US Army Military experts urge the establishment of an Army Vulnerability Response Program (AVRP), a sort of military bug bounty program. What happen when bug hunters have to work with high sensitive environment? An interesting post published by the Cyber Defense Review raises the discussion about the was way to handle vulnerabilities in the information security infrastructure of the […]
In Israel there is an advanced cyber security industry, based mostly on veterans from two intelligence units, the cyber labor market is a new guild. Cyber technology could be a catalyst to equality in the labor market. Its power is seeded in the ability of everyone to gain skills without social entry barriers. To succeed […]
The Google Project Zero hacker James Forshaw assessed Windows 10 analyzing the big risks related with the new OS from Microsoft. James Forshaw, a member of the Google Project Zero hacking crew, was given the task to asses Windows 10, and see if there were big risks related with the new OS from Microsoft. Forshaw talked […]
Cyber Security Expert Mikko Hyppönen worries about cyber terrorists belonging to the Islamic State (ISIL or ISIS) have a credible offensive cyber capability The popular Cyber security expert Mikko Hyppönen, Chief Research Officer for F-Secure, said he worries about cyber extremists that could penetrate critical infrastructure and cause serious damages. The expert explained that the ISIS is probably […]
A hacker belonging to the alleged group LulzSec has claimed responsibility for a DDoS attack that hit UK telecom TalkTalk this week, but … I’m following the events related to the data breach suffered by the TalkTalk company, this week the British company has publicly disclosed that four million subscribers have been impacted by a “sustained […]
Now that it is known a critical flaw in the Diffie-Hellman key-exchange protocol was exploited by the NSA to break the internet encryption, how to stop it? Recently a group of researchers has revealed how the NSA has cracked HTTPS, SSH, and VPNs rely on the Diffie-Hellman encryption by exploiting a wrong implementation of the cryptographic algorithm. The […]
Joomla just released a patch to fix a critical vulnerability that can allow an attacker to get full administrative access to a website. The new version of the popular Joomla content management system, the Joomla 3,4,5, is available online. The new release fixes a critical SQL injection vulnerability that could be exploited by attackers to […]
Imperva has discovered that attackers hijack CCTV cameras to launch powerful DDoS attacks exploiting weak credentials and poor configurations of IoT devices. Internet of Things devices are becoming privilege targets of threat actors that daily abuse of their resources to run cyber attacks or to organize frauds or to spy on unaware users. Unfortunately, most IoT devices […]
The ISACA study “2015 Advanced Persistent Threat Awareness-Third Annual” tries to uncover information security professionals’ understanding of APT threats. A new report published by the ISACA organization that surveyed more than 660 cyber security professionals reveals that more than one in four organizations (28%) have already suffered an APT attack. According to the experts, the BYOD is increasing […]
Serious flaws in the Network Time Protocol can be exploited to cause severe outages, eavesdrop encrypted communications, bypass authentication processes. Bad news for network administrators, new attacks on Network Time Protocol can defeat HTTPS and create serious problems. The bugs exploited in the attacks was discovered by the experts at the Cisco’s Talos group that has been working […]