Pierluigi Paganini
April 30, 2014
Romanian Researcher discovered that Skype application store sensitive User Data Unencrypted on a local database. A Romanian programmer at Hackyard Security Group, Dragoş Gaftoneanu, revealed through a blog post that the popular VOIP application Skype leaves its local database unencrypted. Unfortunately the problem is very common, many applications, especially mobile apps, don’t encrypt application data exposing user’s information to serious risks for their privacy. According Gaftoneanu, […]
Pierluigi Paganini
April 29, 2014
Adobe has just released a security updates for Flash Player to fix critical vulnerabilities that are being exploited by hackers to track Syrian dissidents. Adobe has just released security updates for Flash Player to fix critical vulnerabilities that are being exploited in a series of cyber attacks targeting Syrian dissidents complaining about the government. Early April experts at […]
Pierluigi Paganini
April 29, 2014
TrendMicro has published an excellent study on the evolution of the Russian underground, detailing products, services and related prices. Max Goncharov has published a new interesting study on the Russian Underground, titled Russian Underground Revisited, one year after the previous report “Russian Underground 101”. Trend Micro report continues its analysis of the services and products offered by cyber criminals in […]
Pierluigi Paganini
April 28, 2014
Kaspersky Lab has recently detected FakeInst, the first active SMS trojan for Android which targeted users in 66 countries, including the US. Security experts at Kaspersky Lab have recently detected the first active SMS trojan for Android, which send short messages to premium-rate numbers in 14 countries around the world. The malware, dubbed ‘Trojan-SMS.AndroidOS.FakeInst.ef‘ (aka FakeInst) mainly infected mobile […]
Pierluigi Paganini
April 28, 2014
Securi firm has published an interesting post to explain how malware authors could hide a backdoor using PHP Callback functions. Security expert Peter Gramantik at Security Firm has written an interesting blog post to describe how it is possible to hide a backdoor using common PHP callback functions. The technique could surprise the laymen, but malware authors are […]
Pierluigi Paganini
April 27, 2014
FireEye Research Labs has identified a new IE zero-day vulnerability exploited in a series of targeted attacks part of the Operation Clandestine Fox. FireEye Research Labs has identified a new Internet Explorer (IE) zero-day vulnerability exploited in a series of targeted attacks. The zero-day flaw affects a wide range of versions of the popular browser, […]
Pierluigi Paganini
April 27, 2014
Verizon Data Breach Investigation Report 2014, to better understand how attackers can affect company business, and learn the proper countermeasures. Verizon firm provided the first data related to its annual report titled Verizon’s 2014 Data Breach Investigations Report (DBIR). The document reports specific sections around common incident patterns covering the bad actors, the techniques used, targets hit, timelines […]
Pierluigi Paganini
April 26, 2014
Researcher David Kirkpatrick discovered a flaw in older versions of NetSupport Manager could expose sensitive configuration settings and lead to compromise. A vulnerability in older versions of NetSupport Manager could be a source of serious problems for enterprises that use the platform for remote control of PC and servers. This case is an example of the […]
Pierluigi Paganini
April 24, 2014
Security researchers at UNH Cyber Forensics Research & Education Group have discovered a serious flaw in Viber messaging and voice system. Mobile app security is one of principal concern for security experts, exploiting flaws in most popular application like WhatsApp, Flickr or Viber hackers could expose data of million end users. Last week a group of researchers at UNH […]
Pierluigi Paganini
April 24, 2014
The NIST announced it will request final public comments before Dual_EC_DRBG generator is officially removed from NIST Special Publication 800-90A, Rev.1 The National Institute of Standards has decided to abandon Dual Elliptic Curve Deterministic Random Bit Generator (Dual_EC_DRBG ) in response to the controversy raised after the revelation made by Edward Snowden. In December the whistleblower leaked […]
