Security

Pierluigi Paganini February 06, 2021
Experts found critical flaws in Realtek Wi-Fi Module

Critical flaws in the Realtek RTL8195A Wi-Fi module could have been exploited to gain root access and take over devices’ wireless communications. Researchers from Israeli IoT security firm Vdoo found six vulnerabilities in the Realtek RTL8195A Wi-Fi module that could have been exploited to gain root access and take control of a device’s wireless communications. […]

Pierluigi Paganini February 05, 2021
Fortinet addresses 4 vulnerabilities in FortiWeb web application firewalls

Security vendor Fortinet has addressed four vulnerabilities in FortiWeb web application firewalls, including a Remote Code Execution flaw. Fortinet has addressed four vulnerabilities in FortiWeb web application firewalls that were reported by Positive Technologies expert Andrey Medov.  The first vulnerability, tracked as CVE-2020-29015, is a blind SQL injection that resides in the FortiWeb user interface. […]

Pierluigi Paganini February 04, 2021
Hackers accessed Stormshield data, including source code of ANSSI certified products

The provider of network security products Stormshield discloses data breach, threat actors stole information on some of its clients. Stormshield is a major provider of network security products to the French government, some approved to be used on sensitive networks. Stormshield is a French publisher of software specialized in computer security, its products are certified […]

Pierluigi Paganini February 04, 2021
Cisco fixes critical remote code execution issues in SMB VPN routers

Cisco addressed multiple pre-auth remote code execution (RCE) flaws in small business VPN routers that allow executing arbitrary code as root. Cisco has fixed several pre-auth remote code execution (RCE) issues in multiple small business VPN routers. The flaws could be exploited by unauthenticated, remote attackers to execute arbitrary code as root on vulnerable devices. […]

Pierluigi Paganini February 01, 2021
Google discloses a severe flaw in widely used Libgcrypt encryption library

Google discovered a flaw in GNU Privacy Guard (GnuPG)’s Libgcrypt encryption library that could be exploited to get remote code execution. The popular white hat hacker Tavis Ormandy of Google Project Zero discovered a severe heap buffer overflow flaw in GNU Privacy Guard (GnuPG)’s Libgcrypt encryption software could have allowed a remote attacker to write […]

Pierluigi Paganini January 31, 2021
Experts explain how to bypass recent improvement of China’s Great Firewall

Experts from Great Firewall Report analyzed recent upgrades to China’s Great Firewall and revealed that it can be circumvented. Members of the Great Firewall Report group have analyzed the recent improvement implemented for China’s Great Firewall censorship system and revealed that it is possible to bypass it. Last year, the group published a detailed analysis […]

Pierluigi Paganini January 28, 2021
CISA warns of high-severity flaws in Fuji Electric Tellus Lite V-Simulator and Server Lite

The U.S. CISA published a security advisory for High-Severity flaws in some SCADA/HMI products made by Japanese company Fuji Electric. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued a security advisory to warn industrial organizations of some high severity flaws in SCADA/HMI products made by Japanese electrical equipment company Fuji Electric. The vulnerabilities affect […]

Pierluigi Paganini January 27, 2021
Pwn2Own 2021, more than $1,500,000 in cash and prizes for contestants

Trend Micro’s Zero Day Initiative announced the Pwn2Own Vancouver 2021 hacking competition that will also cover Zoom, MS Teams Exploits. Trend Micro’s Zero Day Initiative (ZDI) on this week announced the forthcoming Pwn2Own Vancouver 2021 hacking competition that will take place on April 6-8. The organizers provided information about the targets, prizes and rules for […]

Pierluigi Paganini January 27, 2021
Maritime port cybersecurity

Let’s talk about cyber risk in the maritime and port setting to better understand Maritime Port cybersecurity. In order to better understand the evolutionary trend of worldwide shipping and port facilities from 2007 to present, it is necessary to talk again about cyber risk in the maritime and port setting. It is not the purpose […]

Pierluigi Paganini January 27, 2021
Apple addresses three iOS zero-day flaws exploited in the wild

Apple has addressed three zero-day vulnerabilities in its iOS operating system that have been exploited in the wild. Apple has addressed three zero-day vulnerabilities in iOS that have been exploited in the wild with the release of security updates (iOS 14.4). The first zero-day issue, tracked as CVE-2021-1782, is a race condition that resides in the […]