Pierluigi Paganini
October 15, 2015
5 Guidelines in Battling Cyber Criminals Over Precious Business Data, lets’s try to understand how to Ensure Enterprise Security. You would think that a company that stores their clients’ money and handles investments would have tight security measures on their system against cyber attacks. Apparently, this is not always the case. In 2014, Scottrade, a […]
Pierluigi Paganini
October 13, 2015
The NSA SHARKSEER Program is a project that aims to detect and mitigate web-based malware Zero-Day and Advanced Persistent Threats using COTS technology. Every day, thousands of cyber attack rely on exploitation of zero-day exploits, even more sophisticated ATP groups trigger unknown vulnerabilities to compromise systems across the world. Intelligence agencies and research groups are investing […]
Pierluigi Paganini
October 12, 2015
European Aviation Safety Agency European Aviation confirmed the concerns about the Airplane hacking. Hackers could easily infiltrate critical systems. On October 8, 2015, the director of the European Aviation Safety Agency, Patrick Ky revealed he has hired consultant, which is also a commercial pilot, who was able to exploit vulnerabilities in the Aircraft Communications Addressing […]
Pierluigi Paganini
October 12, 2015
US Ports are still vulnerable to cyber attacks that release dangerous chemicals, cybersecurity in the maritime industry is crucial for Homeland security. Critical infrastructure across the world are vulnerable to cyber attacks, this is not novelty, but it is interesting to explore how many infrastructure is open to hacking assaults. US ports are also vulnerable to cyber […]
Pierluigi Paganini
October 12, 2015
Apple has removed mobile apps from the iOS Apple store that are installing root CA certificates that enable traffic to be intercepted. Apple has pulled several apps out from the official iOS App Store over SSL/TLS security concerns, this means that the security issues could allow threat actors to compromise encrypted connections between the servers […]
Pierluigi Paganini
October 10, 2015
A group of researchers has demonstrated that the cost of breaking the SHA-1 hash algorithm is lower than previously estimated. The SHA-1 is still one of the most used cryptographic hash algorithm, but bad news for its supporters, a New Collision Attack Lowers Cost of Breaking it. The news is worrying, the cost and time […]
Pierluigi Paganini
October 09, 2015
Experts at Volexity discovered a hacking campaign targeting the CISCO WebVPN VPN product, attackers aim to steal corporate login credentials. A virtual private network (VPN) allows to extend a private network across a public connection, they are mainly used to protect users’ privacy and improve security for data in transit. Virtual Private Networks are commonly used many companies and organizations […]
Pierluigi Paganini
October 08, 2015
The Cleaver group is once again in the headlines managing a well-developed network of fake LinkedIn profiles for cyber espionage purpose. Do you remember the Iran-based APT Cleaver? In December the security firm Cylance released a detailed report on the hacking Operation Cleaver that was run by state-sponsored hackers linked to the Iran. The Iranian hackers targeted critical infrastructure worldwide, ten of which […]
Pierluigi Paganini
October 08, 2015
Microsoft web applications, such as Outlook or OneDrive and account pages, expose visitors’ Microsoft Identifier (CID) in plain text. A Chinese developer, which uses the pseudonym of ramen-hero, discovered that Outlook.com, OneDrive, and Microsoft’s account pages use a unique user identifier known, also known as CID, in their web applications. The Microsoft CID is a 64-bit integer used […]
Pierluigi Paganini
October 07, 2015
A group of researchers from the iTrust has demonstrated how to use a Drone to intercept wireless printer transmissions from outside an office building. Recently I wrote a blog post on the Infosec Institute titled “Modern Physical Security Awareness Is More Than Dumpster Diving” where I explain how the concept of physical security is evolving […]
