Security

Pierluigi Paganini August 13, 2014
Cisco EnergyWise suite vulnerable to Denial of Service attack

Researchers at BlackHat discovered a Denial of Service Vulnerability in Cisco IOS Software and Cisco IOS XE Software EnergyWise. Researchers from ERNW GMBH revealed that misconfigurations and vulnerabilities in Cisco’s EnergyWise suite could be exploited by attackers to cause huge blackouts. The team has presented the results of their study during the last Black Hat  conference […]

Pierluigi Paganini August 12, 2014
CVE-2014-0546 vulnerability is being exploited in limited attacks

Experts at Kaspersky Lab have detected a vulnerability in Adobe solutions coded as CVE-2014-0546 which has been already exploited in limited attacks. Kaspersky Lab was the first team of experts to report the CVE-2014-0546 vulnerability in Adobe solutions, the Adobe firm has issued a security bulletin to describe the security update provided by the company to […]

Pierluigi Paganini August 11, 2014
F-Secure discovered Xiaomi handset spying on users’data

Experts at F-Secure security firm analyzing the new Xiaomi RedMi 1S discovered that it sends out to a server located in China a lot of user’s data. Xiaomi, one of the most important Chinese smartphone manufacturers is accused for secretly steal users’ data and send it back to a server in China, despite the company has turned […]

Pierluigi Paganini August 09, 2014
1million Android devices infected by Xshqi Worm on Chinese Valentine’s day

One million Android devices in China were infected with an Xshqi SMS worm on August 2, the day the country celebrated Valentine’s Day. Experts at Kaspersky Lab revealed that a  malware, dubbed Trojan.AndroidOS.Xshqi.a, infected neatly 500,000 Android devices in just six hours last week in China, but Chinese media provided a more pessimistic estimate declaring that the […]

Pierluigi Paganini August 07, 2014
WordPress and Drupal websites Vulnerable to DoS attack which can make them completely inaccessible

The popular expert Nir Goldshlager has discovered an XMLRPC vulnerability which affects millions WordPress and Drupal websites exposing them to DoS Attack. If your website is based a WordPress or Drupal CMS you need to urgently update it to the last version released due to the presence of a critical vulnerability in the implementation of […]

Pierluigi Paganini August 06, 2014
Security flaw allows to bypass PayPal two-factor authentication

A Security researcher has discovered a new flaw in the two-factor authentication process implemented by PayPal to protect its users. Security researcher Joshua Rogers has discovered a simple way of bypassing the two-factor authentication mechanism implemented by PayPal to protect accounts that are linked to eBay accounts. The flaw resides in the login process when a user is prompted […]

Pierluigi Paganini August 05, 2014
Hacking satellite communications equipment on passenger jets

Cyber security expert claims to be able access satellite communications equipment on passenger jets through their WiFi and in-flight entertainment systems. Airplanes Can Be Hacked Through Wireless In-flight Entertainment System, this is not a new discovery as I explained in a post published more that one year ago and titled “Cyber Threats against the Aviation […]

Pierluigi Paganini August 05, 2014
China bans Symantec & Kaspersky from the list of antivirus suppliers

China has excluded Symantec Corp and Kaspersky Lab from a list of approved antivirus software suppliers to limit the use of foreign technology. Cyber espionage is the first concern of government, China and US exchanged in the months reciprocal accusations on a series of hacking campaign conducted with the purpose of stealing sensitive information. According to the People’s Daily […]

Pierluigi Paganini August 04, 2014
Analysis of the Stuxnet Cyber Weapon Family and Dragonfly

Cyber weapons like Stuxnet will only grow in prevalence, use and sophistication and it is therefore in the interest of national security to develop advanced mitigation techniques and capabilities. The progenitor of Duqu, Flame and Gauss are reported as the authors of STUXNET. As illustrated, the trend of advancements between these four cyber weapons suggests […]

Pierluigi Paganini August 04, 2014
Tens of thousands of Mozilla developers emails and password exposed

Mozilla Security Team announced the accidental disclosure of MDN email addresses of about 76,000 users and encrypted passwords of about 4,000 users. Bad news for tens of thousands of Mozilla developers, their email addresses and encrypted passwords were accidentally exposed. The news was reported in blog post published on the official Mozilla Security Blog, the risk is […]