Pierluigi Paganini
February 08, 2021
Google announced the launch of OSV (Open Source Vulnerabilities), a vulnerability database and triage infrastructure for open source projects. Google last week announced the OSV (Open Source Vulnerabilities), a vulnerability database and triage infrastructure for open source projects. The database aims at helping both open source maintainers and consumers of open source projects. The archive […]
Pierluigi Paganini
February 07, 2021
The number of vulnerabilities discovered in industrial control system (ICS) products surged in 2020, security firm Claroty reports. According to a report published by the industrial cybersecurity firm Claroty that focuses on the second half of 2020, the number of flaws discovered in industrial control system (ICS) products in 2020 (893 flaws) was 24,72% higher […]
Pierluigi Paganini
February 06, 2021
Critical flaws in the Realtek RTL8195A Wi-Fi module could have been exploited to gain root access and take over devices’ wireless communications. Researchers from Israeli IoT security firm Vdoo found six vulnerabilities in the Realtek RTL8195A Wi-Fi module that could have been exploited to gain root access and take control of a device’s wireless communications. […]
Pierluigi Paganini
February 05, 2021
Security vendor Fortinet has addressed four vulnerabilities in FortiWeb web application firewalls, including a Remote Code Execution flaw. Fortinet has addressed four vulnerabilities in FortiWeb web application firewalls that were reported by Positive Technologies expert Andrey Medov. The first vulnerability, tracked as CVE-2020-29015, is a blind SQL injection that resides in the FortiWeb user interface. […]
Pierluigi Paganini
February 04, 2021
The provider of network security products Stormshield discloses data breach, threat actors stole information on some of its clients. Stormshield is a major provider of network security products to the French government, some approved to be used on sensitive networks. Stormshield is a French publisher of software specialized in computer security, its products are certified […]
Pierluigi Paganini
February 04, 2021
Cisco addressed multiple pre-auth remote code execution (RCE) flaws in small business VPN routers that allow executing arbitrary code as root. Cisco has fixed several pre-auth remote code execution (RCE) issues in multiple small business VPN routers. The flaws could be exploited by unauthenticated, remote attackers to execute arbitrary code as root on vulnerable devices. […]
Pierluigi Paganini
February 01, 2021
Google discovered a flaw in GNU Privacy Guard (GnuPG)’s Libgcrypt encryption library that could be exploited to get remote code execution. The popular white hat hacker Tavis Ormandy of Google Project Zero discovered a severe heap buffer overflow flaw in GNU Privacy Guard (GnuPG)’s Libgcrypt encryption software could have allowed a remote attacker to write […]
Pierluigi Paganini
January 31, 2021
Experts from Great Firewall Report analyzed recent upgrades to China’s Great Firewall and revealed that it can be circumvented. Members of the Great Firewall Report group have analyzed the recent improvement implemented for China’s Great Firewall censorship system and revealed that it is possible to bypass it. Last year, the group published a detailed analysis […]
Pierluigi Paganini
January 28, 2021
The U.S. CISA published a security advisory for High-Severity flaws in some SCADA/HMI products made by Japanese company Fuji Electric. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued a security advisory to warn industrial organizations of some high severity flaws in SCADA/HMI products made by Japanese electrical equipment company Fuji Electric. The vulnerabilities affect […]
Pierluigi Paganini
January 27, 2021
Trend Micro’s Zero Day Initiative announced the Pwn2Own Vancouver 2021 hacking competition that will also cover Zoom, MS Teams Exploits. Trend Micro’s Zero Day Initiative (ZDI) on this week announced the forthcoming Pwn2Own Vancouver 2021 hacking competition that will take place on April 6-8. The organizers provided information about the targets, prizes and rules for […]
