Security

Pierluigi Paganini April 21, 2020
OpenSSL Project fixed high-severity CVE-2020-1967 DoS issue in OpenSSL

The OpenSSL Project has released a security update for OpenSSL that addresses a DoS vulnerability tracked as CVE-2020-1967. The OpenSSL Project released a security update for OpenSSL that patches a high-severity vulnerability, tracked as CVE-2020-1967, that can be exploited by attackers to launch denial-of-service (DoS) attacks. This is the first issue addressed in OpenSSL in […]

Pierluigi Paganini April 17, 2020
Experts shed the light on the mysterious critical VMware vCenter Server issue

Security firm Guardicore released technical information on a critical VMware vCenter Server vulnerability recently disclosed by VMware. Earlier this month, VMware has addressed a critical information disclosure flaw, tracked as CVE-2020-3952, that could be exploited by attackers to compromise vCenter Server or other services that use the Directory Service (vmdir) for authentication. The CVE-2020-3952 vulnerability […]

Pierluigi Paganini April 17, 2020
Cisco addresses critical issues in IP Phones and UCS Director

Cisco released security patches to address numerous flaws in its products, including critical severity issues that affect IP Phones and UCS Director. The critical vulnerability fixed by Cisco affects IP Phones and resides on the webserver, the flaw could be exploited by a remote, unauthenticated attacker to execute code with root privileges. The flaw, tracked as CVE-2020-3161, […]

Pierluigi Paganini April 17, 2020
Mastering Communication in Cyber Intelligence Activities: A Concise User Guide

by Boris Giannetto and Pierluigi Paganini Communication is key in intelligence activities. On the one hand, it is essential to transfer to a number of recipients the knowledge coming from information acquisition and analysis (“intelligence communication”); on the other hand, it is crucial to understand and control the communication connected with the activities carried out (“communication […]

Pierluigi Paganini April 14, 2020
Microsoft addresses three Windows issues actively exploited

Microsoft Patch Tuesday security updates for April 2020 address 113 flaws, including three Windows issues that have been exploited in attacks in the wild. Microsoft Patch Tuesday security updates for April 2020 address 113 flaws, including two remote code execution flaws in Windows that are actively exploited. 17 vulnerabilities are rated critical, the remaining ones are […]

Pierluigi Paganini April 14, 2020
Adobe addresses five issues in ColdFusion, After Effects, Digital Editions

Adobe has addressed five minor vulnerabilities in its ColdFusion, After Effects and Digital Editions products. Adobe has addressed five vulnerabilities in its ColdFusion, After Effects and Digital Editions products. “Adobe has published security bulletins for Adobe ColdFusion (APSB20-18), Adobe After Effects (APSB20-21) and Digital Editions (APSB20-23). Adobe recommends users update their product installations to the latest versions […]

Pierluigi Paganini April 14, 2020
Crooks target Healthcare facilities involved in Coronavirus containment with Ransomware

PaloAlto Networks experts warn of malicious Coronavirus themed phishing campaigns targeting government and medical organizations. Experts from Paloalto Unit 42 published a report that analyzes the cross-section between the various types of Coronavirus-themed attacks aimed at organizations in different industries. Recently organizations in healthcare, research, and government facilities have been hit by Coronavirus-themed attacks that […]

Pierluigi Paganini April 13, 2020
Updated: Apple and Google join forces to develop Contact Tracing app against Coronavirus

Google and Apple recently announced a joint project for the development of a Coronavirus ‘contact tracing’ tool for mobile devices. A contact tracing app is a tool that could be used to contain new diseases, like Coronavirus, by tracking down and quarantining everyone that gets infected and localize any person that has been in contact […]

Pierluigi Paganini April 12, 2020
Thousands Zoom credentials available on a Dark Web forum

Security researchers discovered an archive available on a dark web forum that includes thousands of compromised Zoom credentials. Researchers discovered a database available on an underground forum in the dark web that contained more than 2,300 compromised Zoom credentials. Some of the records also included meeting IDs, names and host keys. The archive included credentials […]

Pierluigi Paganini April 12, 2020
A new e-skimmer found on WordPress site using the WooCommerce plugin

Experts discovered a new e-skimmer employed in MageCart attacks against WordPress websites using the WooCommerce plugin. Experts from security firm Sucuri discovered a new e-skimmer software that is different from similar malware used in Magecart attacks. The new software skimmed was employed in attacks on the WordPress-based e-store using the WooCommerce plugin. The e-skimmer doesn’t […]