A group of researchers has demonstrated that the cost of breaking the SHA-1 hash algorithm is lower than previously estimated. The SHA-1 is still one of the most used cryptographic hash algorithm, but bad news for its supporters, a New Collision Attack Lowers Cost of Breaking it. The news is worrying, the cost and time […]
A security researcher has discovered a serious vulnerability in Netgear router that could be exploited by attackers to change the DNS settings. Once again the NetGear Routers are in the headlines for a serious security issue, nearly 500o devices are exposed to DNS Monitoring. The security researcher Joe Giron has discovered a serious vulnerability in Netgear router […]
After acknowledging the problem that allowed the purchase of the google.com domain for $12, Google rewarded Sanmay Ved with an unknown amount of cash, but the generous man donated it. A few days ago I wrote about an incredible story of a man that bought the google.com and remained its owned for a few minutes. […]
Security experts at Sucuri have uncovered threat actors abusing an XML-RPC method to run Brute-Force amplification attacks on WordPress websites. According to the experts at security firm Sucuri, threat actors are exploiting the XML-RPC protocol implemented by WordPress and other popular content management systems to run brute-force amplification attacks. The XML-RPC protocol allows users to […]
The vulnerability allows a local unprivileged user of a Windows guest to gain Local and/or Domain Administrator access when VeeamVixProxy is active, the de-facto default in VMWare and Hyper-V environments. Pasquale `sid` Fiorillo, Francesco `ascii` Ongaro from ISGroup, an Italian Security firm, and Antonio `s4tan` Parata from ush team, have just released a critical security […]
Experts at Volexity discovered a hacking campaign targeting the CISCO WebVPN VPN product, attackers aim to steal corporate login credentials. A virtual private network (VPN) allows to extend a private network across a public connection, they are mainly used to protect users’ privacy and improve security for data in transit. Virtual Private Networks are commonly used many companies and organizations […]
The findings of the investigation conducted by Uber on the recent security breach raise doubts on the alleged involvement of a competitor, the Lyft. The findings of the investigation conducted by Uber on the recent security breach that exposed details of its drivers, seems to confirm the involvement of a competitor, the Lyft. On May 2014, […]
Learn what Certificates as a Service stand for, discover why Code Signing certificates are a precious commodity and find out how to protect yourself online. A recent phenomenon tracked by IBM Security X-Force researchers is the CaaS (Certificates as a service). Cybercriminals would use the Dark Web for selling high-grade code certificates -which they have […]
Researchers at FireEye spotted a new malicious adware campaign (Kemoge threat) that has infected Android mobile devices in more than 20 countries. Security researchers at Fireeye have uncovered a malicious adware campaign which relies on a threat dubbed âKemogeâ based on the name of its command and control (C&C) domain aps.kemoge.net. The Kemoge malware is packaged with various popular […]
Chinese Hackers who allegedly compromised servers at LoopPay, the Samsung subsidiary, appear interested in spying on targets through Samsung Pay technology. The Samsung subsidiary LoopPay has been the victim of a security breach that is worrying the security industry. The investigators speculate that attackers’ motivation is the cyber espionage and excluded a financial crime.  If confirmed the security breach […]