Pierluigi Paganini
November 10, 2016
Siemens released security updates and temporary fixes to fix a privilege escalation flaw, tracked CVE-2016-7165, that affects several industrial products. Siemens has released security updates and temporary fixes to address a privilege escalation vulnerability, tracked CVE-2016-7165, that affects several industrial products. The flaw could be exploited by attackers to escalate their privileges if the flawed products […]
Pierluigi Paganini
November 10, 2016
The effects of cyber-attacks against SCADA/ICS are well known, however, there is a great confusion when dealing with mitigation techniques. The Majority are aware of the impact cyber-attacks can have on Industrial Control Systems however, the reality in terms of mitigation techniques are shrouded with confusion and a reactive approach. Recent 0-day vulnerability dubbed as […]
Pierluigi Paganini
November 09, 2016
Kaspersky discovered a new strain of the Svpeng Trojan delivered through popular news websites using Google’s AdSense via a zero-day in Chrome. Crooks exploited a Chrome Zero-Day vulnerability to deliver the Android Svpeng Trojan to Android users via Google AdSense. The Svpeng Trojan is not a new threat, it was first spotted by Kaspersky Lab in July 2013 when threat […]
Pierluigi Paganini
November 09, 2016
Microsoft has issued a security patch that fixes the zero-day vulnerability tracked as CVE-2016-7255 exploited by Russian hackers. Microsoft has issued security patches that fixed also the zero-day vulnerability exploited by Russian hackers. One of the zero-days tracked as CVE-2016-7255 has been patched in the MS16-135 bulletin that also addresses two information disclosure and three […]
Pierluigi Paganini
November 08, 2016
Carnegie-Mellon CERT warns of a flawed implementation of HNAP in D-Link routers (CVE-2016-6563) that could be exploited for remote execute code. According to the Carnegie-Mellon CERT the implementation of the Home Network Automation Protocol (HNAP) of D-Link routers is affected by a stack-based buffer overflow vulnerability tracked as CVE-2016-6563. The flaw could be exploited by a […]
Pierluigi Paganini
November 08, 2016
A group of researchers from Nokia Bell Labs and Aalto University in Finland demonstrated how to hack protocols used in the LTE networks. We discussed several times the rule of the SS7 signaling protocol in mobile communications and how to exploit its flaws to track users. When mobile users travel between countries, their mobile devices connect to the infrastructure of a […]
Pierluigi Paganini
November 07, 2016
Cisco data leak – Cisco has fixed a security vulnerability in the company Professional Careers portal that exposed personal information of the users. Cisco data leak – Cisco has fixed a security vulnerability existing in the company Professional Careers portal that may have leaked personal information. Cisco has notified the issue to the affected users […]
Pierluigi Paganini
November 07, 2016
Enterprises running Exchange Server using two-factor authentication on Outlook Web Access (OWA) could be hacked due to a design flaw. New troubles for enterprises running Exchange Server, two-factor authentication implementations on Outlook Web Access (OWA) could be easily bypassed due to a design flaw. An attacker can bypass two-factor authentication to access email inboxes, calendars, contacts and […]
Pierluigi Paganini
November 06, 2016
The databases of the Indian Embassies in Switzerland, Mali, Romania, Italy, Malawi, and Libya were leaked online by two grey hat hackers. Today I was contacted by a security pentester who goes online with the moniker Kapustkiy who revealed me to have breached the Indian Embassies in Switzerland, Mali, Romania, Italy, Malawi, and Libya. Kapustkiy and his friend Kasimierz (@Kasimierz_) told […]
Pierluigi Paganini
November 06, 2016
Belkin’s WeMo home automation firmware that’s in use in several IoT devices has recently been found vulnerable to an SQL injection. Belkin’s WeMo home automation firmware that’s in use in its light bulbs, switches, security cameras, coffee makers and room heaters has recently been found vulnerable to an SQL injection. The hack allows root privileges […]
Hacking / November 06, 2025
