Security

Pierluigi Paganini February 24, 2014
iBanking Mobile Bot Source Code available for sale in the underground

iBanking is a new mobile banking Trojan available for sale in the underground for $5,000 according the RSA’s FraudAction Group.  The source code for iBanking banking trojan has been leaked online through an underground forum, this kind of news reports a serious threat from the cybercrime ecosystem. Like happened for other trojan, including Zeus and Carberp, the […]

Pierluigi Paganini February 22, 2014
WhatsApp lack enforcing certificate pinning, users exposed to MITM

Experts at Praetorian have been conducting the Project Neptune to assess the security for designing and maintenance of mobile apps, including WhatsApp. This week the IT was shocked by the acquisition of WhatsApp by Facebook, the popular mobile messaging service was sold for $19 billion, probably this is the value assigned to the information managed by […]

Pierluigi Paganini February 21, 2014
Italy defined The National Strategic Framework for cyberspace security

Italy – The Presidency of Council of Ministers has published the “National Strategic Framework for cyberspace security” document. The Italian Government has published his cyber strategy, the Presidency of Council of Ministers has issued the “National Strategic Framework for cyberspace security”, it is an important document that for the first time reveals the cyber strategy […]

Pierluigi Paganini February 20, 2014
The number of data breaches in 2013 tripled … and much more

Risk Based Security-the Open Security Foundation issued a report to provide a summary of the key findings from analysis of 2013 data breaches Risk Based Security and the Open Security Foundation have conducted a study on 2,164 data loss incidents reported in 2013 producing an interesting report that could help us to better understand the […]

Pierluigi Paganini February 20, 2014
Released a Metasploit module to hack 70% Android devices

Rapid 7 has released the “exploit/android/browser/webview_addjavascriptinterface” module which allows attackers to remotely access on most Android devices. A bug in the Android WebView programming interface allows attackers to remotely access on most devices running the popular OS. But it does not end here, hackers could easily access handset camera and file system simply creating a specifically crafted web […]

Pierluigi Paganini February 16, 2014
Malicious apps spread via Google Store packaged with premium SMS scam

PandaLabs has found at least four free apps in the official Google Play store that are packaged with a premium SMS scam. Already 300000 mobile infected. PandaLabs security firm has identified malicious Android apps available on Google Play that can sign up users for premium SMS subscription services without user knowledge.  The malware has infected at least 300,000 Android devices, although the number of […]

Pierluigi Paganini February 14, 2014
Unclassified NSA memorandum provides further details on Snowden case

An unclassified NSA memorandum disclosed by the NBC News reveals Snowden allegedly managed to access classified documentation stealing coworker’s passwords. The hypothesis that Edward Snowden has operated using a simple web-crawler is very curious, how is it possible that a lonely consultant had access to a so huge collection of documents from NSA archives? Why Does […]

Pierluigi Paganini February 13, 2014
FAQ on Absolute Computrace case – Security Vulnerability Claims

Kaspersky confirms hidden threat in BIOSes PC and warns that Absolute Computrace Anti-Theft agent can be remotely hijacked.Absolute Software refuses claims. After the case raised by Kaspersky team on the Computrace agent I tried to contact Absolute software received the following official reply on the results of the investigation. Background On Wednesday, February 12th, Kaspersky Lab […]

Pierluigi Paganini February 13, 2014
NIST has published cybersecurity framework for critical infrastructure

US Government has published cybersecurity framework for critical infrastructure,  a “living document” to improve internal security. The US Government has issued a cybersecurity framework for critical infrastructure, the goal is to improve IT and SCADA networks deployed in sensitive industries such as energy, water and financial services. The NIST announced the Framework for Improving Critical Infrastructure Security, a document that proposed […]

Pierluigi Paganini February 13, 2014
Millions computers running Computrace agent can be remotely hijacked

Experts at Kaspersky confirm hidden threat in BIOSes of Popular Laptops and warns that Absolute Computrace Anti-Theft agent can be remotely hijacked Researchers at Kaspersky Lab have demonstrated that a feature in the legitimate software produced by Absolute Software firm can be abused to turn a defensive utility into a powerful utility for cyberattack. Kaspersky Lab’s security […]