zero-day vulnerabilities

Pierluigi Paganini January 23, 2019
0patch releases unofficial security patches for 3 Windows flaws yet to be fixed

Researchers from 0patch, a community of experts that aims at addressing software flaws, released unofficial patches for three Windows vulnerabilities that Microsoft has yet to be fixed. The list of vulnerabilities addressed by 0patch include a denial-of-service (DoS) bug, a file read issue, and a code execution flaw. “While we’re busy ironing out the wrinkles before […]

Pierluigi Paganini April 21, 2014
Critical Infrastructure security, is it possible a shared regulatory?

Reflession on the necessity to adopt a shared regulatory for the security of critical infrastructure. Eugene Kaspersky point of view on the topic. Security of critical infrastructure is a critical urgency of any government, the NIST announced the Framework for Improving Critical Infrastructure Security, a document that proposed cybersecurity standards and practices to build out a security program. The cybersecurity […]

Pierluigi Paganini September 07, 2013
NSA Bullrun program, encryption and false perception of security

Revelations on Bullrun program demonstrated that NSA has capabilities against widely-used online protocols such as HTTPS and encryption standards. The latest nightmare for US Administration is named Bullrun, another US program for massive surveillance. Snowden‘s revelations represented a heartquake for IT security, the image of NSA and US IT companies are seriously compromised such the trust of worldwide […]

Pierluigi Paganini May 21, 2013
Zero-day market, the governments are the main buyers

Governments, and in particular US one, are principal buyers of zero-day vulnerabilities according a report published by Reuters. Zero-days exploits are considered a primary ingredient for success of a cyber attack, the knowledge of zero-day flaw gives to the attacker guarantee of success, state-sponsored hackers and cyber criminals consider zero-day exploits a precious resources around […]

Pierluigi Paganini March 27, 2013
First APT attack on Android targeted Tibetan & Uyghur activists

Read about APT attacks has become customary, even easier to hear of attacks against political dissidents or minorities as Tibetan and Uyghur activists, but never before has been exploited the Android platform for this type of offensive. In the past Tibetan minorities have been already targeted with malware able to infect Windows and Mac OSs, […]

Pierluigi Paganini March 05, 2013
Java exploit signed with certificate stolen to Bit9

According security experts the numerous cyber attacks that hit principal IT companies, news agencies and government offices exploited zero-day vulnerabilities in Java software to the point that many recommend to uninstall Java plug-in from our browser unless absolutely necessary. Same clamor had obtained in the past the discovery that malware source codes were signed with […]

Pierluigi Paganini February 26, 2013
New Zero-Day Vulnerabilities affect Java earlier versions

Java, Java and once again Java, the popular framework and its vulnerabilities are becoming a really nightmare for security experts, billion of users and their machines are exposed to a series of attacks that try to exploit flaws in the Oracle software. Security worldwide community attributes to the Java vulnerabilities the principal responsibilities for recent […]

Pierluigi Paganini February 06, 2013
Threat Report H2 2012 proposed by F-Secure

Today the principal channel for malware diffusion is considered internet, large diffusion of exploit kits and crimeware such as BlackHole, Cool Exploit and Incognito have automated the infection process over the network. Majority of attacks exploits vulnerabilities in large use applications, such as browsers, and the leak of responsive patch management expose users to serious […]

Pierluigi Paganini January 11, 2013
SCADA and critical infrastructures, in … security

According last report published by The European Network and Information Security Agency (ENISA)   “ENISA Threat Landscape – Responding to the Evolving Threat Environment” that summarizes principal cyber threats, critical infrastructures represent privileged targets for emerging trends. Different agents such as terrorists, state-sponsored hackers or hacktivists could be interested in attack control systems within a critical […]

Pierluigi Paganini November 27, 2012
Proactive defense, humans or machines … that’s the question

  Governments all around the world are committed for the definition of a proper cyber strategy that represents an optimum balance between a good cyber offense and an efficient cyber defense. Cyber conflicts are characterized by the necessity of an immediate cyber response to the incoming cyber threats, in many cases the reaction must be […]