Pierluigi Paganini
October 24, 2015
Now that it is known a critical flaw in the Diffie-Hellman key-exchange protocol was exploited by the NSA to break the internet encryption, how to stop it? Recently a group of researchers has revealed how the NSA has cracked HTTPS, SSH, and VPNs rely on the Diffie-Hellman encryption by exploiting a wrong implementation of the cryptographic algorithm. The […]
Pierluigi Paganini
October 23, 2015
Joomla just released a patch to fix a critical vulnerability that can allow an attacker to get full administrative access to a website. The new version of the popular Joomla content management system, the Joomla 3,4,5, is available online. The new release fixes a critical SQL injection vulnerability that could be exploited by attackers to […]
Pierluigi Paganini
October 23, 2015
Imperva has discovered that attackers hijack CCTV cameras to launch powerful DDoS attacks exploiting weak credentials and poor configurations of IoT devices. Internet of Things devices are becoming privilege targets of threat actors that daily abuse of their resources to run cyber attacks or to organize frauds or to spy on unaware users. Unfortunately, most IoT devices […]
Pierluigi Paganini
October 22, 2015
The ISACA study “2015 Advanced Persistent Threat Awareness-Third Annual” tries to uncover information security professionals’ understanding of APT threats. A new report published by the ISACA organization that surveyed more than 660 cyber security professionals reveals that more than one in four organizations (28%) have already suffered an APT attack. According to the experts, the BYOD is increasing […]
Pierluigi Paganini
October 22, 2015
Serious flaws in the Network Time Protocol can be exploited to cause severe outages, eavesdrop encrypted communications, bypass authentication processes. Bad news for network administrators, new attacks on Network Time Protocol can defeat HTTPS and create serious problems. The bugs exploited in the attacks was discovered by the experts at the Cisco’s Talos group that has been working […]
Pierluigi Paganini
October 21, 2015
Experts at Netcraft discovered that nearly a million SSL SHA-1 certificates were signed with the potentially vulnerable SHA-1 hashing algorithm. Businesses Using Millions of Flawed Certificates, the news is shocking and refers the adoption of SHA-1 certificates, despite the algorithm is considered no more secure. Many big businesses, including firms like Deloitte, are still using SHA-1 certificates, […]
Pierluigi Paganini
October 21, 2015
A trio of researchers has demonstrated that some versions of self-encrypting hard drives manufactured by the Western Digital are affected by security flaws. Some versions of self-encrypting hard drives manufactured by the Western Digital are affected by security flaws that could be exploited with physical access to access protected data, even without knowing the decryption […]
Pierluigi Paganini
October 19, 2015
The Pen Test Partners researcher Ken Munro mapped and hacked connected iKettles across London demonstrating they leak WiFi passwords. The Pen Test Partners researcher Ken Munro has conducted a very singular experiment, he mapped and hacked connected kettles across London, demonstrating they leak WiFi passwords. Once again Internet of Things, this experiment demonstrates that poorly configured […]
Pierluigi Paganini
October 18, 2015
The DARPA research agency is launching a new Program subbed ICARUS for the development of a new generation of Disappearing drones. I always follow DARPA because its innovative project, the last one that caught my attention is a new project on a new generation of unmanned aerial vehicles. The program is codenamed ICARUS (Inbound, Controlled, […]
Pierluigi Paganini
October 16, 2015
Cyber Terrorism, The Justice Department has charged a hacker in Malaysia with stealing the personal data of US service members and passing it to the IS group. For the first time ever the US Justice Department has charged a suspect for terrorism and hacking, the two practices converge in the concept of cyber terrorismcyber terrorism. The […]
