The-Middle (MiTM) attacks. According to the security advisory published by Google Security Team’s Jason Geffner and Jan Bee on Seclists, it is possible to get remote root execution on Apple Mac systems via Man-In-The-Middle (MiTM) attacks. The attackers […]

The Singaporean Defence Ministry confirmed that threat actors have breached government systems stealing personal information of its employees. On Tuesday, the Defence Ministry confirmed that unknown hackers have breached government system and have stolen personal information belonging about 850 Singapore national servicemen and employees. Data accessed by hackers includes telephone numbers, dates of birth, and national […]

Zscaler has fixed persistent XSS vulnerabilities affecting Zscaler Cloud management software that allow logged attackers to hack coworkers. Serious cross-site scripting (XSS) flaws in the Zscaler Cloud management software could be exploited by attackers to inject malicious HTML and JavaScript into the browsers of other users who visit the portal. In order to exploit the flaws, the attacker […]

More than 1 million WordPress website are at risk due to a critical SQL injection vulnerability in the NextGEN Gallery plugin. Update it asap. Security experts at Sucuri firm have identified a SQL injection flaw in the WordPress image gallery NextGEN Gallery that could be exploited by a remote to gain access to the targeted website’s backend, including sensitive […]

Dark net webmail provider For the third consecutive week, the popular Tor web email service SIGAINT is unavailable and the real cause is a mystery. SIGAINT is one of the largest web email services on the TOR network that is used to send messages preserving the user’s anonymity. For the third consecutive week, the popular email service is unavailable […]

The researcher East-Ee Security devised a proof of concept bypass of the Google’s reCaptcha V2 verification system dubbed ReBreakCaptcha. East-Ee Security proposed a proof of concept bypass of the Google’s reCaptcha V2 verification system dubbed ReBreakCaptcha. The PoC uses the Google web-based tools for its purpose. According to the author, ReBreakCaptcha “lets you easily bypass […]

Security experts at Trustwave have discovered a hidden backdoor in Internet of Things devices manufactured by the Chinese firm DblTek. Researchers from Trustwave have discovered a backdoor in IoT devices manufactured by a Chinese vendor that is refusing to fix it. The backdoored devices are produced by the VoIP firm Dbltek, the researchers speculate the backdoor was […]

According to Cloudflare, an initial analysis conducted its experts reveals that no personal data was leaked due to the CloudBleed issue. On February 17 the Google Project Zero researcher Tavis Ormandy disclosed a serious bug in Cloudflare infrastructure, so-called Cloudbleed. Ormandy discovered that Cloudflare was leaking a wide range of sensitive information, including authentication cookies […]

Rapid7 released the Metasploit Vulnerable Services Emulator, a new tool that can be used by IT experts to emulate vulnerable services. Which is the best way to protect a system? You need to think of the system in the attacker’s perspective, for this reason, Metasploit has now a new tool that can be used to […]

WordPress 4.7.3 release is out to fix six security issues, but a CSRF vulnerability discovered in July 2016 remains unpatched. WordPress has issued a new security release, the WordPress 4.7.3 release, that addresses six security flaws, including three cross-site scripting (XSS) vulnerabilities.  The flaws were discovered by the security experts Chris Andrè Dale, Yorick Koster, Simon P. Briggs, Marc […]

Researchers discovered serious issues in Western Digital My Cloud NAS that can be exploited by attackers to gain root control of the affected devices. Western Digital Corporation network-attached storage owners were warned of Critical flaws in Western Digital NAS boxes of the My Cloud NAS line could be exploited by remote attackers to gain remote control […]

Researchers have spotted a remote code execution zero-day in Apache Struts 2, the flaw has being exploiting by that threat actors in the wild. Security researchers have spotted a remote code execution zero-day, tracked as CVE-2017-5638, in Apache Struts 2, and the bad news is that threat actors in the wild are already exploiting it. According to […]

The researcher Pierre Kim revealed that more than 185,000 vulnerable Wi-Fi-connected cameras are exposed to the Internet, ready to be hacked. According to the security advisory published by Pierre Kim via Full Disclosure, more than 185,000 vulnerable Wi-Fi-connected cameras are exposed to the Internet, a gift for crooks and hackers. The devices are affected by the following […]

Confide App, the secure messaging app used by staffers in the White House and on Capitol Hill is not as secure as the company claims. Confide is the secure messaging app used by President Donald Trump’s staffers for their secret communication. The official website of the application defines the encryption implemented by the mobile application […]

Confide App, the secure messaging app used by staffers in the White House and on Capitol Hill is not as secure as the company claims. Confide is the secure messaging app used by President Donald Trump’s staffers for their secret communication. The official website of the application defines the encryption implemented by the mobile application […]

The seller that goes online with moniker SunTzu583 is offering 640,000 PlayStation accounts for USD 35.71 (0.0292 BTC), it source is still a mystery. The dark web is the right place where to buy stolen login credentials to major web services, last week the colleagues at HackRead reported the sale of more than 1 million Gmail […]

Cybercriminals hijack Magento Realex Payments extension to steal payment card data. Experts at Sucuri are observing massive attacks. Cybercriminals continue to target Magento platform to steal credit card data. Crooks have been abusing a payment module to steal payment card data from online shops running on Magento e-commerce platform. According to experts at security firm Sucuri, […]

Canada Revenue Agency confirmed it shut down its website for filing federal taxes due to a cyber attack leveraging the CVE-2017-5638 flaw in Apache Struts 2 The Canada Revenue Agency (CRA) confirmed it shut down its website for filing federal taxes after hackers broke into the server at the nation’s statistics bureau. The security breach occurred […]

Turkey vs Holland – Hackers launched a massive hacking campaign that hijacked hundreds of High-Profile Accounts to spread political messages against Holland. A huge number of high-profile Twitter accounts have been hijacked following the recent diplomatic crisis between Turkey and the Netherlands. The hackers posted through many Twitter accounts political messages in the Turkish language including a link […]

A flaw recently fixed in the Linux kernel tracked as CVE-2017-2636 might have been exploited to gain privilege escalation or cause a DoS condition. The security expert Alexander Popov from Positive Technologies has discovered a race condition in the n_hdlc driver that might be exploited by attackers for privilege escalation in the operating system. The vulnerability tracked as CVE-2017-2636, […]

Pwn2Own 2017 is started, as usual, it is a great event to see hackers at work. In the first day, experts hacked Edge, Safari, Ubuntu, and Adobe Reader. Pwn2Own 2017 competition held in Vancouver (Canada) is started, as usual, it is a great event to see hackers at work. In the first day Bug bounty hunters […]

The security expert Matt Nelson has devised a new method that leverages App Paths to bypass the User Account Control (UAC) only on Windows 10. The researcher detailed a bypass technique that is quite differed to the previous ones he devices, the new method “doesn’t rely on the IFileOperation/DLL hijacking approachâ€�. “I’ve previously blogged about two different bypass techniques, […]

After the leak of the CIA Vault7 archive, experts from CISCO warn of Cisco IOS and IOS XE Software Cluster Management Protocol Remote Code Execution flaw. Recently Wikileaks announced it is planning to share with IT firms details about vulnerabilities in a number of their products, the flaw are exploited by the hacking tools and […]

The vendor “SunTzu583” is offering for sale over 20 million Gmail and 5 million Yahoo login credentials on the Dark Web A vendor with the online moniker “SunTzu583” is reportedly selling millions of login credentials for Gmail and Yahoo accounts on a black market in the dark web. Over 20 million Gmail accounts and 5 million […]

Metasploit RFTransceiver extension implements the Hardware Bridge API that will allow organizations to test wireless devices operating outside 802.11 spec. Recently we reported the news of the availability of a new hardware bridge for Metasploit extension to test hardware, including IoT devices. We have to consider that IoT devices are pervading our day life such as into […]

The vulnerability allows any local user, such as “httpdusr” used to run web application, to escalate to Domain Administrator if the NAS is a domain member. Pasquale ‘sid’ Fiorillo from ISGroup (www.isgroup.biz), an Italian Security Company, and Guido ‘go’ Oricchio of PCego (www.pcego.com), a System Integrator, have just released a critical security advisory for any […]

Trend Micro discovered the Chinese threat actor Winnti has been abusing GitHub service for command and control (C&C) communications. Security experts at Trend Micro continue to monitor the activities of the Chinese Winnti hacker group, this time the hackers have been abusing GitHub for command and control (C&C) communications. “Recently, the Winnti group, a threat actor with […]

How much costs a DDoS attack service? Kaspersky Lab published an analysis on the cost of a DDoS attack and services available in the black markets. The DDoS attacks continue to be a profitable business in the cyber criminal underground. Powering a DDoS attack against an organization is even cheaper, running an attack can cost […]

An Internet-Connected Medical Washer-Disinfector, the Miele’s model Professional PG 8528, is affected by a Web Server Directory Traversal. While the number of IoT devices continue to exponentially increase, the level of security of these smart objects is often not adequate end exposes users at risk of cyber attacks. The news of the say is a […]

The Cyber Division of the U.S. Federal Bureau of Investigation (FBI) warns the companies in the healthcare industry of FTP attacks. The Cyber Division of the U.S. Federal Bureau of Investigation (FBI) warns the healthcare industry that malicious actors are actively targeting File Transfer Protocol (FTP) servers of medical and dental facilities that allow anonymous […]

The Google hacker Tavis Ormandy discovered a third flaw in LastPass password manager in a few weeks, the expert provided a few details about the issue. A couple of weeks ago, the notorious Google Project Zero hacker Tavis Ormandy discovered numerous vulnerabilities in the Chrome and Firefox extensions of the LastPass password manager. Wrote a quick exploit […]

The Islamic State-affiliated Amaq news agency has been hacked and used to spread a malicious a FlashPlayer file. Who is behind the attack? The Islamic State-affiliated Amaq news agency has been hacked and used to spread a malware. The website is considered as the official news site of the Islamic State, it was used for propaganda and […]

A security expert demonstrated how to hack SmartTV using a low-cost transmitter for embedding malicious commands into a rogue DVB-T signals. The number of IoT devices continues to grow, but unfortunately, their level of security is often very poor and at the same time the number of threats to smart objects is rapidly increasing. Due to security […]

A security expert demonstrated how to hack SmartTV using a low-cost transmitter for embedding malicious commands into a rogue DVB-T signals. The number of IoT devices continues to grow, but unfortunately, their level of security is often very poor and at the same time the number of threats to smart objects is rapidly increasing. Due to security […]

The Linux kernel flaw exploited by the hackers at the Zero Day Initiative’s Pwn2Own 2017 competition to hack Ubuntu has been patched. The Chaitin Security Research Lab (@ChaitinTech) discovered a Linux Kernel flaw, , tracked as CVE-2017-7184, during the last Pwn2Own 2017 competition. The experts hacked Ubuntu Desktop exploiting a Linux kernel heap out-of-bound access and earned $15,000 […]

The Linux kernel flaw exploited by the hackers at the Zero Day Initiative’s Pwn2Own 2017 competition to hack Ubuntu has been patched. The Chaitin Security Research Lab (@ChaitinTech) discovered a Linux Kernel flaw, , tracked as CVE-2017-7184, during the last Pwn2Own 2017 competition. The experts hacked Ubuntu Desktop exploiting a Linux kernel heap out-of-bound access and earned $15,000 […]

Splunk has fixed the security issue in the JavaScript implementation, tracked as CVE-2017-5607, that can be exploited to siphon data. Splunk has fixed the security issue in the JavaScript implementation, tracked as CVE-2017-5607, that leaks user information. Splunk provides the leading platform for Operational Intelligence that is used to search, monitor, analyze and visualize machine data. Splunk […]

Splunk has fixed the security issue in the JavaScript implementation, tracked as CVE-2017-5607, that can be exploited to siphon data. Splunk has fixed the security issue in the JavaScript implementation, tracked as CVE-2017-5607, that leaks user information. Splunk provides the leading platform for Operational Intelligence that is used to search, monitor, analyze and visualize machine data. Splunk […]

Japan plan to develop a hack proof satellite system to protect transmissions between satellites and ground stations with a dynamic encryption of data. Japan’s Internal Affairs and Communications Ministry plans to develop a communications system to protect satellites from cyber attacks. The hack proof satellite system will protect transmissions between satellites and ground stations implementing […]

Japan plan to develop a hack proof satellite system to protect transmissions between satellites and ground stations with a dynamic encryption of data. Japan’s Internal Affairs and Communications Ministry plans to develop a communications system to protect satellites from cyber attacks. The hack proof satellite system will protect transmissions between satellites and ground stations implementing […]

Experts at Cylance disclosed two UEFI flaws that can be exploited by attackers to install a backdoor on some Gigabyte BRIX mini PCs. Experts at security firm Cylance have disclosed two UEFI vulnerabilities that can be exploited by attackers to install a backdoor on some Gigabyte BRIX mini PCs. The experts tested the latest firmware […]

Experts at Cylance disclosed two UEFI flaws that can be exploited by attackers to install a backdoor on some Gigabyte BRIX mini PCs. Experts at security firm Cylance have disclosed two UEFI vulnerabilities that can be exploited by attackers to install a backdoor on some Gigabyte BRIX mini PCs. The experts tested the latest firmware […]

Apple fixed a vulnerability tracked as CVE-2017-2387 in the Apple Music for Android that could allow attackers to launch MitM attacks on the application. The update released Apple for the Apple Music application for Android fixes a certificate validation issue that can be exploited by an attacker to run MitM attacks and intercept user data. […]

Spanish law enforcement arrested in Barcellona the Russian hacker Pyotr Levashov who is suspected of being involved in attacks on 2016 US Election. Spanish law enforcement arrested in Barcelona the Russian hacker and alleged spam kingpin Pyotr Levashov (36). The man is suspected of being involved in hacking attacks against entities linked to the 2016 US Presidential Election. […]

The Open Web Application Security Project (OWASP) presented the first release candidate for the 2017 OWASP Top 10, it includes 2 new categories. This week the Open Web Application Security Project (OWASP) presented the first release candidate for the 2017 OWASP Top 10, the principal novelty is the presence of two new vulnerability categories. The […]

A group of researchers has demonstrated that attackers can steal PINs and Passwords capturing data from smartphone sensors. Modern mobile devices are full of sensors (i.e. GPS, Camera, microphone, accelerometer, magnetometer, proximity, gyroscope, pedometer, and NFC) that could be exploited by hackers to gather data about owner’s activities? A group of researchers from Newcastle University demonstrated that […]

Hackers exploited the CVE-2014-9222 flaw, also known as ‘Misfortune Cookie’, to hack thousands of home routers and abuse them for WordPress attacks. According to the experts at the security firm Wordfence tens of thousands, of home routers have been hacked and used to power cyber attacks on WordPress websites. The security firm observed a spike in […]

SAP has issued a security patch for the SAP TREX search engine that addresses also a two-years old critical vulnerability. SAP has issued a security patch for the SAP TREX search engine that addresses multiple vulnerabilities discovered by the experts in a 2015 patch released in December 2015. The SAP TREX search engine is used […]

An unpatched vulnerability in Magento platform could be exploited by hackers to compromise fully web servers that host the e-commerce sites. An unpatched vulnerability in the Magento e-commerce platform could be exploited by attackers to upload and execute malicious PHP scripts on web servers that host online shops. The vulnerability was reported by experts at […]

The Linux remote vulnerability tracked as CVE-2016-10229 poses Linux systems at rick of hack if not patched. A Linux kernel vulnerability, trackers as CVE-2016-10229, potentially allows attackers to remotely take over a vulnerable system (i.e. Servers, desktops, IoT devices and mobile devices). “udp.c in the Linux kernel before 4.5 allows remote attackers to execute arbitrary code via UDP […]

A bug dubbed Riddle vulnerability affecting MySQL 5.5 and 5.6 clients exposed user credentials to MiTM attacks. Update to version 5.7. A coding error dubbed The Riddle has been uncovered in the popular DBMS Oracle MySQL, the issue can be potentially exploited by attacker powering a man-in-the-middle attack to steal usernames and passwords. “The Riddle is a […]

A new round of the weekly SecurityAffairs newsletter arrived! The best news of the week with Security Affairs. First of all, let me inform you that at the #infosec16 SecurityAffairs was awarded as The Best European Personal Security Bloghttp://securityaffairs.co/wordpress/48202/breaking-news/securityaffairs-best-european-personal-security-blog.html ·      Millions of mobile phones and laptops potentially exposed to attack leveraging baseband zero-days ·      ATMitch – Crooks […]

Security experts discovered vulnerabilities in the Bosch Drivelog Connector dongle that could be exploited by hackers to stop the engine. Security Researchers at automotive cybersecurity firm Argus discovered vulnerabilities in Bosch Drivelog Connect solution that can be exploited by hackers to inject malicious messages into a vehicle’s CAN bus. The Bosch Drivelog Connect is the […]

The failure of the missile launch made the North Korea may have been thwarted by a cyber attack powered by the US Cyber Command. The crisis between the US and North Korea is increasing, Donald Trump warns his military may ‘have no choice’ to strike the rogue state. According to The Sun, US cyber soldiers may have […]

The Security expert David Routin has detailed a step by step procedure to exploit the recently patched cve-2017-0199 vulnerability exploited in Windows attacks in the wild. Introduction Since several days the security community has been informed thanks to FireEye publication of different malware campaigns (Dridex…) leveraging the CVE-2017-0199. Several other publications were related to this vulnerability but no […]

The Chinese security Xudong Zheng is warning of Homograph Phishing Attacks are “almost impossible to detect” also to experts. The Chinese security researcher Xudong Zheng has devised a phishing technique that is “almost impossible to detect.” Hackers can exploit a known vulnerability in the popular web browsers Chrome, Firefox and Opera to display to the […]

A critical vulnerability affects the Drupal References module that is used by hundreds of thousands of websites using the popular CMS. The Drupal security team has discovered a critical vulnerability in a third-party module named References. The Drupal team published a Security advisory on April 12 informing its users of the critical flaw. The flaw has a huge impact on […]

A critical vulnerability affects the Drupal References module that is used by hundreds of thousands of websites using the popular CMS. The Drupal security team has discovered a critical vulnerability in a third-party module named References. The Drupal team published a Security advisory on April 12 informing its users of the critical flaw. The flaw has a huge impact on […]

Oracle patch update for April 2017 fixed a record number of vulnerabilities, including Apache Struts and Shadow Brokers exploits. Oracle has released security updates to fix flaws in its product, including Apache Struts and a Solaris exploit included in a dump leaked by the Shadow Brokers hackers and containing NSA documents and hacking tools. The Oracle patch update […]

Cyber security experts disclosed the existence of 10 unpatched security flaws in dozens of Linksys routers widely used today. The IOActive senior security consultant Tao Sauvage and the independent security researcher Antide Petit have reported more than a dozen of unpatched security vulnerabilities affecting 25 different Linksys Smart Wi-Fi Routers models. The security duo published […]

Roman Seleznev, the son of the prominent Russian Parliament member Valery Seleznev was sentenced to 27 years in jail for hacking. The Russian hacker Roman Seleznev, aka Track2, was sentenced to 27 years in prison, he was convicted of causing $170 million in damage by hacking into point-of-sale systems. This sentence is the longest one ever imposed in […]

A group of Israeli researchers has devised a new technique to exfiltrate data from a PC in an air-gapped network through malware controlled via scanners. The team was composed of Ben Nassi, a graduate student at the Cyber Security Research Center at Ben-Gurion University, and his advisor Yuval Elovici, based on an idea of the prominent cryptographer Adi Shamir. […]

A group of Israeli researchers has devised a new technique to exfiltrate data from a PC in an air-gapped network through malware controlled via scanners. The team was composed of Ben Nassi, a graduate student at the Cyber Security Research Center at Ben-Gurion University, and his advisor Yuval Elovici, based on an idea of the prominent cryptographer Adi Shamir. […]

Denmark on Monday denounced Russia after the publication of a report that accused Russian APT28 of hacking the defense ministry’s email accounts. Today the Danish Government officially blamed Russia for cyber attacks against its Defense Ministry. Denmark denounced a cyber intrusion in several Defense Ministry’s email accounts. The accusation comes after the publishing by the Centre for Cyber […]

The popular PHP webmail package SquirrelMail is affected by a remote code execution vulnerability tracked as CVE-2017-7692. The popular PHP webmail package SquirrelMail is affected by a remote code execution vulnerability tracked as CVE-2017-7692, that could be exploited by hackers to execute arbitrary commands on the target and fully control it. The recent version, 1.4.22, and […]

The popular PHP webmail package SquirrelMail is affected by a remote code execution vulnerability tracked as CVE-2017-7692. The popular PHP webmail package SquirrelMail is affected by a remote code execution vulnerability tracked as CVE-2017-7692, that could be exploited by hackers to execute arbitrary commands on the target and fully control it. The recent version, 1.4.22, and […]

R2Games compromised for the second time in a few years, more than one million accounts of U.S., France, German, and Russian forums compromised. Once again, the hackers target a gaming firm, the online gaming company Reality Squared Games (R2Games) has been breached for the second time in just two years. The news was reported by the data breach notification service LeakBase […]

The Interpol located and shut down nearly 9,000 Command and control servers located in Asia and hacked with a WordPress plug-in exploit. An investigation conducted by the Interpol resulted in the identification of nearly 9,000 command and control servers located in Asia. The law enforcement body operated with the support of private partners, including Kaspersky Lab, Cyber Defense Institute, […]

The Interpol located and shut down nearly 9,000 Command and control servers located in Asia and hacked with a WordPress plug-in exploit. An investigation conducted by the Interpol resulted in the identification of nearly 9,000 command and control servers located in Asia. The law enforcement body operated with the support of private partners, including Kaspersky Lab, Cyber Defense Institute, […]

Security vulnerabilities in the Hyundai Blue Link mobile apps allowed hackers to steal vehicles, the car maker fixed them. Security vulnerabilities in the Hyundai Blue Link mobile apps could be exploited by hackers to locate, unlock and start vehicles of the carmaker. The Blue Link application is available for both iOS and Android mobile OSs, it was […]

Security vulnerabilities in the Hyundai Blue Link mobile apps allowed hackers to steal vehicles, the car maker fixed them. Security vulnerabilities in the Hyundai Blue Link mobile apps could be exploited by hackers to locate, unlock and start vehicles of the carmaker. The Blue Link application is available for both iOS and Android mobile OSs, it was […]

The United States Air Force has launched the ‘Hack the Air Force’ bug bounty program to test the security of its the networks and computer systems. I have discussed many times the importance and the numerous advantages of a bug bounty program. Bug bounties are very popular initiatives among the communities of white hats, principal companies, […]

The United States Air Force has launched the ‘Hack the Air Force’ bug bounty program to test the security of its the networks and computer systems. I have discussed many times the importance and the numerous advantages of a bug bounty program. Bug bounties are very popular initiatives among the communities of white hats, principal companies, […]

Security experts from security firm Redsocks published an interesting report on how to crack APT28 traffic in a few seconds. Introduction APT28 is a hacking group involved in many recent cyber incidents. The most recent attack allegedly attributed to this group is the one to French presidential candidate Emmanuel Macron’s campaign. Incident response to this Advanced […]

The Israeli Government announces it thwarted a major cyberattack against 120 targets just days after harsh criticism of new cyber defense bill. According to haaretz.com, Israeli Government revealed it repelled a major cyberattack aimed at 120 targets. The unusual announcement was made by the Prime Minister’s Office (PMO) in a very unusual announcement on Wednesday. Israel […]

The Israeli Government announces it thwarted a major cyberattack against 120 targets just days after harsh criticism of new cyber defense bill. According to haaretz.com, Israeli Government revealed it repelled a major cyberattack aimed at 120 targets. The unusual announcement was made by the Prime Minister’s Office (PMO) in a very unusual announcement on Wednesday. Israel […]

Kali Linux 2017.1 rolling release was announced, the popular distro comes with a set of significant updates and features. The popular Kali Linux distribution has a new weapon in its hacking arsenal, it can use cloud GPUs for password cracking. Kali Linux is the most popular distribution in the hacking community, it is a Debian-based distro […]

Kali Linux 2017.1 rolling release was announced, the popular distro comes with a set of significant updates and features. The popular Kali Linux distribution has a new weapon in its hacking arsenal, it can use cloud GPUs for password cracking. Kali Linux is the most popular distribution in the hacking community, it is a Debian-based distro […]

Security researchers discovered an SNMP flaw dubbed StringBleed that affects several models of Internet-connected devices. Simple Network Management Protocol (SNMP) authentication bypass affects several IoT devices, hackers could exploit the issue by simply sending random values in specific requests. The problem, dubbed StringBleed and tracked as CVE 2017-5135, was reported by the security researchers Ezequiel Fernandez and Bertin Bervis. The SNMP […]

Security researchers discovered an SNMP flaw dubbed StringBleed that affects several models of Internet-connected devices. Simple Network Management Protocol (SNMP) authentication bypass affects several IoT devices, hackers could exploit the issue by simply sending random values in specific requests. The problem, dubbed StringBleed and tracked as CVE 2017-5135, was reported by the security researchers Ezequiel Fernandez and Bertin Bervis. The SNMP […]

Security experts discovered a critical vulnerability in GE Multilin SR that poses a serious threat to the power grid worldwide. A team of researchers from New York University has found a serious vulnerability in some of GE Multilin SR protection relays that poses a serious threat to power grid. The experts will provide further details about the […]

Security experts discovered a critical vulnerability in GE Multilin SR that poses a serious threat to the power grid worldwide. A team of researchers from New York University has found a serious vulnerability in some of GE Multilin SR protection relays that poses a serious threat to power grid. The experts will provide further details about the […]

Security experts demonstrated that insecure mobile applications leave millions of smartphones at risk of open port attack. A group of security researchers from the University of Michigan ( Yunhan Jack Jia, Qi Alfred Chen, Yikai Lin, Chao Kong, and Prof. Z. Morley Mao) discovered a security hole in hundreds of applications in Google Play Store that could […]

The hacked ‘The Dark Overlord’ claims to have stolen and leaked online episodes from the forthcoming season of the TV show Orange Is The New Black. A hacker who goes online with the moniker “The Dark Overlord” claims to have stolen episodes from the forthcoming season of the TV show ‘Orange is the New Black.’ […]

The hacked ‘The Dark Overlord’ claims to have stolen and leaked online episodes from the forthcoming season of the TV show Orange Is The New Black. A hacker who goes online with the moniker “The Dark Overlord” claims to have stolen episodes from the forthcoming season of the TV show ‘Orange is the New Black.’ […]

Some USB flash drives containing the initialization tool shipped with the IBM Storwize for Lenovo contain a malicious file. Some USB flash drives containing the initialization tool shipped with the IBM Storwize for Lenovo V3500, V3700 and V5000 Gen 1 storage systems contain a file that has been infected with malicious code. The Initialization Tool […]

Some USB flash drives containing the initialization tool shipped with the IBM Storwize for Lenovo contain a malicious file. Some USB flash drives containing the initialization tool shipped with the IBM Storwize for Lenovo V3500, V3700 and V5000 Gen 1 storage systems contain a file that has been infected with malicious code. The Initialization Tool […]

Luca Bongiorni was working on a cheap and dedicated hardware that he could remotely control (i.e. over WiFi or BLE), that is how WHID was born. Since the first public appearance of HID Attacks (i.e.  PHUKD, Kautilya, Rubberducky), many awesome researches and results have been published [i.e. Iron HID, Mousejack and the coolest USaBUSe]. Due […]

Luca Bongiorni was working on a cheap and dedicated hardware that he could remotely control (i.e. over WiFi or BLE), that is how WHID was born. Since the first public appearance of HID Attacks (i.e.  PHUKD, Kautilya, Rubberducky), many awesome researches and results have been published [i.e. Iron HID, Mousejack and the coolest USaBUSe]. Due […]

Luca Bongiorni was working on a cheap and dedicated hardware that he could remotely control (i.e. over WiFi or BLE), that is how WHID was born. Since the first public appearance of HID Attacks (i.e.  PHUKD, Kautilya, Rubberducky), many awesome researches and results have been published [i.e. Iron HID, Mousejack and the coolest USaBUSe]. Due […]

A group of researchers conducted a study on the Dark Web leveraging the Graph theory. This hidden space appears as composed by sparse and isolated silos. A group of experts from the Massachusetts Institute of Technology’s SMART lab in Singapore has recently published an interesting research paper on the Dark Web. The researchers collected and analyzed the dark web […]

A group of researchers conducted a study on the Dark Web leveraging the Graph theory. This hidden space appears as composed by sparse and isolated silos. A group of experts from the Massachusetts Institute of Technology’s SMART lab in Singapore has recently published an interesting research paper on the Dark Web. The researchers collected and analyzed the dark web […]

A group of researchers conducted a study on the Dark Web leveraging the Graph theory. This hidden space appears as composed by sparse and isolated silos. A group of experts from the Massachusetts Institute of Technology’s SMART lab in Singapore has recently published an interesting research paper on the Dark Web. The researchers collected and analyzed the dark web […]

A group of researchers conducted a study on the Dark Web leveraging the Graph theory. This hidden space appears as composed by sparse and isolated silos. A group of experts from the Massachusetts Institute of Technology’s SMART lab in Singapore has recently published an interesting research paper on the Dark Web. The researchers collected and analyzed the dark web […]

Yahoo awarded $7,000 to the bug hunter Michael Reizelman, aka mishre, for Flickr account hijacking vulnerability. Reizelman was a popular bug hunter that discovered vulnerabilities in many web services, including Badoo, Dropbox, GitHub, Google, Imgur, Slack, Twitter, and Uber. The expert has discovered three vulnerabilities in the company’s image and video hosting service that could have been chained together […]

Yahoo awarded $7,000 to the bug hunter Michael Reizelman, aka mishre, for Flickr account hijacking vulnerability. Reizelman was a popular bug hunter that discovered vulnerabilities in many web services, including Badoo, Dropbox, GitHub, Google, Imgur, Slack, Twitter, and Uber. The expert has discovered three vulnerabilities in the company’s image and video hosting service that could have been chained together […]

Kaspersky is currently monitoring the activities of more than 100 threat actors, from the From Lazarus APT to StoneDrill. According to the experts from KasperskyLab, the infamous Lazarus APT group, aka BlueNoroff, is the most dangerous threat against financial institutions worldwide. The activity of the Lazarus Group surged in 2014 and 2015, its members used mostly custom-tailored malware […]

Kaspersky is currently monitoring the activities of more than 100 threat actors, from the From Lazarus APT to StoneDrill. According to the experts from KasperskyLab, the infamous Lazarus APT group, aka BlueNoroff, is the most dangerous threat against financial institutions worldwide. The activity of the Lazarus Group surged in 2014 and 2015, its members used mostly custom-tailored malware […]

A critical remote code execution vulnerability tracked as CVE-2017-5689 in Intel Management Engine affects Intel enterprise PCs dates back 9 years. A critical remote code execution (RCE) vulnerability tracked as CVE-2017-5689 has been discovered in the remote management features implemented on computers shipped with Intel Chipset in past 9 years. The vulnerability affects the Intel Management […]

A critical remote code execution vulnerability tracked as CVE-2017-5689 in Intel Management Engine affects Intel enterprise PCs dates back 9 years. A critical remote code execution (RCE) vulnerability tracked as CVE-2017-5689 has been discovered in the remote management features implemented on computers shipped with Intel Chipset in past 9 years. The vulnerability affects the Intel Management […]

Experts from security firm WordFence reported a rapid reduction of WordPress attacks originating from hundreds of ISPs worldwide. Experts at the security firm Wordfence a few weeks ago reported that tens of thousands of flawed routers from dozens of ISPs worldwide were recruited in a botnet used to power several types of attacks against WordPress […]

Don’t click Google Docs link! A Google Docs phishing scheme is quickly spreading across the Internet targeting a large number of users. Did you receive an unsolicited Google Doc from someone? First, do not click on that Google Doc link embedded in the email you have received and delete the message, even if it’s from […]

A researcher reported a WordPress Password Reset vulnerability, tracked as CVE-2017-8295, and detailed it in a security advisory. On Wednesday, the popular security experts Dawid Golunski reported a WordPress Password Reset vulnerability, tracked as CVE-2017-8295, and detailed it in a security advisory. Golunski classified the flaw as a “medium/high severity,â€� he explained that the issue is caused by […]

A researcher reported a WordPress Password Reset vulnerability, tracked as CVE-2017-8295, and detailed it in a security advisory. On Wednesday, the popular security experts Dawid Golunski reported a WordPress Password Reset vulnerability, tracked as CVE-2017-8295, and detailed it in a security advisory. Golunski classified the flaw as a “medium/high severity,â€� he explained that the issue is caused by […]

According to experts from the Fox-IT firm, the notorious Russian Snake APT group is ready to target also Mac users with a new variant of its malicious code. The sophisticated Russian Snake APT group is back and is leveraging on new malware to target Mac users.The Snake APT group, also known as Turla or Uroburos, has ported its Windows […]

WikiLeaks has released a news batch of documents detailing the Archimedes tool, a MitM attack tool allegedly used by the CIA to target LAN networks. WikiLeaks has released a news batch of documents detailing a man-in-the-middle (MitM) attack tool dubbed Archimedes allegedly used by the CIA to target local networks. The leaked documents, dated between 2011 […]

WikiLeaks has released a news batch of documents detailing the Archimedes tool, a MitM attack tool allegedly used by the CIA to target LAN networks. WikiLeaks has released a news batch of documents detailing a man-in-the-middle (MitM) attack tool dubbed Archimedes allegedly used by the CIA to target local networks. The leaked documents, dated between 2011 […]

Experts from Bitdefender have uncovered the Netrepser Cyber espionage campaign that compromised more than 500 Government organizations worldwide. Security experts at Bitdefender uncovered a cyber espionage campaign that leverages a strain of malware dubbed Netrepser to target government organizations. Netrepser Trojan samples were first discovered by the Bitdefender in May 2016, according to experts the analysis […]

Cisco released a firmware update to fix a critical buffer overflow vulnerability in CISCO CVR100W Wireless-N VPN Small Business Routers. Cisco has released a firmware update to fix a critical vulnerability in its CVR100W Wireless-N VPN routers. The flaw, tracked as CVE-2017-3882, can be exploited by attackers to trigger a denial-of-service (DoS) condition and execute arbitrary code […]

Cisco released a firmware update to fix a critical buffer overflow vulnerability in CISCO CVR100W Wireless-N VPN Small Business Routers. Cisco has released a firmware update to fix a critical vulnerability in its CVR100W Wireless-N VPN routers. The flaw, tracked as CVE-2017-3882, can be exploited by attackers to trigger a denial-of-service (DoS) condition and execute arbitrary code […]

Microsoft has recently uncovered an attack dubbed Operation WilySupply that leveraged the update mechanism of an unnamed software editing tool to compromise targets. The attackers mostly targeted organizations in the finance and payment industries. “An unknown attacker was taking advantage of a silent yet effective attack vector: the compromised update mechanism or software supply chain for a third-party […]

Researchers at Technische Universitat Braunschweig published a study on 200+ Android mobile apps that are listening to your life through ultrasonic beacons. Researchers at Technische Universitat Braunschweig in Germany recently published a finding that over 200 Android mobile applications are listening to your life through ultrasonic beacons. Like digital electronic vampire bats, these apps are checking […]

Hackers at the Google Project Zero team have discovered another critical Windows RCE vulnerability, the worst Windows RCE in recent memory. Security experts at Google Project Zero team have discovered another critical remote code execution (RCE) vulnerability in Microsoft Windows OS, but this time the hackers defined it as the worst Windows RCE in recent memory. […]

Hackers at the Google Project Zero team have discovered another critical Windows RCE vulnerability, the worst Windows RCE in recent memory. Security experts at Google Project Zero team have discovered another critical remote code execution (RCE) vulnerability in Microsoft Windows OS, but this time the hackers defined it as the worst Windows RCE in recent memory. […]

Microsoft fixes the vulnerability in the Microsoft Malware Protection Engine (CVE-2017-0290) discovered just three days by Google experts. Last week the researchers at the Google Project Zero team have discovered a new critical Windows RCE vulnerability, tracked as CVE-2017-0290, they defined the bug as the worst Windows RCE in recent memory. I think @natashenka and […]

Microsoft fixes the vulnerability in the Microsoft Malware Protection Engine (CVE-2017-0290) discovered just three days by Google experts. Last week the researchers at the Google Project Zero team have discovered a new critical Windows RCE vulnerability, tracked as CVE-2017-0290, they defined the bug as the worst Windows RCE in recent memory. I think @natashenka and […]

Jenkins developers fixed a critical RCE vulnerability in the popular open source automation server along with many other issues. Jenkins is the most popular open source automation server, it is maintained by CloudBees and the Jenkins community. The automation server supports developers build, test and deploy their applications, it has more than 133,000 active installations […]

Jenkins developers fixed a critical RCE vulnerability in the popular open source automation server along with many other issues. Jenkins is the most popular open source automation server, it is maintained by CloudBees and the Jenkins community. The automation server supports developers build, test and deploy their applications, it has more than 133,000 active installations […]

Apple has recently fixed an iCloud Keychain vulnerability that could have been exploited by hackers to steal sensitive data from iCloud users. The flaw allowed hackers to run man-in-the-middle (MitM) attacks to obtain sensitive user information (i.e. names, passwords, credit card data, and Wi-Fi network information). The researcher Alex Radocea of Longterm Security discovered in […]

Apple has recently fixed an iCloud Keychain vulnerability that could have been exploited by hackers to steal sensitive data from iCloud users. The flaw allowed hackers to run man-in-the-middle (MitM) attacks to obtain sensitive user information (i.e. names, passwords, credit card data, and Wi-Fi network information). The researcher Alex Radocea of Longterm Security discovered in […]

SAP issued the May 2017 Security Update that addresses 17 security Vulnerabilities. On Tuesday SAP released the May 2017 security update that addresses 17 vulnerabilities in its products, 9 of them were released on this Security Patch Day. “On 9th of May 2017, SAP Security Patch Day saw the release of 9 security notes. Additionally, there were […]