Hacking

Pierluigi Paganini March 07, 2014
HTTPS traffic analysis can leak user sensitive data

A Team of US researchers at UC Berkeley conducted a study on the HTTPS traffic analysis of ten widely used HTTPS-secured Web sites with surprising results. User’s privacy is considered a top priority after Snowden‘ revelations on the US surveillance program, recently a couple of cases have shocked IT security community both related to the […]

Pierluigi Paganini March 06, 2014
FireEye 2013 Advanced Threat Report on APTs campaigns

FireEye issued the 2013 Advanced Threat Report, the study provides a high-level overview of the computer network attacks by APTs discovered by the company.   Today I desire to analyze with you the data proposed by FireEye in the 2013 Advanced Threat Report (ATR), the study provides a high-level overview of the computer network attacks discovered […]

Pierluigi Paganini March 06, 2014
Trend Micro report on Chinese Mobile Underground Market

This report provides a brief overview of some basic underground activities in the mobile space in China, describing products and services. Security firm Trend Micro issued an interesting report on Chinese cybercrime which is increasingly targeting mobile platforms thanks to a vast underground offer of services and tools. Trend Micro Mobile Cybercriminal Underground Market report analyzes […]

Pierluigi Paganini March 05, 2014
GnuTLS flaw in certificate verification exposes Linux world to attacks

A serious flaw in the certificate verification process of GnuTLS exposes Linux distros, apps to attack. Another flaw exploitable for surveillance purposes. GnuTLS is an open source secure communications library implementing the SSL, TLS and DTLS protocols, it is used in hundreds of software packages including Red Hat desktop,  all Debian and Ubuntu Linux distributions and many […]

Pierluigi Paganini March 05, 2014
Crimea – Is Russia adopting the same cyber strategy used in Georgia?

Experts that are monitoring the escalation of tension in Crimea recognized a military strategy similar to the one adopted in Georgia (2008) The approval of Russian Parliament for military use in Crimea has triggered a series of events in the cyber space, groups of hacktivists, cyber criminals and of course state-sponsored hackers started their campaign against […]

Pierluigi Paganini March 04, 2014
Soghoian on government surveillance through service update process

Chris Soghoian, principal technologist with the American Civil Liberties Union, explained that government surveillance could exploit service update process. Chris Soghoian, principal technologist with the American Civil Liberties Union, during the recent TrustyCon conference highlighted the possibility that the government will exploit automated update services to serve malware and spy on users. Is this the next […]

Pierluigi Paganini March 03, 2014
Uroburos rootkit, is it part of Russian Cyber weapon programme?

Researchers at German G Data published an interesting analysis for Uroborun rootkit alleged to be a component of Russian cyber weapons programme. Uroburos is considered an advanced rootkit that is active since as far back as 2011, it is used to infect networks belonging to high-level targets, stealing data after setting up rogue P2P networks, it targets […]

Pierluigi Paganini March 02, 2014
Russia Today hacked, tensions from Crimea to cyberspace

Russia Today media agency has been hacked by unknown attackers just after Putin’s order to move troops to the Crimea was approved by the Parliament. The tension between Russia and Ukraine also has repercussions in the cyberspace where Russia Today, Russian principal news channel website (RT.com) has been hacked and defaced by an unknown group of […]

Pierluigi Paganini March 02, 2014
Government-built malware and cyber weapons will run out of control

F-Secure’s Chief Mikko Hyppönen at the TrustyCon explained the risk that Government-built malware and cyber weapons will run out of control. F-Secure’s Chief Research Officer Company Mikko Hyppönen at the TrustyCon conference in San Francisco explained that almost every government is spending a great effort to improve its cyber capabilities building a cyber weapon. “Governments writing […]

Pierluigi Paganini March 01, 2014
Critical flaw in Yahoo allows Hacker to delete 1.5M records

Vulnerability in Yahoo allowed Egyptian hacker to delete more than 1 million and half records from Yahoo database. Yahoo immediately fixed it. The Egyptian cyber security expert Ibrahim Raafat has discovered a serious flaw  in the Yahoo! website. The hacker demonstrated on his blog how to exploit the “Insecure Direct Object Reference Vulnerability” vulnerability in the Yahoo! sub-domain (suggestions.yahoo.com) to delete all […]