Pierluigi Paganini
May 31, 2016
The independent researcher Maxim Rupp reported an unpatchable flaw in the ICS Environmental Systems Corporation (ESC) 8832 Data Controller. Vulnerable SCADA and industrial control systems represent the entry point in critical infrastructure for hacking attacks. In many cases, patch management of these systems is very complex and in some specific scenarios known flaws could not be fixed for various […]
Pierluigi Paganini
May 31, 2016
According to the security firm High-Tech Bridge many of the Alexa Top 10,000 websites are still vulnerable to the OpenSSL flaw CVE-2016-2107. The CVE-2016-2107 flaw affecting the open-source cryptographic library could be exploited to launch a man-in-the-middle attack leveraging on the ‘Padding Oracle Attack’ that can decrypt HTTPS traffic if the connection uses AES-CBC cipher and the server supports AES-NI. According […]
Pierluigi Paganini
May 31, 2016
Analyzing the data included in the Internet Crime Compliant Center – IC3 report 2015 recently issued by the Federal Bureau of Investigation. FBI released the Internet Crime Compliant Center – IC3 report of 2015 last week. During the last calendar year, IC3 received 288,012 complaints and 44 percent of them reported financial loss equal to […]
Pierluigi Paganini
May 30, 2016
The US Computer Emergency Response Team has issued a warning after the discovery a security issue the popular medical application MEDHOST PIMS (PIMS). Many security experts believe that medical industry lack of a proper security posture, despite it is a high-tech sector the vast majority of medical equipment was not designed with a security by design […]
Pierluigi Paganini
May 29, 2016
According to the RT.com media agency the Russia is developing new kamikaze drones to use in surgical military operations. When you think about possible military uses of drones, surveillance and air strikes are the principal activities that we can imagine. According to the Russian media, the Russia is developing a kamikaze drone that could be used […]
Pierluigi Paganini
May 27, 2016
This article is an excerpt from the book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own. Click here to see what’s included in the book… When speaking with someone new to ISO 27001, very often I encounter the same problem: this person thinks the standard will describe in detail everything […]
Pierluigi Paganini
May 26, 2016
Dozens of HTTPS-protected websites belonging to Visa are vulnerable to Forbidden Attack, nearly 70,000 servers are at risk. A new attack technique dubbed ‘Forbidden attack’ expose dozens of HTTPS Visa sites vulnerable to cyber attacks and roughly another 70,000 servers are at risk. A group of international researchers (Hanno Böck, Aaron Zauner, Sean Devlin, Juraj Somorovsky, […]
Pierluigi Paganini
May 26, 2016
Leaked WPAD queries could result in domain name collisions with internal network naming schemes exposing corporate to MITM attacks. The U.S. Computer Emergency Readiness Team(US-CERT) issued the Alert (TA16-144A) to warn of leaked WPAD queries could result in domain name collisions with internal network naming schemes. The WPAD queries are intended for resolution on private or enterprise DNS […]
Pierluigi Paganini
May 26, 2016
The researchers at the Tor project are working on a new distributed random number generator that will be included in the next-generation Tor. The researchers at the Tor project have elaborated a new way to generate random numbers to support security improvements of its next-generation onion router. The Random Number Generators are essential components for […]
Pierluigi Paganini
May 25, 2016
Daniel Kaufman announced that Google is planning to make password identifications outmoded by 2017 and replace them with trust scores. Google wants to replace traditional passwords on Android with “trust scores,” and it is planning to do it by 2017. The announcement was officialized at the Google I/O conference, the IT giant intends to use Google’s Trust API technology developed by […]
APT / February 05, 2026
