Hacking

Takuya Yoshida from Toyota’s InfoTechnology Center and his colleague Tsuyoshi Toyama are members of a Toyota team that developed the new tool, called PASTA (Portable Automotive Security Testbed). PASTA is an open-source testing platform specifically designed for car hacking, it was developed to help experts to test cyber security features of […]

In the last few days I have done some analysis on malicious documents, especially PDF. Then I thought, “Why not turn a PDF analysis into an article?” Let’s go to our case study: I received a scan request for a PDF file that was reported to support an antivirus vendor, and it […]

A destructive cyberattack hit the email provider VFEmail, a hacker wiped its servers in the United States, including the backup systems.  An unknown attacker has launched a destructive cyber attack against the email provider VFEmail, he erased information on its server including backups, 18 years’ worth of customer emails were […]

Microsoft released Patch Tuesday updates for February 2019 that address 77 flaws, including an Internet Explorer issue that has been exploited in attacks. Microsoft released Patch Tuesday updates for February 2019 that address 77 flaws, 20 critical vulnerabilities, 54 important and 3 moderate in severity. One of the issue fixed by the […]

620 million accounts stolen from 16 hacked websites (Dubsmash, Armor Games, 500px, Whitepages, ShareThis) available for sale on the dark web The Register revealed in exclusive that some 617 million online account details stolen from 16 hacked websites are available for sale on the dark web. The advertising for the sale of the […]

A security researcher has discovered yet another cryptocurrency-stealing malware on the official Google Play Store that was designed to secretly steal bitcoin and cryptocurrency from unwitting users. The malware, described as a « Clipper, » masqueraded as a legitimate cryptocurrency app and worked by replacing cryptocurrency wallet addresses copied into the Android […]

A serious security vulnerability has been discovered in the core runC container code that affects several open-source container management systems, potentially allowing attackers to escape Linux container and obtain unauthorized, root-level access to the host operating system. The vulnerability, identified as CVE-2019-5736, was discovered by open source security researchers Adam Iwaniuk and Borys […]

In most organisations using Active Directory and Exchange, Exchange servers have such high privileges that being an Administrator on an Exchange server is enough to escalate to Domain Admin. Recently I came across a blog from the ZDI, in which they detail a way to let Exchange authenticate to attackers […]

What’s the harm in opening a digital image? Well, Google has uncovered a new method to hack Android smartphones using malicious PNG files. The problem was disclosed this week in Google’s Android security bulletin. A serious flaw in the operating system’s framework can let a remote attacker execute computer code on an Android device […]

OverviewUsed by thousands of IT professionals and security researchers worldwide, the Remote Desktop Protocol (RDP) is usually considered a safe and trustworthy application to connect to remote computers. Whether it is used to help those working remotely or to work in a safe VM environment, RDP clients are an invaluable […]