Breaking News

Pierluigi Paganini November 10, 2016
CVE-2016-7165 Privilege Escalation flaw affects many Siemens solutions

Siemens released security updates and temporary fixes to fix a privilege escalation flaw, tracked CVE-2016-7165, that affects several industrial products. Siemens has released security updates and temporary fixes to address a privilege escalation vulnerability, tracked CVE-2016-7165, that affects several industrial products. The flaw could be exploited by attackers to escalate their privileges if the flawed products […]

Pierluigi Paganini November 10, 2016
SCADA Sssh! Don’t Talk, Filter it

The effects of cyber-attacks against SCADA/ICS are well known, however, there is a great confusion when dealing with mitigation techniques. The Majority are aware of the impact cyber-attacks can have on Industrial Control Systems however, the reality in terms of mitigation techniques are shrouded with confusion and a reactive approach. Recent 0-day vulnerability dubbed as […]

Pierluigi Paganini November 09, 2016
Malvertising campaign delivered Android Svpeng Trojan via a zero-day in Chrome

Kaspersky discovered a new strain of the Svpeng Trojan delivered through popular news websites using Google’s AdSense via a zero-day in Chrome. Crooks exploited a Chrome Zero-Day vulnerability to deliver the Android Svpeng Trojan to Android users via Google AdSense. The Svpeng Trojan is not a new threat, it was first spotted by Kaspersky Lab in July 2013 when threat […]

Pierluigi Paganini November 09, 2016
What does a DDoS with everyday life? DDoS knocks out building control systems in Finland

The residents in two apartment buildings Finland faced more that a week of serious problem due to a DDoS attack that targeted the building control systems. What does a DDoS with everyday life? The recent attack against the Dyn DNS service powered by an IoT botnet demonstrated the weakness of modern society to cyber threats. Anyway, to better explain […]

Pierluigi Paganini November 09, 2016
Microsoft patches CVE-2016-7255 Windows zero-day exploited by Fancy Bear

Microsoft has issued a security patch that fixes the zero-day vulnerability tracked as CVE-2016-7255 exploited by Russian hackers. Microsoft has issued security patches that fixed also the zero-day vulnerability exploited by Russian hackers. One of the zero-days tracked as CVE-2016-7255  has been patched in the MS16-135 bulletin that also addresses two information disclosure and three […]

Pierluigi Paganini November 09, 2016
Adobe issued security patches for 9 Flash Player flaws reported via ZDI

Adobe released security updates that address nine vulnerabilities in Flash Player that could be exploited for remote code execution. Adobe has released security updates to address one vulnerability in Connect for Windows and nine arbitrary code execution flaws in the Flash Player product. The patches issued by the company for Adobe Flash Player are available for […]

Pierluigi Paganini November 08, 2016
CVE-2016-6563 RCE flaw affects D-Link Routers, disable remote admin

Carnegie-Mellon CERT warns of a flawed implementation of HNAP in D-Link routers (CVE-2016-6563) that could be exploited for remote execute code. According to the Carnegie-Mellon CERT the implementation of the Home Network Automation Protocol (HNAP) of D-Link routers is affected by a stack-based buffer overflow vulnerability tracked as  CVE-2016-6563. The flaw could be exploited by a […]

Pierluigi Paganini November 08, 2016
Abusing protocols in LTE networks to knock mobile devices off networks

A group of researchers from Nokia Bell Labs and Aalto University in Finland demonstrated how to hack protocols used in the LTE networks. We discussed several times the rule of the SS7 signaling protocol in mobile communications and how to exploit its flaws to track users. When mobile users travel between countries, their mobile devices connect to the infrastructure of a […]

Pierluigi Paganini November 08, 2016
Technical analysis of the Locker virus on mobile phones

Security experts from Cheetah Mobile Security Research Lab published an interesting Technical analysis of the mobile variant of the Locker virus. Blatant malicious behavior of the Locker virus The Locker virus can easily be identified by its blatant malicious behavior. Here are the tell-tail signs: Windows appear on the top of the home screen that […]

Pierluigi Paganini November 08, 2016
WikiLeaks published DNCLeak2, but someone DDoSed it

WikiLeaks confirmed that the email publication server suffered a massive DDoS attack since it published a new set of DNC hacked emails dubbed as DNCLeak2. A couple of days before the 2016 Presidential election, WikiLeaks has published a new set of emails hacked from the Democratic National Committee (DNC). The new set, dubbed DNCLeak2, includes 8,200 emails, the […]