Pierluigi Paganini
March 26, 2015
Experts of the Project Zero have disclosed a proof-of-concept for the exploitation of a default setting in Windows 7, 8.1 that allow privilege escalation. A new security issue threatens users of Windows 7 and 8.1, this time experts are warning about a default setting in both OSs that could allow local users to elevate privileges […]
Pierluigi Paganini
March 26, 2015
A new strain of Vawtrak malware implements capabilities to send and receive data through encrypted favicons distributed over the Tor network. A new powerful variant of the Vawtrak malware, also known as Neverquest or Snifula, appeared in the wild. Vawtrak is considered by malware researchers one of the most dangerous malicious code that is threatening systems worldwide. The […]
Pierluigi Paganini
March 25, 2015
Israeli Researchers have defined a new exfiltration technique dubbed BitWhisper that is based on the heat emissions and built-in thermal sensors. According researchers at the Ben Gurion University in Israel, by detecting the heat from one computer to an adjacent computer, is possible to establish a channel that can  claiming can facilitate the spread of keys, malicious […]
Pierluigi Paganini
March 25, 2015
A security researcher has discovered a reflected filename download vulnerability affecting the Instagram API that could be exploited to share malicious links. The security researcher David Sopas from WebSegura has discovered a serious vulnerability in the Instagram APIÂ that could be exploited by hackers to post a link to a web resource they manage. By exploiting […]
Pierluigi Paganini
March 25, 2015
Experts at Palo Alto Networks discovered the Installer Hijacking vulnerability that exposes half of Android users to attack via Installation Vulnerability. The security researcher Zhi Xu from Palo Alto Networks discovered a critical vulnerability, dubbed Android Installer Hijacking, affecting the Android PackageInstaller system service. By exploiting the flaw, an attacker can gain unlimited permissions on compromised smartphone and data […]
Pierluigi Paganini
March 24, 2015
Security experts discovered a CSRF vulnerability in the Hilton website that could be exploited by attackers to take over every Hilton Honors account. Last Monday we discovered that the Hilton’s website was affected by a flaw that allowed for anyone that had an Honors account to hack into another account by just guessing a 9-digit […]
Pierluigi Paganini
March 24, 2015
Google security team has recently discovered and blocked fraudulent digital certificates issued for several Google domains by a Chinese CA. On March 20, Google security team has discovered and blocked fraudulent digital certificates issued for several Google domains. The investigation revealed that a Chinese certificate authority was using an intermediate CA, MCS Holdings, that issued the bogus […]
Pierluigi Paganini
March 24, 2015
Thousands of routers exposed on the Internet by the ISPs are vulnerable to hacking and consequence of attacks on a large scale could be dramatic. ISPs have provided at least 700,000 ADSL routers to the public and unfortunately these kinds of routers have been really vulnerable to every possible hacker who wants to gain the […]
Pierluigi Paganini
March 24, 2015
Security experts discovered that the Adobe CVE-2011-2461 vulnerability is exploitable by at least four years despite the company has issued a patch. Four years ago Adobe released a patch for the vulnerability CVE-2011-2461 that was affecting the Adobe Flex SDK 3.x and 4.x. The flaw was a cross-site scripting (XSS) vulnerability that allowed remote attackers to inject arbitrary […]
Pierluigi Paganini
March 23, 2015
Chris Watts discovered a security flaw affecting some models of Cisco IP Phones that could be exploited to eavesdrop on conversations and make phone calls. Some models of Cisco IP phones for small businesses are affected by a vulnerability, coded as CVE-2015-0670 that could be exploited by a remote attacker to eavesdrop on conversations and make phone calls […]
