Security

Pierluigi Paganini December 01, 2013
MS Windows XP CVE-2013-5065 Eleventh zero-day flaw found by FireEye

FireEye Security Experts discovered Microsoft Windows XP and Server 2003 privilege escalation zero-day exploit Security experts at FireEye have discovered a new zero-day, a privilege escalation vulnerability in Windows XP and Windows Server 2003. It’s is the eleventh vulnerability discovered by FireEye this year, really a great job for the researchers of the young company. The last zero-day flaw is coded […]

Pierluigi Paganini December 01, 2013
Google Nexus vulnerable to SMS-based DOS attack

Bogdan Alecu, a system administrator at Dutch IT services company Levi9, discovered that Google Nexus phones are vulnerable to SMS-based DOS attack. The popular family of Smartphones Google Nexus is vulnerable to SMS-based DOS attack that could cause the handset freeze and other anomalous behaviors. Bogdan Alecu, a system administrator at Dutch IT services company Levi9, discovered […]

Pierluigi Paganini November 30, 2013
US Forces sentenced for use of pirated copies in critical missions

The U.S. Government was sentenced for $50 Million because it has used of pirated copies of Military Software designed by Apptricity company. The software piracy is not a prerogative of commercial software, illegal copies of military software have been used for years by U.S. Forces. The software used by U.S. military appears to be pirated […]

Pierluigi Paganini November 28, 2013
Internet of Things – Symantec has discovered a new Linux worm

Symantec security experts have discovered a new Linux worm that was designed to target the “Internet of things” infecting Intel x86-powered Linux devices. Symantec security experts have detected across a worm that exploits various vulnerabilities in PHP to infect Intel x86-powered Linux devices. Home internet kits with x86 chips are exposed to the risk of […]

Pierluigi Paganini November 28, 2013
Ruby on Rails CookieStore flaw exposes thousand of websites

A security issue inside cookie-based storage mechanism of Ruby on Rails could expose thousand websites to cyber attacks. Ruby on Rails,  “hit an open source web application framework to compromise a wide audience”, this is the thought of attackers that desire who want to hack the highest number of web sites. A security issue inside […]

Pierluigi Paganini November 27, 2013
New crimekit Atrax exploits Tor, mines Bitcoin and much more

Atrax, yet another commercial crimekit on the black market, a malware able to exploit Tor and that implements numerous features including Bitcoin mining. Atrax is the name of the last crimekit that is sold in the underground market, its particularity is the capability to exploit Tor networks to communicate with Command & Control infrastructure. Jonas […]

Pierluigi Paganini November 26, 2013
Why do we need for Incident Response plan?

Due to the constant growth in the number of cyber attacks it is necessary to properly define the actions composing an incident response plan. FireEye firm published an interesting post on the need of incident response (IR) capabilities to reply numerous cyber  attacks that daily hit almost any web service. Starting from the data proposed […]

Pierluigi Paganini November 26, 2013
Cyberespionage – Chinese Hackers targeting US Cloud service providers

U.S.-China Economic and Security Review Commission reported for the first time that cloud computing “represents a potential espionage threat.” U.S.-China Economic and Security Review Commission reported for the first time that cloud computing “represents a potential espionage threat.” , Chinese hackers are a persistent collector of sensitive information, their action is incessant and represent a […]

Pierluigi Paganini November 25, 2013
Mobile apps security study conducted by HP Fortify

A study conducted by company’s enterprise security arm HP Fortify revealed that the majority of  mobile apps based on iOS is vulnerable. The company’s enterprise security arm HP Fortify conducted a series of tests on mobile apps that produced concerning results, almost every app is vulnerable. Mike Armistead, vice president and general manager, Enterprise Security […]

Pierluigi Paganini November 25, 2013
Report on commodities value in the cyber criminal underground market

Security experts Stewart from Dell SecureWorks and independent researcher David Shearhave explored online underground marketplace for stolen data. Digital identity is one of the most attractive goods sold in the underground, to a growing demand coincided with a more structured supply that will satisfy even the most complex requirements. Cybercrime pays and in the majority […]