Pierluigi Paganini
April 09, 2017
The researcher Ralf Weinmann revealed that millions of mobile phones and laptops are potentially exposed to attack leveraging baseband zero-days he discovered. The researcher Ralf-Phillip Weinmann, managing director at security firm Comsecuris, has disclosed a zero-day baseband vulnerability affecting Huawei smartphones, laptop WWAN modules, and IoT components. Baseband is firmware used on smartphones to connect to cellular […]
Pierluigi Paganini
March 29, 2017
Millions of websites are affected by a buffer overflow zero-day vulnerability, tracked as CVE-2017-7269, that resides in the IIS 6.0. The II6 6.0 zero-day flaw was discovered by two researchers with the Information Security Lab & School of Computer Science & Engineering, South China University of Technology Guangzhou, China who published a PoC code exploit on GitHub. […]
Pierluigi Paganini
March 14, 2017
Canada Revenue Agency confirmed it shut down its website for filing federal taxes due to a cyber attack leveraging the CVE-2017-5638 flaw in Apache Struts 2 The Canada Revenue Agency (CRA) confirmed it shut down its website for filing federal taxes after hackers broke into the server at the nation’s statistics bureau. The security breach occurred […]
Pierluigi Paganini
March 09, 2017
Researchers have spotted a remote code execution zero-day in Apache Struts 2, the flaw has being exploiting by that threat actors in the wild. Security researchers have spotted a remote code execution zero-day, tracked as CVE-2017-5638, in Apache Struts 2, and the bad news is that threat actors in the wild are already exploiting it. According to […]
Pierluigi Paganini
March 05, 2017
In January, a cyber attack breached some systems at Barts NHS Trust and forced them offline. Hackers exploited a zero-day vulnerability. In January, a cyber attack breached some systems at Barts NHS Trust and forced them offline. Barts Health Trust runs the Royal London, St Bartholomew’s, Whipps Cross, Mile End and Newham hospitals. The hackers used […]
Pierluigi Paganini
February 03, 2017
The US-CERT issued a security advisory to warn of a zero-day memory corruption vulnerability in the SMB (Server Message Block) protocol that can be exploited by a remote attacker. The US-CERT is warning of a zero-day memory corruption vulnerability in the SMB (Server Message Block) protocol that can be exploited to cause a denial of service condition or […]
Pierluigi Paganini
January 06, 2017
CyberZeist claims that he hacked the FBI’s website exploiting a zero-day flaw in Plone, but the Plone security team declared the FBI hack is a hoax. Security Affairs was probably the first blog to spread the news of the alleged FBI hack. I was contacted by the notorious hacker CyberZeist, he is very popular in the […]
Pierluigi Paganini
December 13, 2016
Adobe issued security patches that address multiple flaws in 9 products, including fixes for zero-day vulnerabilities that has been exploited in the wild. Adobe has issued security updates to fix vulnerabilities in nine products, including patches for zero-day flaws that has been exploited in targeted attacks. The version 24.0.0.186 of Flash Player addresses 17 vulnerabilities, some of them can […]
Pierluigi Paganini
November 10, 2016
The effects of cyber-attacks against SCADA/ICS are well known, however, there is a great confusion when dealing with mitigation techniques. The Majority are aware of the impact cyber-attacks can have on Industrial Control Systems however, the reality in terms of mitigation techniques are shrouded with confusion and a reactive approach. Recent 0-day vulnerability dubbed as […]
Pierluigi Paganini
November 09, 2016
Microsoft has issued a security patch that fixes the zero-day vulnerability tracked as CVE-2016-7255 exploited by Russian hackers. Microsoft has issued security patches that fixed also the zero-day vulnerability exploited by Russian hackers. One of the zero-days tracked as CVE-2016-7255 has been patched in the MS16-135 bulletin that also addresses two information disclosure and three […]
