Pierluigi Paganini September 20, 2015
A string could be used to crash Google Chrome

It seems incredible, but as already happened for Skype it is possible to crash the latest version of Google Chrome with a simple tiny URL. The flaw was discovered last week by the expert Andris Atteka who filed also a bug report. “Recently I reported a crash bug in Google Chrome (issue #533361). This issue reminded […]

Pierluigi Paganini April 29, 2015
How to exploit flaws in InFocus IN3128HD Projector to hack host network

The firmware running on the InFocus IN3128HD Projector is affected by an authentication bypass flaw which allows the hack of the host network. Another smart object was found vulnerable by security experts, it is a popular projector commonly used in classrooms. The manufacturer has discovered several authentication flaws affecting the firmware running on the projector, the vulnerabilities could be […]

Pierluigi Paganini January 28, 2015
Java poses the biggest security risks to PCs in US

According to a new series of reports published by Secunia firm, Oracle Java poses the biggest security risks to Desktop machines in the US. According to the a new report published by Secunia security vendor, Oracle Java software represents the principal source of problems for private US desktops, followed by Apple Quicktime 7.x. Oracle Java is […]

Pierluigi Paganini January 28, 2015
Ghost Remote Code Execution Vulnerability scares the Linux community

The Linux GNU C Library (glibc) versions prior to 2.18 are affected by the GHOST remote code execution vulnerability present in the ‘gethostbyname’ function. A new critical vulnerability is threatening the Linux community, the flaw affects the glibc GNU C library. The vulnerability is present in all Linux systems dating back to 2000 and could […]

Pierluigi Paganini July 31, 2014
Discovered attacks to compromise TOR Network and De-Anonymize users

On July 4 2014 Tor Team discovered a group of malicious relays that they assume were trying to deanonymize Tor Network users with confirmation attack technique. Tor network is an excellent technology to ensure users’ online anonymity, thanks to the Tor network users can hide online activities, staying far from the prying eyes of governments and […]

Pierluigi Paganini March 25, 2014
Another zero-day vulnerability is threatening the Microsoft world

Microsoft issued a security advisory for the presence of a zero-day vulnerability in Microsoft Word products which allows a remote code execution. Another zero-day vulnerability is threatening the Microsoft world, the news was issued by Microsoft through an official security advisory (CVE-2014-1761). The vulnerability is present in Microsoft Word product, it allows a remote code execution that can […]

Pierluigi Paganini March 06, 2014
FireEye 2013 Advanced Threat Report on APTs campaigns

FireEye issued the 2013 Advanced Threat Report, the study provides a high-level overview of the computer network attacks by APTs discovered by the company.   Today I desire to analyze with you the data proposed by FireEye in the 2013 Advanced Threat Report (ATR), the study provides a high-level overview of the computer network attacks discovered […]

Pierluigi Paganini February 15, 2014
FireEye discovered a new watering hole attack based on 0-day exploit

Security researchers from FireEye have recently  discovered a new IE 10 Zero-Day exploit being used in a watering hole attack. Security experts at FireEye discovered a new IE 10 Zero-Day exploit (CVE-2014-0322) being used in a watering hole attack on the US Veterans of Foreign Wars (VFW) website. The zero-day allows the attacker to modify one byte […]

Pierluigi Paganini January 08, 2014
Windows Zero-Day vulnerability used in targeted attacks against 28 Embassies

TrendLab malware analysts confirmed that recent Windows Zero-Day vulnerability was exploited in cyber attack against Embassies in a Middle Eastern capital. At the end of the last year Microsoft revealed that a zero-day vulnerability was in use in targeted attacks against Windows XP and Server 2003 systems. The discovery of the flaw in Microsoft OSs was made […]

Pierluigi Paganini December 20, 2013
New cyber attack against The Washington Post

Security experts at Mandiant have discovered that hackers break into Washington Post servers stealing employee users credentials hashes. Security experts at Mandiant intelligence firm have discovered a new intrusion into the network of The Washington Post, it is the third time in the last three years. In time I’m writing it is still not clear […]