Security

Pierluigi Paganini September 14, 2014
Flaws in php5 could cause crash or run programs on Ubuntu

Ubuntu has issued a security notice to inform users about flaws in php5 exploitable to crash or run programs if it received specially crafted network traffic. According to the recent Ubuntu Security Notice php5 could be made to crash or run arbitrary code if it received specially crafted network traffic. “Summary -php5 could be made […]

Pierluigi Paganini September 13, 2014
DNS cache poisoning attacks to steal emails are reality

CERT warns that DNS Cache Poisoning attacks could be used also to hijack email to a rogue server and not only to divert the Internet traffic. DNS attacks are very popular in hacking community, they could be run by cyber criminals and state-sponsored hackers for various purposes, including cyber espionage and financially motivated attacks. A DNS […]

Pierluigi Paganini September 11, 2014
High-Risk flaws affect the NOAA Satellite System JPSS

The NOAA JPSS System is affected by thousands vulnerabilities, according to a memorandum from the Department of Commerce’s Office of the Inspector General. The Satellite systems at NOAA (National Oceanic and Atmospheric Administration) are affected by thousands of severe vulnerabilities that could be exploited by threat actors hit them. The disconcerting news refers the findings of […]

Pierluigi Paganini September 10, 2014
UNHcFREG researchers disclosed flaws dozen Android apps

Researchers from the UNHcFREG (University of New Haven) is publishing on YouTube a series of videos to disclose vulnerabilities in a dozen Android apps. Experts at the University of New Haven’s Cyber Forensics Research and Education Group (UNHcFREG) have decided to disclose vulnerabilities in a dozen Android apps, including the popular mobile applications Instagram, Vine and OKCupid. […]

Pierluigi Paganini September 09, 2014
De-Anonymize Google Users with new Timing Attack

De-Anonymize Google Users with new Timing Attack is possible, it is also possible identify Tor users if they’re logged in to Google while using Tor browser. De-anonymize Google users is the goal of different studies and a new research conducted by Andew Cantino, the vice president of engineering at Mavenlink, demonstrates that it is possible to […]

Pierluigi Paganini September 09, 2014
Trustwave analyzed of point-of-sale malware

Experts at Trustwave analyzed point-of-sale malware providing data related principal code used, exfiltration and persistence techniques implemented. Trustwave firm as published an interesting report on the point-of-sale malware based on its investigation on different breaches involving payment card data. The experts at Trustwave have examined a large amount of malware that targets point-of-sale devices, this family of malicious code is […]

Pierluigi Paganini September 08, 2014
CERT disclosed the list of most popular vulnerable Android apps

The CERT has published the results of its test conducted on popular Android applications that fail to properly validate SSL certificates. In several posts we have discussed about the improper validation of  SSL certificates made by mobile devices, recently we mentioned the case of the Gmail app for iOS devices which, according to an expert at mobile security […]

Pierluigi Paganini September 08, 2014
The Chinese Government runs MitM attack on Google users

The Chinese Government is running a MITM attack on SSL encrypted traffic between Chinese China Education and Research Network and Google. Google website, like many other web services, is blocked by the Chinese Government, which operate a rugged censorship on the Internet content. But block a resource like Google is anachronistic and counterproductive, for this reason, China allows […]

Pierluigi Paganini September 08, 2014
Tim Cook announced security improvements for Apple solutions

Apple CEO Tim Cook announced that the company will improve the security of its solutions, including iCloud, starting from extension of 2FA mechanisms. The recent disclosure of hundreds celebrity pictures has raised the discussion on the level of security offered by the Apple iCloud stored service. To improve the security offered by the iCloud service, Apple’s CEO Tim Cook […]

Pierluigi Paganini September 05, 2014
The rapid growth of the Darknet black markets

The Digital Citizen’s Alliance provided an updating to the study which analyzes online black markets, focusing on the sales of illegal drugs. The cybercrime ecosystem has no limit, it is a prolific industry that evolves with time and is always full of new players as reported in a recent report published by the Digital Citizen’s Alliance. The […]