Pierluigi Paganini
October 29, 2015
Adobe has released a critical update to fix a flaw in the Shockwave player that could be exploited to compromise hundreds of millions of machines. Adobe has released a critical update to fix a vulnerability in the Shockwave player (CVE-2015-7649) that could be exploited by threat actors to compromise hundreds of millions of machines. The […]
Pierluigi Paganini
October 29, 2015
A research published by RecordedFuture demonstrates that the interest in Android RATs of Iranian Hackers is rising, DroidJack and AndroRAT are most popular. According to the threat researcher Rodrigo Bijou (@rodrigobijou), Iranian malware authors are focusing their efforts on mobile RATs, in particular, malicious codes designed to compromise Android devices. The security experts confirmed that […]
Pierluigi Paganini
October 28, 2015
The United States Department of Defense is still issuing SHA-1 signed certificates for its military agencies, despite they are considered insecure. Today I have published a blog post on the Army Vulnerability Response Program (AVRP), a sort of bug bounty program specific for the US military environment. The idea is to incentive the ethical disclosure of vulnerabilities […]
Pierluigi Paganini
October 28, 2015
US Army Military experts urge the establishment of an Army Vulnerability Response Program (AVRP), a sort of military bug bounty program. What happen when bug hunters have to work with high sensitive environment? An interesting post published by the Cyber Defense Review raises the discussion about the was way to handle vulnerabilities in the information security infrastructure of the […]
Pierluigi Paganini
October 26, 2015
In Israel there is an advanced cyber security industry, based mostly on veterans from two intelligence units, the cyber labor market is a new guild. Cyber technology could be a catalyst to equality in the labor market. Its power is seeded in the ability of everyone to gain skills without social entry barriers. To succeed […]
Pierluigi Paganini
October 26, 2015
The Google Project Zero hacker James Forshaw assessed Windows 10 analyzing the big risks related with the new OS from Microsoft. James Forshaw, a member of the Google Project Zero hacking crew, was given the task to asses Windows 10, and see if there were big risks related with the new OS from Microsoft. Forshaw talked […]
Pierluigi Paganini
October 26, 2015
Cyber Security Expert Mikko Hyppönen worries about cyber terrorists belonging to the Islamic State (ISIL or ISIS) have a credible offensive cyber capability The popular Cyber security expert Mikko Hyppönen, Chief Research Officer for F-Secure, said he worries about cyber extremists that could penetrate critical infrastructure and cause serious damages. The expert explained that the ISIS is probably […]
Pierluigi Paganini
October 25, 2015
A hacker belonging to the alleged group LulzSec has claimed responsibility for a DDoS attack that hit UK telecom TalkTalk this week, but … I’m following the events related to the data breach suffered by the TalkTalk company, this week the British company has publicly disclosed that four million subscribers have been impacted by a “sustained […]
Pierluigi Paganini
October 24, 2015
Now that it is known a critical flaw in the Diffie-Hellman key-exchange protocol was exploited by the NSA to break the internet encryption, how to stop it? Recently a group of researchers has revealed how the NSA has cracked HTTPS, SSH, and VPNs rely on the Diffie-Hellman encryption by exploiting a wrong implementation of the cryptographic algorithm. The […]
Pierluigi Paganini
October 23, 2015
Joomla just released a patch to fix a critical vulnerability that can allow an attacker to get full administrative access to a website. The new version of the popular Joomla content management system, the Joomla 3,4,5, is available online. The new release fixes a critical SQL injection vulnerability that could be exploited by attackers to […]
