Pierluigi Paganini March 12, 2017
Flaws in MAC address randomization implemented by vendors allow mobile tracking

Researchers devised a new attack method that can be leveraged to track mobile devices that rely on MAC address randomization mechanism. The MAC address is a unique and an hardcoded identifier assigned to a device’s network interface. This characteristic makes it an excellent tool for the tracking of the devices. A group of researchers from the U.S. Naval […]

Pierluigi Paganini March 06, 2017
A bug in Twitter allowed hackers to access to locked accounts until October

A flaw in Twitter allowed attackers to access locked accounts bypassing the locking mechanism implemented by the company. A flaw in the Twitter application allowed, until a few months ago, to access locked accounts bypassing the locking mechanism implemented by the IT giant. Twitter can lock user accounts every time it believes the users are […]

Pierluigi Paganini December 28, 2016
The Leet Botnet powered a 650 Gbps DDoS attack before Christmas

Just before Christmas a massive DDoS attack powered by a new botnet dubbed Leet Botnet hit the network of the firm Imperva. Security experts from the firm Imperva observed a massive attack against the company network on the morning of Dec. 21. The massive DDoS attack reached 650 Gbps, according to the researchers it was powered […]

Pierluigi Paganini October 29, 2016
Red Cross Blood Service incident. The Australian largest ever leak of Personal data

The Australian Red Cross Blood Service confirmed the data leak that exposed a backup database containing the personal details of donors. This data leak is considered by security experts one of the most severe due to the nature of the target, the Australian Red Cross Blood Service. The sensitive database was discovered on October 24 by […]

Pierluigi Paganini October 07, 2016
Update X.Org libraries to avoid Privilege Escalation and DoS attacks

X.Org released patches and updates to fix several flaws found in many client libraries that could be exploited to cause DoS and escalate privileges. X.Org is a widely used open-source implementation of the X Windows System (aka X11 or X-Windows) that is the graphical windowing system adopted by Unix and Linux operating systems. A set […]

Pierluigi Paganini October 04, 2016
ICS-CERT annual vulnerability coordination report 2015, +74% flaws

The US ICS-CERT published its annual vulnerability coordination report for FY 2015 that provided information about security holes reported to the agency. The US ICS-CERT has published its annual vulnerability coordination report for the fiscal year 2015. The report included detailed information about security vulnerabilities reported to the US ICS-CERT in 2015. “ICS-CERT is pleased to announce the release of […]

Pierluigi Paganini August 30, 2016
FBI flash alert says foreign hackers compromised state election systems

The FBI issued a “flash” alert to election officials across the country confirming that foreign hackers have compromised state election systems in two states. The FBI confirmed that foreign hackers have penetrated state election systems, federal experts have uncovered evidence of the intrusion. The hackers penetrated the databases of two state election systems in the […]

Pierluigi Paganini August 14, 2016
Security Affairs newsletter Round 73 – News of the week

A new round of the weekly SecurityAffairs newsletter arrived! The best news of the week with Security Affairs. First of all let me inform you that at the #infosec16 SecurityAffairs was awarded as The Best European Personal Security Blog http://securityaffairs.co/wordpress/48202/breaking-news/securityaffairs-best-european-personal-security-blog.html THANK YOU! A New Google API Launched, in Avoidance of Android Passwords Hackers could break into billion […]

Pierluigi Paganini May 23, 2016
Cyberespionage against RUAG, from Red October to Turla, who is the culprit?

Security experts from Melani published a detailed technical report about the strain of Turla used in the cyberespionage attack against the RUAG firm. A few weeks ago I reported about the cyber espionage attack on the Swiss Defense Department that was revealed after a presentation on cyber espionage to the Federal Intelligence Service. The cyber attack […]

Pierluigi Paganini November 29, 2015

Microsoft has updated its security tools to remove two risky digital certificates installed on some Dell computers that could be exploited by attackers. The eDellRoot and DSDTestProvider self-signed certificates both contained their private encryption keys that could be extracted by attackers and used to steal personal data, install data-stealing malware, or hijack the PC. Dell […]