Pierluigi Paganini
March 20, 2015
The Drupal team issued an update to fix a flaw that allows attackers reset password by crafting URLs under certain circumstances. Security experts discovered two critical vulnerabilities in Drupal CMS, one of them is an Access bypass (Password reset URLs) vulnerability that could be exploited to forge Password Reset URLs. “Password reset URLs can be forged […]
Pierluigi Paganini
March 18, 2015
US health insurer Premera Blue Cross announced its network had been hacked, potentially exposing data from 11 million individuals. A few weeks after the disclosure of the data breach suffered by from Anthem Blue Cross, which exposed 80 million customer records, another US health insurer was victim of a major attack that is affecting 11 Million customers […]
Pierluigi Paganini
March 18, 2015
DLL hijacking is not a prerogative for Windows systems, it is a common hacking technique that is very effective against OS X based machines. As you may know, DLL hijacking it’s something that its around since around 2000 and allows hackers to exploit a machine with a vulnerable application ( just one of the possibilities […]
Pierluigi Paganini
March 17, 2015
Yahoo announced its new on-demand password feature that lets users into login in their account with a code sent to their mobile phone. Yahoo has announced a new Password-Free login feature to let users access their account without the need for a password. When users will sign in his account, an on-demand password is sent to a […]
Pierluigi Paganini
March 16, 2015
DHS ICS-CERT MONITOR report reveals that most critical infrastructure attacks involve APTs, but organizations lack monitoring capabilities. The DHS’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) has issued its new ICS-CERT MONITOR report related to the period September 2014 – February 2015. The ICS-CERT MONITOR report According to the report, the Industrial Control Systems […]
Pierluigi Paganini
March 15, 2015
Adobe released security updates for Adobe Flash Player to fix 11 Critical Vulnerabilities, most of them Remote Code Execution flaws. Adobe has issued a critical update for the Flash Player product that fixes set of 11 critical security vulnerabilities in its software. The update is classified as critical because most of the security flaws could […]
Pierluigi Paganini
March 13, 2015
A security bulletin recently released by Microsoft addresses the LNK flaw that was exploited by Stuxnet and that we have wrongly considered patched since 2010. If you followed IT in the last years, you might remember that Stuxnet was discovered around mid-2010 and at the time it was used against the Iranian nuclear program. The […]
Pierluigi Paganini
March 12, 2015
A security researcher has discovered two different  reflected file download flaws in Facebook that could be exploited to hit its users. Security researcher David Sopas from WebSegura has discovered a couple of security flaw in Facebook that could be exploited by an attacker respectively to upload an arbitrary file to the social network or to gain control […]
Pierluigi Paganini
March 11, 2015
The security expert Egor Homakov from Sakurity firm has released the Reconnect tool that allows hackers to hijack accounts on sites that use Facebook logins. The security expert Security Egor Homakov has developed a hacking tool dubbed Reconnect that exploit a flaw in Facebook to hijack accounts on sites that use Facebook logins. Homakov, with works for […]
Pierluigi Paganini
March 10, 2015
A new interesting report published by The Intercept details the effort spent by the US intelligence to compromise the security of Apple devices. The Intercept published another disconcerting post on the US Intelligence campaign aimed to steal the secrets of the IT giant Apple. According to top-secret documents disclosed by The Intercept a team of researchers working with the Central […]
