RSS Security

RSS Security Affairs
  • Yevgeniy Nikulin, Russian hacker behind Dropbox and LinkedIn hacks found guilty July 11, 2020
    The Russian hacker Yevgeniy Nikulin found guilty for LinkedIn, Dropbox, and Formspring data breach back in 2012 and the sale of their users’ data. A jury found Russian hacker Yevgeniy Nikulin guilty for the hack of LinkedIn, Dropbox, and Formspring back in 2012 and for the sale of the stolen data on cybercrime black marketplaces. […]
    Pierluigi Paganini
  • Hackers are scanning the web for vulnerable Citrix systems July 11, 2020
    Threat actors are scanning the Internet for Citrix systems affected by the recently disclosed vulnerabilities. This week Citrix has addressed 11 vulnerabilities affecting the ADC, Gateway, and SD-WAN WANOP networking products. The vulnerabilities could be exploited by attackers for local privilege escalation, to trigger a DoS condition, to bypass authorization, to get code injection, and to launch […]
    Pierluigi Paganini
  • Evilnum Group targets European and British fintech companies July 11, 2020
    A threat actor tracked as Evilnum targeted financial technology companies, mainly the British and European ones, ESET researchers reported. Evilnum threat actor was first spotted in 2018 while using the homonym malware. Over the years, the group added new tools to its arsenal, including custom and homemade malware along with software purchased from the Golden […]
    Pierluigi Paganini
  • Juniper Networks addressed many issues in its products July 10, 2020
    Juniper Networks addressed several vulnerabilities in its firewalls, most of them can be exploited by attackers for denial-of-service (DoS) attacks. Juniper Networks addressed several vulnerabilities in its products, most of them can be exploited by attackers for denial-of-service (DoS) attacks. Half a dozen of the flaws are DoS issues that have been rated high severity. […]
    Pierluigi Paganini
  • Researchers found allegedly intentional backdoors in FTTH devices from Chinese vendor C-Data July 10, 2020
    Two security researchers have found undocumented Telnet admin account accounts in 29 FTTH devices from Chinese vendor C-Data. Two security researchers have discovered undocumented Telnet admin account accounts in 29 Fiber-To-The-Home (FTTH) devices from Chinese vendor C-Data. The CDATA OLTs are sold under different brands, including Cdata, OptiLink, V-SOL CN, and BLIY. Some of the […]
    Pierluigi Paganini
  • KingComposer fixes a reflected XSS impacting 100,000 WordPress sites July 10, 2020
    An XSS vulnerability in the KingComposer page builder for WordPress impacts 100,000 websites using the WordPress plugin.  Researchers at Wordfence Threat Intelligence team discovered a reflected cross-site scripting (XSS) vulnerability, tracked as CVE-2020-15299, in the KingComposer WordPress plugin that potentially impacts 100,000 websites.  KingComposer a fast drag-and-drop page builder for WordPress websites, which comes complete with top-notch features embedded and […]
    Pierluigi Paganini
  • Pre-Installed malware spotted on other Android phones sold in US July 10, 2020
    Researchers from Malwarebytes have found yet another phone with pre-installed malware via the Lifeline Assistance program sold in the United States. Researchers at Malwarebytes have found malware pre-installed on smartphones sold in the United States, this is the second time as documented in a report published in January. In January, Malwarebytes researchers discovered that the […]
    Pierluigi Paganini
  • Zoom is working on a patch for a zero-day in Windows client July 9, 2020
    Researchers from cyber-security firm ACROS Security have disclosed a zero-day vulnerability in the Windows client of the popular Zoom video conferencing platform. Researchers from cyber-security firm ACROS Security have disclosed a zero-day vulnerability in the Windows client of the video conferencing software Zoom. The vulnerability is a remote code execution issue, which could allow the […]
    Pierluigi Paganini
  • Joker malware apps bypassed Google’s Play Store security checks July 9, 2020
    Check Point research discovered that the Joker (aka Bread) Android malware once again has bypassed protections implemented by Google for its Play Store. Researchers from security firm Check Point discovered samples of the Joker (aka Bread) malware were uploaded on the official Play Store bypassing protections implemented by Google for its users. “Check Point’s researchers […]
    Pierluigi Paganini
  • 15 billion credentials available in the cybercrime marketplaces July 9, 2020
    More than 15 billion username and passwords are available on cybercrime marketplaces, including over 5 billion unique credentials, states the experts. A report published by security firm Digital Shadows revealed the availability of more than 15 billion credentials shared on cybercrime marketplaces, paste sites, file sharing services, and code sharing websites. Over the past few […]
    Pierluigi Paganini