Pierluigi Paganini
July 08, 2014
The Director of the Pentagon’s Missile Defense Agency reported to the Congress that missile defenses of the US military are vulnerable to cyber attacks. The Director of the Pentagon’s Missile Defense Agency reported to the Congress last week that missile defenses deployed by the US Army are vulnerable to cyber attacks. Security experts are aware that every […]
Pierluigi Paganini
July 08, 2014
A vulnerability analyst at CERT/CC reported a security issue in Netgear GS108PE Prosafe Plus Switch which contains hard-coded login credentials. The CERT/CC has recently issued an alert for the presence of hard-coded login credentials in the Netgear GS108PE Prosafe Plus Switch (Vulnerability Note VU#143740). An attacker could exploit the security issue in the Netgear GS108PE Prosafe Plus Switch […]
Pierluigi Paganini
July 07, 2014
Cisco’s Threat Research Analysis and Communications (TRAC) uncovered an extremely targeted spear phish attack on high-profit companies in Europe. A new APT has been discovered by CISCO targeting high-profit companies in Europe, including businesses working in banking, oil and entertainment industries. The attackers adopted as attack vector the email in a spear phishing campaign. According to the alert […]
Pierluigi Paganini
July 06, 2014
Security experts Alexander Volynkin and Michael McCord will present at the next Black Hat 2014 a method to break Tor network anonymity with just USD 3000. Is the popular Tor network broken? In the recent months, after the Showden’s revelations, many security experts have started to investigate on the possibility that the US intelligence, and […]
Pierluigi Paganini
July 04, 2014
The German broadcaster ARD published a report that reveals that NSA XKeyscore has targeted two Germany-based Tor Directory Authority servers. The NSA surveillance program XKeyscore, according to a report published by German public broadcaster ARD, two Germany-based Tor Directory Authority servers have been targeted by the US intelligence. According to the report, the two cases are not isolated, in the past […]
Pierluigi Paganini
July 03, 2014
While investigating on MiniDuke malware, experts at F-Secure discovered a surprising link to a new malware, dubbed CosmicDuke, belonging to Cosmu family. Early 2013 experts at Kaspersky Lab and Hungary’s Laboratory of Cryptography and System Security (CrySyS) uncovered a cyber espionage campaign dubbed Miniduke which targeted dozens of computers at government agencies across Europe. The hackers exploited a […]
Pierluigi Paganini
July 01, 2014
Security experts at Kaspersky Lab have issued data related to the number of RDP brute force attacks on its clients which show a worrying trend. In the June Kaspersky Lab has included in its products an Intrusion Detection System, which allowed the company to analyze more information on going attacks on its clients. Kaspersky has issued the data […]
Pierluigi Paganini
June 30, 2014
Anonymous has announced the campaign dubbed Operation NO2ISIS against some states it accuses of supporting the Islamic terror group ISIS. The group of hacktivists Anonymous has announced a new campaign dubbed Operation NO2ISIS against some nations it accuses of funding or arming the radical Islamic terror group ISIS. In particular Anonymous will target three states suspected of […]
Pierluigi Paganini
June 28, 2014
A serious code-execution vulnerability in Android 4.3 and earlier was patched with latest KitKat Android Operating System version. Are you using the Android 4.3 version and you are convinced to be secure? You are unfortunately wrong, because this version of Android and earlier are affected by a critical code-execution vulnerability. According to data proposed by the Android […]
Pierluigi Paganini
June 26, 2014
A critical vulnerability in the WebShot feature implemented by TimThumb plugin expose WordPress instance to Remote Code Execution attacks. The popular image resizing library TimThumb used in many WordPress themes, 3rd party components and plugins is affected by a critical vulnerability which allows an attacker for certain commands to be remotely executed, without authentication, on the vulnerable website. The discovery of the […]
