Pierluigi Paganini
November 01, 2016
Google has disclosed a Windows zero-day vulnerability after 7-day deadline it gives vendors when the flaw is actively exploited in the wild by hackers. Google has once again publicly disclosed a zero-day vulnerability affecting current versions of Windows operating system and Microsoft still hasn’t issued a patch. Yes, you’ve got it right! There is a […]
Pierluigi Paganini
November 01, 2016
Security researchers at CRITIFENCE cyber security labs publicly announced this morning (November 1, 2016) major cyber security vulnerabilities affecting one of the world’s largest manufacturers of SCADA and Industrial Control Systems, Schneider Electric. The zero-day vulnerabilities dubbed PanelShock, found earlier this year by Eran Goldstein, CTO and Founder of CRITIFENCE, a leading Critical Infrastructure, […]
Pierluigi Paganini
October 26, 2016
Tencent Team Keen won $215k at PWN2OWN Mobile by hacking Nexus 6p and using two exploits for the iPhone iOS 10.1 … all in just 5 minutes each round. Yesterday I was writing about the possibility to hack an Apple device just by opening an image or a PDF, today I desire to inform you […]
Pierluigi Paganini
October 20, 2016
Experts from Kaspersky have discovered a new APT dubbed FruityArmor APT using a zero-day vulnerability patched this month by Microsoft. A new APT group, dubbed FruityArmor, targeted activists, researchers, and individuals related to government organizations. According to experts at Kaspersky Lab, the FruityArmor APT conducted targeted attacks leveraging on a Windows zero-day vulnerability, tracked as CVE-2016-3393, recently […]
Pierluigi Paganini
October 19, 2016
Information Security experts have discovered an SQL injection zero-day vulnerability in Joomla component ja-k2-filter-and-search. Information Security Researchers Dimitrios Roussis and Evangelos Apostoloudis have discovered an SQL injection vulnerability in component ja-k2-filter-and-search (https://www.joomlart.com/joomla/extensions/ja-k2-search) of Joomla, a popular open-source Content Management System (CMS). This component has been used in various Joomla sites. Through the use of the […]
Pierluigi Paganini
August 10, 2016
The bug hunting company Exodus announced its bug bounty program. Who will pay more for a 0-day exploit? Reflecting on the zero-day market. Almost every IT giant has launched its bug bounty program, the last in order of time is Apple that last week announced the initiative during the Black Hat Conference. How much is […]
Pierluigi Paganini
August 08, 2016
The experts from the Irish Garda are investigating a malware-based attack that forced it to shut down its data systems. No system was breached. The Garda Síochána, the national police service of Ireland, was forced to shut down its data systems in response to a malware-based attack. The Ireland’s national police put in place the emergency […]
Pierluigi Paganini
August 06, 2016
FireEye documented more than 1,500 vulnerabilities affecting ICS disclosed in the past 15 years, and some of them are still present. Security of critical infrastructure is a pillar of the cyber strategy of any government, both the NIS directive and Warsaw NATO summit stressed the importance of a proper security posture to protect our systems from cyber […]
Pierluigi Paganini
July 18, 2016
DARPA organized a challenge where 7 finalists will battle it out with the Artificial Intelligence system to detect flaws and scan networks for exploits. The Rio Olympics 2016 is something everyone is looking forward to. The sportsmanship, the record making, medals the spirit of the game and the hilarious doping scandals like the 1920’s grafting […]
Pierluigi Paganini
July 04, 2016
The researcher Dmytro Oleksiuk published details of ThinkPwn flaw, a UEFI zero-day that could be exploited by hackers to disable security features. Once again the IT giant Lenovo is in the headlines, some products of the company and some others from other PC vendors, are affected by a UEFI vulnerability, dubbed ThinkPwn, that can be exploited […]
