Security

Pierluigi Paganini June 28, 2014
Android 4.3 and Earlier affected by Critical Code-Execution Flaw

A serious code-execution vulnerability in Android 4.3 and earlier was patched with latest KitKat Android Operating System version. Are you using the Android 4.3 version and you are convinced to be secure? You are unfortunately wrong, because this version of Android and earlier are affected by a critical code-execution vulnerability. According to data proposed by the Android […]

Pierluigi Paganini June 27, 2014
PlugX RAT with Time Bomb abuses Dropbox in targeted attacks

Trend Micro analyzed a targeted attack against a Taiwanese government entity which used a variant of the PlugX RAT that abuses the Dropbox service. Researchers from Trend Micro discovered that a targeted attack against a government agency in Taiwan was conducted using a variant of the PlugX remote access tool (RAT) which abuses the popular file hosting service […]

Pierluigi Paganini June 26, 2014
Critical flaw in TimThumb plugin menaces the WordPress world

A critical vulnerability in the WebShot feature implemented by TimThumb plugin expose WordPress instance to Remote Code Execution attacks. The popular image resizing library TimThumb used in many WordPress themes, 3rd party components and plugins is affected by a critical vulnerability which allows an attacker for certain commands to be remotely executed, without authentication, on the vulnerable website. The discovery of the […]

Pierluigi Paganini June 26, 2014
PayPal two-factor authentication for mobile apps is flawed

Security experts at Duo Security have discovered a serious flaw in the implementation of two-factor authentication which allow attackers to bypass it. Two-factor authentication processes if flawed could give to companies a false sense of security even if we are discussing of PayPal. In the past we have explained how to by-pass Two-factor authentication in various ways, for example, using […]

Pierluigi Paganini June 25, 2014
Cyber espionage campaign based on Havex RAT hit ICS/SCADA systems

Security Experts at F-Secure discovered a cyber espionage campaign based in the Havex malware targeting ICS/SCADA systems and vendors. Security Experts at F-Secure have conducted an investigation on the Havex Malware family in the past months, let’s remember that the malicious agent has been used in several targeted attacks against different industry sectors, and according […]

Pierluigi Paganini June 25, 2014
Luuuk Campaign Steals €500K from an European bank in one week

Security experts at Kasperky Lab has uncovered the Luuuk banking fraud campaign which stolen half a million euros in a single week from a single bank. Experts at Kaspersky Labs discovered new banking Trojan dubbed Luuuk which hit the customers of a single European financial institution. In one week, Luuuk trojan targeted a single European bank, not […]

Pierluigi Paganini June 24, 2014
HackingTeam, new revelations on the surveillance network

Kaspersky Lab and Citizen Lab have released the results of their analysis on the global C2 infrastructure used by the Italian firm HackingTeam. Security experts from Kaspersky Lab and Citizen Lab at the Munk School of Global Affairs at the University of Toronto have released the results of their analysis on the  global command and control […]

Pierluigi Paganini June 23, 2014
Largest DDoS attack hit PopVote, Hong Kong Democracy voting site

Largest DDoS attack hit PopVote, Hong Kong Democracy voting website.  Experts at CloudFlare observed a three hundred gigabits per second DDoS attack. The largest ever and most severe Distributed Denial of Service (DDoS) attack in the history has recently hit the online democracy poll promoting opinion on the upcoming Hong Kong elections. The system under attack is […]

Pierluigi Paganini June 23, 2014
Impact of Windows XP End of life on Critical Infrastructure

Which is the impact of the Windows XP End of Life on the critical infrastructure? Which are the risks and the mitigation strategies that could be adopted? This week I had the pleasure and the honor to participate as a speaker for a seminar at Rome Security Summit 2014, the theme of the event was “Impact […]

Pierluigi Paganini June 22, 2014
RSA – Malware proposal on the open web increasingly fearless

The RSA Research Team has discovered the offer of a complete collection of malware through open channels like social media and emails. RSA Research has recently published an interesting update on the underground sale of malware tool, the experts have discovered a server who is offering a set of spyware tools for sale under the […]