Pierluigi Paganini
March 06, 2014
This report provides a brief overview of some basic underground activities in the mobile space in China, describing products and services. Security firm Trend Micro issued an interesting report on Chinese cybercrime which is increasingly targeting mobile platforms thanks to a vast underground offer of services and tools. Trend Micro Mobile Cybercriminal Underground Market report analyzes […]
Pierluigi Paganini
March 05, 2014
A serious flaw in the certificate verification process of GnuTLS exposes Linux distros, apps to attack. Another flaw exploitable for surveillance purposes. GnuTLS is an open source secure communications library implementing the SSL, TLS and DTLS protocols, it is used in hundreds of software packages including Red Hat desktop, all Debian and Ubuntu Linux distributions and many […]
Pierluigi Paganini
March 04, 2014
Chris Soghoian, principal technologist with the American Civil Liberties Union, explained that government surveillance could exploit service update process. Chris Soghoian, principal technologist with the American Civil Liberties Union, during the recent TrustyCon conference highlighted the possibility that the government will exploit automated update services to serve malware and spy on users. Is this the next […]
Pierluigi Paganini
February 27, 2014
Researchers at FireEye have developed a POC that exploits an Apple vulnerability to implement a Background Monitoring on Non-Jailbroken iOS 7 Devices. A vulnerability in Apple products is once again the center of controversy because and also in this case the user’s privacy is at risk. The excellent team of security researchers at FireEye discovered another […]
Pierluigi Paganini
February 24, 2014
Apple released a security update to iOS that restores some certificate-validation checks that had apparently been missing for an unspecified amount of time. Last week Apple released a security update to iOS (iOS 7.06) to fix a flaw for certificate-validation checks that could be abused by attackers to conduct a man-in-the-middle attack within the victim’s network to capture or modify […]
Pierluigi Paganini
February 01, 2014
Cyber Defense Magazine (CDM) CYBER WARNINGS JANUARY 2014 EDITION is available for free. Yes, 2014 is here and we’re surrounded by more and more personally identifiable information (PII) theft, as predicted. Keep an eye on these at http://www.privacyrights.org and find out that we all have common vulnerabilities and exposures (CVEs) which are searchable here at the National Vulnerability Database […]
Pierluigi Paganini
January 29, 2014
A post on cybersecurity written by Larry Karisny, director of ProjectSafety.org,a cybersecurity expert,advisor,consultant, writer and industry speaker. Most of the recent attention on cybersecurity has been directed toward the disclosure of NSA activities and recent corporate breaches now reaching record-breaking levels. Both the public and private sectors are beginning to witness how devastating cyber breaches […]
Pierluigi Paganini
January 12, 2014
Intego Malware Research Team discovered that OSX Flashback trojan is still active with sinkholing activity. Mac users must be aware. Flashback Trojan is a cyber threat known since 2011, it is a trojan horse that targeted a Java vulnerability on Mac OS X machines, early 2012 it spread to infect up to 600,000 machines as […]
Pierluigi Paganini
January 02, 2014
Leaked documents shared by Der Spiegel show how NSA spyware codenamed DROPOUTJEEP can spy on every Apple iPhone. Apple denies any claim. Users buy the iPhone, NSA controls them. This is not a slogan for the last Apple advertising, it is the uncomfortable truth revealed by another set of NSA documents leaked by Snowden and […]
Pierluigi Paganini
December 23, 2013
The evad3rs team has released the untethered jailbreak for different Apple devices running running iOS version from 7.0 to 7.0.4. The evad3rs team has released the untethered jailbreak for numerous Apple devices running running iOS version from 7.0 to 7.0.4 including iPhone (4/5/5S/5C), iPad, and iPod. Device jailbreak allows removal of the limitations designed by manufacturer, the procedure […]
