Pierluigi Paganini March 26, 2013
#OpIsrael & attack to Mossad,cyber dispute or misinformation campaign?

Israel is considered by various group of hacktivists an enemy state to fight, for this reason they decide a joint operation to start on April 7th as part of #OpIsrael.  The attack started in 2012 against the protest against Israeli bombing of Palestinian territory, hacktivists are expressing full solidarity with the Palestinian people, the interest is high […]

Pierluigi Paganini March 23, 2013
T-Mobile MITM, a starting point to discuss mobile security

Many times we discussed about large diffusion of mobile devices and of related cyber threats, around a months ago I presented the case of HTC mobile that revealed 18 million devices commercialized by Taiwanese company had security flaws that could exposes users to serious risks, in particular the bugs could allow the theft of information […]

Pierluigi Paganini March 22, 2013
Flaw in Sky.it web site allows brute force attack

Sky is a brand names for satellite television providers and channels, owned or partially owned by News Corporation an American diversified multinational mass media corporation headquartered in New York City, United States. The IT specialist, Fabio Natalucci, published a blog post  related a vulnerability on the Italian web site that allows an attacker to perform a brute force attack […]

Pierluigi Paganini March 18, 2013
ReVuln – gaming platforms as vector of cyber attack

The excellent researchers at ReVuln, Luigi Auriemma and Donato Ferrante, presented at Black Hat Europe 2013 in Amsterdam a way to convert local bugs and features in remotely exploitable security vulnerabilities by using the popular EA Origin 3 platform as an attack vector against remote systems. EA Origin is one of the biggest gaming related digital […]

Pierluigi Paganini March 17, 2013
Indian pentester discovers a flaw in Google Drive

As usual I was reading the news on The Hacker New security portal when a post attracted my attention, another security issue related to an IT giant, Google. The Indian penetration tester Ansuman Samantaray discovered a security flaw in Google drive that exposes millions of Google users to threat of phishing attacks. Too bad that Google […]

Pierluigi Paganini March 16, 2013
NIST – National Vulnerability Database website hacked

The news is curious as it is worrying, unknown hackers have violated the US government repository of standards based vulnerability management website, known as National Vulnerability Database (NVD), last week. The NVD website appears down since last Friday, fortunately while I’m writing is up again, the attackers have compromised at least two servers with a […]

Pierluigi Paganini March 15, 2013
XSS vulnerability in 2shared.com reported by Virus_Hima

The Egyption hacker Virus_Hima hit again, he became famous in the latest months thanks the discovery of Adobe and Yahoo vulnerabilities. This hacker is an example, he supports the research and never tried to sell information on flaws discovered on the undergroud, he is a gray hat from which to learn, so it is for me! […]

Pierluigi Paganini March 12, 2013
Researcher demonstrated serious flaw in Apple App Store

Once again the security of large scale application and platform is challenged, today is the turn of Apple, in particular of its famous Apple store that according the Researchers Elie Bursztein  was vulnerable for more than half year. The developer supported Apple to discovery and fix an important vulnerability that allowed to steal passwords and […]

Pierluigi Paganini March 08, 2013
Brilliant hacker Zatko confirms ending of Cyber Fast Track program

The popular white hat hacker Peiter C. Zatko, aka Mudge, confirms to have ended his experience with the Cyber Fast Track program. The story has begun when one of the most famous US hackers Peiter C. Zatko, also known as Mudge and a member of the hacking group The Cult of the Dead Cow, decided to […]

Pierluigi Paganini March 05, 2013
Java exploit signed with certificate stolen to Bit9

According security experts the numerous cyber attacks that hit principal IT companies, news agencies and government offices exploited zero-day vulnerabilities in Java software to the point that many recommend to uninstall Java plug-in from our browser unless absolutely necessary. Same clamor had obtained in the past the discovery that malware source codes were signed with […]