Pierluigi Paganini May 02, 2018
GitHub urged some users to reset their passwords after accidental recorded them

GitHub, world’s leading software development platform, forced password reset for some users after the discovery of a problem that caused internal logs to record passwords in plain text. GitHub urged some users to reset their passwords after a problem caused internal logs to record passwords in plain text. Some users published on Twitter the communication […]

Pierluigi Paganini July 29, 2016
QRLJacking — How to bypass QR Code Based Login System

QRLJacking is an attack technique devised by a cyber security researcher to Hijack bypass QR Code Based Quick Login System. Many desktop applications such as Line, WeChat, and WhatsApp allow users to authenticate themself with the Secure Quick Response Login method that relies on QR-code. The QR-code-based authentication system allows users to quickly access a website […]

Pierluigi Paganini June 20, 2016
GoToMyPC reset all customer passwords

A number of users are experiencing problems during logging into GoToMyPC because Citrix reset account passwords after hackers reportedly attacked it. It’s official, the GoToMyPC service operated by Citrix is the last victim of the hackers. GoToMyPC is remote desktop software that allows users to access and control their computers remotely by using a simple web browser. […]

Pierluigi Paganini March 11, 2016
SAP Download Manager flaw exposed user password

An attacker who manages to get access to a user’s configuration file for SAP Download Manager might be able to obtain the stored proxy password. Are you a SAP user? Do you use the SAP Download Manager that allows downloading of software packages and support notes? You urgently need to update it in order to fix […]

Pierluigi Paganini February 17, 2016
$103,000 stolen in Brain Wallets cracking attacks

A group of researchers discovered that roughly 1,000 brain wallets have been drained by cyber criminals that have stolen $103,000 The term brainwallet refers to the concept of storing Bitcoins in one’s own mind by memorization of a passphrase. The phrase is converted into a 256-bit private key with a hashing or key derivation algorithm (example: SHA256). That […]

Pierluigi Paganini June 19, 2015
XARA data stealing flaws affect Apple iOS, OSX

A team of researchers from Indiana University discovered a number of XARA vulnerabilities in both Apple’s OS X and iOS that allows Apple Keychain crack. A team of researchers from Indiana University (Luyi Xing, Xialong Bai, XiaoFeng Wang, and Kai Chen lead by Tongxin Li, of Peking University, and Xiaojing Liao, of Georgia Institute of […]

Pierluigi Paganini June 11, 2015
United Airlines accounts could be easily locked-out

A security expert discovered that United Airlines accounts could be locked-out by running a brute-force attack. The effects on a large scale could be serious. According to WorldMate security officer Yosi Dahan, a threat actor could easily lock-out United Airlines users from their accounts. Dahan explained that reported the security issue in March under the United Airlines bug bounty […]

Pierluigi Paganini May 28, 2015
Oracle PeopleSoft admin credentials open to hackers

SAP Security experts discovered a number of unpatched vulnerabilities and weaknesses in Oracle PeopleSoft that could be exploited to obtain admin passwords. The SAP security experts, Alexander Polyakov and Alexey Tyurin, revealed that Oracle PeopleSoft contains unpatched vulnerabilities and weaknesses that could be exploited by attackers to obtain admin passwords. The impact of such vulnerabilities […]

Pierluigi Paganini August 29, 2014
97K Bugzilla users affected by data disclosure

Mozilla Security Team announced a new accidental disclosure of email addresses and encrypted passwords of about 97,000 Bugzilla users. On Wednesday, officials at Bugzilla, the bug-tracking system managed by Mozilla, confirmed that email addresses and encrypted passwords belonging to 97,000 of their users had been disclosed. Bugzilla is a bug-tracking software system widely used by […]

Pierluigi Paganini August 04, 2014
Tens of thousands of Mozilla developers emails and password exposed

Mozilla Security Team announced the accidental disclosure of MDN email addresses of about 76,000 users and encrypted passwords of about 4,000 users. Bad news for tens of thousands of Mozilla developers, their email addresses and encrypted passwords were accidentally exposed. The news was reported in blog post published on the official Mozilla Security Blog, the risk is […]