Pierluigi Paganini
February 09, 2018
The group of hackers known as ‘fail0verflow’ has discovered a vulnerability in the gaming console Nintendo Switch that could be exploited to install a Linux distro. The hackers announced their discovery in a post on Twitter, the published an image of a console running the Debian Linux distro after the hack. 🐧🐧🐧🐧 #switch pic.twitter.com/4iTjTk9D59 — fail0verflow (@fail0verflow) […]
Pierluigi Paganini
February 09, 2018
Security expert Paulos Yibelo has discovered a vulnerability in Hotspot Shield VPN from AnchorFree that can expose locations of the users. Paulos Yibelo, a security researcher, has discovered a vulnerability that can expose users and locations around the globe compromising their anonymity and privacy. The company has about 500 million users globally. VPN services providers […]
Pierluigi Paganini
February 09, 2018
A new PoS malware dubbed UDPoS appeared in the threat landscape and implements a novel and hard to detect technique to steal credit card data from infected systems. The UDPoS malware was spotted by researchers from ForcePoint Labs, it relies upon User Datagram Protocol (UDP) DNS traffic for data exfiltration instead of HTTP that is the protocol used by […]
Pierluigi Paganini
February 09, 2018
The source code for Apple iOS iBoot secure bootloader has been leaked to GitHub, now we will try to understand why this component is so important for the iOS architecture. The iBoot is the component loaded in the early stages of the boot sequence and it is tasked with loading the kernel, it is stored in […]
Pierluigi Paganini
February 09, 2018
Swisscom data breach – Telco company Swisscom confirmed it has suffered a data breach that affected roughly 800,000 of its customers, roughly 10% of the Swiss population. Swiss telco company Swisscom confirmed it has suffered a data breach that affected roughly 800,000 of its customers, roughly 10% of the Swiss population. According to Swisscom, unauthorized parties gained access to data in […]
Pierluigi Paganini
February 08, 2018
The US authorities have dismantled a global cybercrime organization tracked Infraud Organization involved in stealing and selling credit card and personal identity data. The US authorities have taken down a global cybercrime organization, the Justice Department announced indictments for 36 people charged with being part of a crime ring specialized in stealing and selling credit […]
Pierluigi Paganini
February 08, 2018
Joomla development team has released the Joomla 3.8.4 that addresses many issues, including an SQL injection bug and three cross-site scripting (XSS) flaws. Joomla development team has released the Joomla 3.8.4 that addresses a large number of issues, including an SQL injection bug and three cross-site scripting (XSS) vulnerabilities. The latest release also includes several improvements. The XSS and SQL injection vulnerabilities have been classified […]
Pierluigi Paganini
February 08, 2018
Intel is releasing new firmware updates that should address Spectre vulnerabilities CVE-2017-5715 for Skylake processors. Intel is releasing new firmware updates limited to Skylake processors to address Spectre vulnerabilities, patches for other platforms are expected very soon. The Spectre attack allows user-mode applications to extract information from other processes running on the same system. It can also be exploited […]
Pierluigi Paganini
February 08, 2018
Researchers from Princeton University have developed an app called PinME to locate and track smartphone without using GPS. The research team led by Prateek Mittal, assistant professor in Princeton’s Department of Electrical Engineering and PinMe paper co-author developed the PinMe application that mines information stored on smartphones that don’t require permissions for access. The data […]
Pierluigi Paganini
February 08, 2018
Cisco has rolled out new security patches for a critical vulnerability, tracked as CVE-2018-0101, in its CISCO ASA (Adaptive Security Appliance) software. At the end of January, the company released security updates the same flaw in Cisco ASA software. The vulnerability could be exploited by a remote and unauthenticated attacker to execute arbitrary code or trigger […]
