Pierluigi Paganini December 30, 2016
CheckPoint experts spotted Three Critical 0-Day in PHP 7

Researchers at the security firm CheckPoint have discovered three fresh critical zero day vulnerability in the last PHP 7. Security researchers at the firm CheckPoint have discovered three fresh critical 0-day vulnerabilities in last PHP 7. These vulnerabilities allow an attacker to take full control over 80 percent of websites which run on the latest release […]

Pierluigi Paganini October 02, 2016
A zero day flaw in OpenJPEG JPEG 2000 could lead arbitrary code execution

Cisco Talos Team disclosed a zero-day flaw affecting the JPEG 2000 image file format parser implemented in the OpenJPEG library.  Security experts at Cisco Talos group have discovered a serious vulnerability (TALOS-2016-0193/CVE-2016-8332) affecting the JPEG 2000 image file format parser implemented in OpenJPEG library. An attacker could exploit the flaw to trigger the heap corruption and execute […]

Pierluigi Paganini March 11, 2016
0-day critical flaws in mobile modems allow hackers to take over your PC

The Russian security tester Timur Yunusov has discovered critical flaw affecting routers and 3G and 4G mobile modems from Huawei, ZTE, Gemtek, and Quanta. The Russian security tester Timur Yunusov has discovered critical vulnerabilities affecting routers and 3G and 4G mobile modems from Huawei, ZTE, Gemtek, and Quanta. The security holes could be exploited by remote attackers […]

Pierluigi Paganini August 18, 2015
ICS-CERT warns for 0-Day vulnerabilities in SCADA systems

The ICS-CERT has recently published six security advisories to warn organizations about a number of 0-day flaws in SCADA systems. The ICS-CERT has published six advisories to warn organizations about the presence of Zero-Day Flaws in SCADA Systems. Aditya K. Sood, security researcher at Elastica, has revealed in a talk at the Def Con 2015 conference several vulnerabilities […]

Pierluigi Paganini October 14, 2014
Reflected File Download attack to spread 0-Day Worm Over Any Social Networks

A security expert defined a new attack technique dubbed Reflected File Download that allows to serve a ‘Zero-Day’ Worm without possibility of defense. The security expert Oren Hafif has invented a new attack technique dubbed Reflected File Download (RFD)  that could be adopted to hack victim’s computer when he tries and logs in to popular and trusted website like Google and […]

Pierluigi Paganini May 27, 2013
Watering hole attacks and exploit kits – Indian gov site case

Number of Watering hole attacks is increasing, most of them based on well known exploit kits. The case of compromised Indian gov Web site leads to BlackHole Watering Hole attacks increase in a meaningful way in the last years following a scaring trend, the technique is based on infection of website’s visitors, typically attackers use to […]

Pierluigi Paganini February 19, 2013
Apple hacked … lengthens the list of illustrious victims

There is no peace for enterprises, in few weaks we have discovered how much vulnerable are giants of IT, one after another, fell the most renowned names from Facebook to Twitter, companies that we considered immune from thousands of attacks they receive each day. Until now Microsoft and Apple weren’t affected … but it’s news […]

Pierluigi Paganini February 01, 2013
Cyber espionage campaign against Americans news agencies – NYT

The news is sensational as granted one of the most important journal, the New York Times has announced that during the last months it was victim of cyber espionage coordinated by Chinese hackers probably state-sponsored attackers. The attacks happened in concomitance with the investigation of the journal, published on Oct. 25th, that revealed that the […]

Pierluigi Paganini June 04, 2012
In the shadow of the Flame, Warner Bros, China Telecom & US Navy hacks

What’s happening while the world’s attention is on Flame malware? The cyberspace is a very turbulent place where groups of hackers daily attack governments and private industries. Governments, hacktivist, cybercrime opposing forces facing each other on the same board, a game of chess where the outcome is unpredictable and no shortage of twists. Stuxnet, Flame […]

Pierluigi Paganini April 04, 2012
1-day exploits,Binary Diffing & patch management.The side threats

Recently ESET security firm has reported the latest version of the Blackhole exploit kit that has been updated to include a new exploit for the Java CVE-2012-0507 vulnerability.  The exploit was discovered for the first time on 7.03.2012 and it first detections were dated on March 12, 2012 and today a public module for Metasploit […]