Security

Pierluigi Paganini October 04, 2016
ICS-CERT annual vulnerability coordination report 2015, +74% flaws

The US ICS-CERT published its annual vulnerability coordination report for FY 2015 that provided information about security holes reported to the agency. The US ICS-CERT has published its annual vulnerability coordination report for the fiscal year 2015. The report included detailed information about security vulnerabilities reported to the US ICS-CERT in 2015. “ICS-CERT is pleased to announce the release of […]

Pierluigi Paganini October 03, 2016
UK is going to open the National Cyber Security Centre with 700 experts

The UK Government confirms the opening of the UK first national anti-cybercrime centre, the National Cyber Security Centre (NCSC). UK confirms to be one of the most advanced countries on cyber security and announce the imminent opening of the UK’s first national anti-cybercrime centre, the National Cyber Security Centre (NCSC). The anti-cybercrime centre will open in London […]

Pierluigi Paganini September 30, 2016
CVE-2016-6406 – CISCO reported a critical flaw in email security appliances (ESA)

Cisco issued a security advisory about a vulnerability, tracked as CVE-2016-6406, affecting the Email Security Appliance Internal Testing Interface. Cisco Systems reported the existence a vulnerability (CVE-2016-6406) in the email security appliances that could be exploited by a remote unauthenticated attacker to gain complete control of the security solution. The vulnerability is related the Cisco IronPort AsyncOS […]

Pierluigi Paganini September 30, 2016
Mozilla plans to ban the Chinese CA WoSign due to trust violations

Mozilla is at the point of banning Chinese certificate authority WoSign due to a number of severe violations that could impact Internet users. Mozilla is at the point of banning Chinese certificate authority WoSign due to a number of violations, including backdating SHA -1 certificates in order to subvert deprecating certs from being trusted. According […]

Pierluigi Paganini September 29, 2016
Generalized RSA (GRSA) Using 2k Prime Numbers with Secure Key Generation

In this blog, we introduce a generalized algorithm over RSA which is advanced, adaptable and scalable in using the number of primes. Cryptography is used for secure communication since ancient days for providing confidentiality, integrity, and availability of the information. Public key cryptography is a classification of cryptography having a pair of keys for encryption and decryption. […]

Pierluigi Paganini September 28, 2016
Good news, the Facebook OSquery tool is now available also for Windows

Good news, the social network giant Facebook finally announced the availability of the open source OSquery developer kit for Windows. Facebook announced to have completed the porting of its detection open-source tool OSquery to Windows. The tool allows users to monitor networks and to detect potential malicious activities, such as the presence of malicious codes. The cross-platform tool, that […]

Pierluigi Paganini September 23, 2016
As of October 5, automatic OAuth 2.0 token revocation upon password reset

Google announced a change to its security policy to increase the account security that includes the OAuth 2.0 token revocation upon password reset. Google has finally announced a new OAuth 2.0 token revocation according to its security policy, the company will roll out the change starting on Oct. 5. The change to the Google security policy […]

Pierluigi Paganini September 22, 2016
CVE-2016-6374 – Don’t waste time, patch your CISCO Cloud Services Platform

Cisco has issued a security patch to address a remote hijacking vulnerability, tracked as CVE-2016-6374, in the Cloud Services Platform (CSP). This patch is very important, CISCO urges all customers who run CSP 2100 software to install the 2.1.0 update that addresses a “high” risk remote code execution flaw. The CISCO Cloud Services Platform (CSP) is […]

Pierluigi Paganini September 21, 2016
Over 840,000 Cisco systems affected by the Equation Group’s flaw CVE-2016-6415

The Shadowserver Foundation has conducted a scan of the Internet for CISCO devices running IOS software affected by the CVE-2016-6415 vulnerability. Recently experts from CISCO discovered a vulnerability, tracked as CVE-2016-6415, in IOS system,while investigating the Equation Group‘s exploits leaked by the Shadow Broker hacker group. In particular, experts from CISCO were evaluating the impact […]

Pierluigi Paganini September 20, 2016
A mistake allowed us a peek into North Korea Internet infrastructure

A mistake allowed us a peek into the North Korea Internet infrastructure, a security researcher discovered that Pyongyang has just 28 websites. The North Korea is one of the countries that most of all is investing to improve its cyber capabilities and that has one of the largest cyber armies. But North Korea is also known for […]