Pierluigi Paganini
May 03, 2018
Security researchers have discovered a security vulnerability in Oracle Access Manager that can be exploited by a remote attacker to bypass the authentication and take over the account of any user. Security researcher Wolfgang Ettlinger from SEC Consult Vulnerability Lab has discovered a security vulnerability in Oracle Access Manager that can be exploited by a […]
Pierluigi Paganini
January 27, 2018
Lenovo has fixed a hardcoded password vulnerability in Lenovo Fingerprint Manager Pro affecting a dozen laptop models running Windows 7, 8 and the 8.1 OS. The PC vendor Lenovo has fixed a hardcoded password vulnerability, tracked as (CVE-2017-3762), affecting a dozen Lenovo laptop models that run versions of Microsoft Windows 7, 8 and the 8.1 […]
Pierluigi Paganini
January 24, 2018
According to Google software engineer Grzegorz Milka, less than 10 percent of its users have enabled two-factor authentication (2FA) for their accounts. The availability of billions of credentials in the criminal underground due to the numerous massive data breaches occurred in the last years makes it easy for crooks to take over users’ accounts. We always […]
Pierluigi Paganini
January 17, 2018
Facebook has fixed a couple of vulnerabilities that could have been exploited by attackers to hijack accounts by abusing integration with the Oculus virtual reality headset. In March 2014, Facebook founder Mark Zuckerberg announced the acquisition of Oculus VR and included the handsets produced by the company to its bug bounty program. White hat hackers […]
Pierluigi Paganini
January 12, 2018
Security expert discovered a new vulnerability in macOS High Sierra that could be exploited by users logged as admins to unlock the AppStore Preferences in System Preferences by providing any password. Security expert discovered a new vulnerability in macOS High Sierra that could be exploited by users logged as admins to unlock the AppStore Preferences in System Preferences by […]
Pierluigi Paganini
December 31, 2017
Chinaâs largest social media network, WeChat, is set to become an official electronic ID system in the country, an ID pilot program was launched in Guangzhouâs Nansha District. WeChat (âWeixinâ in China) is Chinaâs largest social media network, according to Tencent Holdings, the platform had 980 million monthly active users as of late September. A […]
Pierluigi Paganini
November 29, 2017
macOS High Sierra is plagued by a vulnerability that can be exploited to gain root access to a machine with no password. An easy exploitable vulnerability in macOS 10.13, aka macOS High Sierra, could be triggered by users to gain admin rights, or log in as root, without a password. The vulnerability is exploitable via the authentication […]
Pierluigi Paganini
November 25, 2017
Golden SAML could be exploited by an attacker to create fake enterprise identities and access to valuable cloud resources. Security experts at CyberArk Labs have devised a post-intrusion attack technique dubbed Golden SAML that could be exploited by an attacker to create fake enterprise identities and forge authentication to gain access to valuable cloud resources […]
Pierluigi Paganini
October 24, 2017
Introduction Out of the five main information security pillars, namely confidentiality, integrity, availability, authenticity and irrefutability, common users give more attention to the first one. But in real life even though in general people agree with the importance of backup, not many actually implement this security mechanism. What one says and what one do is […]
Pierluigi Paganini
October 24, 2017
APNIC Deputy Director General Sanjaya confirmed that Whois data were accidentally exposed online included authentication details. The Asia-Pacific Network Information Centre (APNIC) is a non-profit organization that provides Internet addressing services in the Asia-Pacific region. The APNIC made the headlines because it was informed about a Whois-related security incident that led to the exposure of […]
Data Breach / November 21, 2024
