Pierluigi Paganini
November 15, 2013
At last HP’s Pwn2Own 2013 contest hacking teams from Japan and China compromised iPhone 5 running iOS 6 and iOS 7 and a Samsung Galaxy S4. During the last HP’s Pwn2Own 2013 contest at Information Security Conference PacSec 2013 in Tokyo, two teams of Chinese and Japanese hackers demonstrated the exploitation of zero-day vulnerability in Apple’s Safari browser for […]
Pierluigi Paganini
November 13, 2013
MacRumors, the Mac news and information website and user forums, was hacked, more than 860,000 accounts were potentially compromised. MacRumors, the popular Mac news and information website and user forums have been hacked this week, according the first news circulating on the internet more than 860,000 accounts were potentially compromised on the total of 1.8 million registered […]
Pierluigi Paganini
November 12, 2013
The GCHQ (British Government Communications Headquarters) used fake LinkedIn and Slashdot to hack Belgacom, OPEC & others GRX providers. According to the German weekly news magazine Der Spiegel the British signals intelligence spy agency has again adopted a “quantum insert” technique to target employees of two companies that are GRX (Global Roaming Exchange) providers. The […]
Pierluigi Paganini
November 11, 2013
FireEye Labs has identified a new IE zero-day exploit used for a watering hole attack in the US. As usual it is crucial to track and mitigate so dangerous threats in time to avoid serious problems. FireEye Labs has detected a new series of attacks based on the exploit of a new IE zero-day vulnerability […]
Pierluigi Paganini
November 09, 2013
Search engines are formidable tools for reconnaissance, Google Hacking is essential knowledge for professionals searching for website vulnerabilities. Search engines are powerful tools for attackers that need to conduct passive reconnaissance, their use could help to gather information on the target network organization, application used and related vulnerabilities, sensitive documents and info on company personnel. […]
Pierluigi Paganini
November 07, 2013
Security experts at Securi firm have recently detected a series of SQL Injection attacks conducted abusing of the Google Bot activity. The exploitation of search engines like Google and Bing to conduct an attack represents an optimal choice for hackers that intend to stay hidden during the offensive. No IT administrator would block traffic from […]
Pierluigi Paganini
November 06, 2013
Microsoft Zero-day CVE-2013-3906 – Microsoft informed to be aware of a vulnerability in a Microsoft graphics component that is actively exploited in targeted attacks using crafted Word documents sent by email. A new zero-day vulnerability has been found a Microsoft product that could allow attackers to install a malware via infected Word documents. The Microsoft […]
Pierluigi Paganini
November 05, 2013
The professional social network LinkedIn is a mine of information for any king of attackers, a Websense post described a typical attack scenario. Recently I read an interesting post published on the Websense security labs blog on the use of social network LinkedIn for the reconnaissance phase of an attack. The concept is not […]
Pierluigi Paganini
November 04, 2013
Security expert Jay Freeman discovered another Master Key vulnerability in Android 4.4 that allows attackers to inject malicious code in legit apps. The flaw known as “Android Master Key vulnerability” is considered a nightmare for Android OS, last July it was discovered for the first time and experts revealed that 99% of Android devices are vulnerable. The […]
Pierluigi Paganini
November 03, 2013
Security Researcher Mohamed Osman Saeed has identified numerous vulnerabilities and reported them all, they include SQL Injection, XSS and URL Redirect. Security Researcher Mohamed Osman Saeed has identified numerous vulnerabilities and reported them all following an ethical conduct. The flaw interested principal security firms and private companies, following the complete list: Invalidated URL Redirect in […]
Malware / September 05, 2025
