The decision of Fiat Chrysler for providing a software update via Mailed USB is considered disconcerting for the security industry. Do you remember the hack of the Fiat Chrysler Jeep? In response to the disclosure of the details of the successful attack, the company recalled nearly 1.4 vehicles in the US in order to update the firmware running […]
The increasing number of cyber incidents along with a significant improvement of TTP adopted by threat actors requests the adoption of a cyber hygiene. The rate of data breaches are increasing drastically throughout the year. Cyber-attacks could cause severe disruption to a company’s business functions or operational supply chain, impact reputation, compromise customer information or […]
Google is not able to direct control the distribution of bug patches for its devices, and 60 percent of Android phones is exposed to security risks. The security expert Todd Bearsley published an interesting blog post on Rapid7 Security Street blog explaining that the Metasploit framework currently includes 11 different exploits for WebView. “WebView is the core component […]
Microsoft is investigating on potentially faulty Windows security update that is causing some systems to crash with bluescreen error. Last Friday, Microsoft urged its users to uninstall the latest security updates issued by the company because they are causing the unpleasant bluescreen, also know as “Blue Screens of Death” or BSoD. Microsoft released its usual […]
The system used to produce RFID identification cards including permanent resident IDs by the USCIS has a number of serious security issues. A report from the Office of the Inspector General (OIG) at DHS titled “Radio Frequency Identification Security at USCIS Is Managed Effectively, But Can Be Strengthened” confirms the presence of serious security issues in the […]
The Global Threat Intelligence Report (GTIR) addresses the security challenges of organizations globally analyzing 3 billion worldwide attacks occurred in 2013. The NTT Innovation Institute has released the new Global Threat Intelligence Report (GTIR), a document structured to raise awareness of the rapidly evolving global threat landscape. The GTIR was based on threat intelligence and attack data from […]
Cisco observed 400 hosts were infected on daily base and more than 2,700 URLs have been used in a multistage attack against websites running older OS versions. In the last months a growing number of large-scale attacks hit systems all over the world, many of them, like the Snake campaign, are attributable to state-sponsored hackers […]
Secunia’s Vulnerability Review 2014 provides an interesting analysis of the number of vulnerabilities in the Top 50 portfolio products. The Secunia Vulnerability Review provides a vision on global vulnerability trends, evaluating carefully the 50 most popular programs on private PCs. These programs are practically everywhere, in many cases, they are key application for ordinary IT […]
Researcher Dana Taylor is warning on the existence of two critical vulnerabilities in Oracle servers in the wild since a long time. Two serious vulnerabilities affect Oracle’s older database packages, allowing an attacker to remotely access a server bypassing authentication mechanism. Exploiting the flaws the attackers can browse the filesystem of the server accessing any files. […]
A serious vulnerability inside Mozilla Thunderbird Gecko engine allows hackers to insert malicious code into Emails to exploit recipient browser. A critical vulnerability affects the email client Mozilla Thunderbird 17.0.6, the popular application has a validation and filter bypass vulnerability that could be exploited by hackers to bypass the filter that prevents HTML tags from being used in […]