VPN

Pierluigi Paganini December 18, 2015
Unauthorized code found in Juniper’s firewall OS

An operating system running on firewalls sold by Juniper Networks contains unauthorized code that could be exploited to decrypt traffic sent through virtual private networks. An “unauthorized code” was discovered in the operating system for Juniper NetScreen firewalls. The company admitted the presence of the “unauthorized code” that could allow an attacker to decrypt VPN traffic. [“unauthorized code”] “could allow […]

Pierluigi Paganini November 27, 2015
VPN users be aware , Port Fail flaw can reveal your identity

Security experts at the VPN provider Perfect Privacy discovered a new vulnerability dubbed Port Fail that could be exploited to de-anonymize VPN users. Security experts at the VPN provider Perfect Privacy discovered a new vulnerability dubbed Port Fail which affect all VPN (Virtual Private Network) protocols and operating systems. An attacker can exploit the Port Fail flaw […]

Pierluigi Paganini October 24, 2015
How to improve Internet security after the disclosure of the Diffie-Hellman flaw

Now that it is known a critical flaw in the Diffie-Hellman key-exchange protocol was exploited by the NSA to break the internet encryption, how to stop it? Recently a group of researchers has revealed how the NSA has cracked HTTPS, SSH, and VPNs rely on the Diffie-Hellman encryption by exploiting a wrong implementation of the cryptographic algorithm. The […]

Pierluigi Paganini October 09, 2015
Bad actors target entities worldwide via Cisco WebVPN

Experts at Volexity discovered a hacking campaign targeting the CISCO WebVPN VPN product, attackers aim to steal corporate login credentials. A virtual private network (VPN) allows to extend a private network across a public connection, they are mainly used to protect users’ privacy and improve security for data in transit. Virtual Private Networks are commonly used many companies and organizations […]

Pierluigi Paganini December 30, 2014
Until 2012 the Intelligence failed to decrypt Tor network

A new collection of documents leaked by Snowden and disclosed by the Der Spiegel reveals the difficulties of Intelligence agencies to de-anonymize Tor users A new collection of NSA documents crawled by the Edward Snowden was leaked online during the weekend, the German news agency Der Spiegel has published online a dump of PDF files […]

Pierluigi Paganini August 03, 2014
A new Citadel trojan variant includes different remote management tools to maintain persistence on victims PC

Experts at IBM discovered a new variant of Citadel banking malware which includes different remote management tools to maintain persistence on victims’ PC. Researchers at IBM discovered a new variant of the Citadel banking malware which includes a new interesting feature that allows attackers to maintain persistence in the victim’s machine through remote management tools. Citadel is directly […]

Pierluigi Paganini May 10, 2014
Heartbleed one month later, at least 300k servers are still vulnerable

Security researcher Robert Graham published the results of recent global scan searching for Heartbleed vulnerable systems. 300k systems are still vulnerable Heartbleed flaw is a bug disclosed more than a month ago, which affected OpenSSL library with serious repercussion on most common encryption services we daily use. Encrypted communications, mobile platforms, VPN and Tor networks are just a […]

Pierluigi Paganini April 22, 2014
Certificate revocation checks aren’t efficient against Heartbleed

Security researcher Adam Langley of Google explained the real efficiency of revocation checking in response to OpenSSL heartbeat bug. The Heartbleed bug is a source of great concern for IT industry, every day we discover that the flaw in the OpenSSL library has had a significant impact on Servers, on the mobile industry and on the anonymity […]

Pierluigi Paganini April 20, 2014
Mandiant uncovered Heartbleed based attacks to Hijack VPN sessions

Security experts at Mandiant uncovered attackers exploiting the Heartbleed vulnerability to circumvent Multi-factor Authentication on VPNs. We have practically read everything about HeartBleed bug which affects OpenSSL library, we have seen the effects on servers, on mobile devices and also on Tor anonymity,  now lets focus on the possibility to exploit it to hijack VPN […]

Pierluigi Paganini March 12, 2014
162,000 WordPress instances abused for DDoS attack

Sucuri firm detected a large DDOS attack that leveraged thousands of unsuspecting WordPress websites as indirect amplification vectors. The security community is threatened by a new botnet composed at least 162,000 WordPress-powered websites abused to run DDoS attacks. The technique of attack allows to flood a target with requests sent by WordPress servers that received a […]