Pierluigi Paganini
September 12, 2014
FireEye discovered two distinct groups of Chinese hackers operating cyber espionage campaigns on a large-scale in parallel. Security experts at FireEye have discovered two hacking campaigns conducted by distinct groups operating in separate regions of China that seems to work in parallel. The first team of hackers, named Moafee, is targeting military and government organizations which were in some […]
Pierluigi Paganini
September 10, 2014
A database containing nearly million login and passwords for Google accounts has been leaked online on a Russian cyber security internet forum. A database containing 5 million alleged Google login and password has been leaked online on a Russian cyber security internet forum. The news was spread by online media agencies, including RT.com. The huge archive is […]
Pierluigi Paganini
September 10, 2014
Researchers from the UNHcFREG (University of New Haven) is publishing on YouTube a series of videos to disclose vulnerabilities in a dozen Android apps. Experts at the University of New Haven’s Cyber Forensics Research and Education Group (UNHcFREG) have decided to disclose vulnerabilities in a dozen Android apps, including the popular mobile applications Instagram, Vine and OKCupid. […]
Pierluigi Paganini
September 09, 2014
De-Anonymize Google Users with new Timing Attack is possible, it is also possible identify Tor users if they’re logged in to Google while using Tor browser. De-anonymize Google users is the goal of different studies and a new research conducted by Andew Cantino, the vice president of engineering at Mavenlink, demonstrates that it is possible to […]
Pierluigi Paganini
September 08, 2014
The CERT has published the results of its test conducted on popular Android applications that fail to properly validate SSL certificates. In several posts we have discussed about the improper validation of  SSL certificates made by mobile devices, recently we mentioned the case of the Gmail app for iOS devices which, according to an expert at mobile security […]
Pierluigi Paganini
September 08, 2014
Apple CEO Tim Cook announced that the company will improve the security of its solutions, including iCloud, starting from extension of 2FA mechanisms. The recent disclosure of hundreds celebrity pictures has raised the discussion on the level of security offered by the Apple iCloud stored service. To improve the security offered by the iCloud service, Apple’s CEO Tim Cook […]
Pierluigi Paganini
September 07, 2014
Copies of the Elcomsoft EPPB tool are circulating in the underground and could have been used in the recent leak of celebrity photos. Recently naked pictures of celebrities have been leaked online, but security experts were particularly interested to the news because they speculate that the images have been stolen from the Apple iCloud service. […]
Pierluigi Paganini
September 06, 2014
Security Experts at FireEye Lab discovered a new variant of the XSLCmd backdoor that has been used in targeted attacks infecting Mac OX based systems. Experts at FireEye Labs have discovered a previously unknown variant of the APT backdoor XSLCmd, OSX.XSLCmd, which is used by a group of hackers known for past cyber espionage activities against the U.S. […]
Pierluigi Paganini
September 05, 2014
Experts at Akamai-Prolexic discovered a botnet dubbed IptabLes and IptabLex that infects and exploits poorly-maintained Linux servers to run DDoS attacks. Akamai’s Prolexic division has uncovered a new botnet dubbed IptabLes and IptabLex, which was used in a series of attacks targeting malware based on Linux servers. The experts revealed that the IptabLes and IptabLex botnet compromises misconfigured and […]
Pierluigi Paganini
September 04, 2014
Security experts at AlienVault discovered a series of watering hole attacks using the Scanbox reconnaissance Framework that is targeting several industries. Security experts at AlienVault Labs have uncovered a watering hole attack with a singular characteristic, the attackers are using a framework developed for reconnaissance as the primary infection vector. The attackers deployed a malicious JavaScript on the targeted […]
