Pierluigi Paganini
October 19, 2016
Information Security experts have discovered an SQL injection zero-day vulnerability in Joomla component ja-k2-filter-and-search. Information Security Researchers Dimitrios Roussis and Evangelos Apostoloudis have discovered an SQL injection vulnerability in component ja-k2-filter-and-search (https://www.joomlart.com/joomla/extensions/ja-k2-search) of Joomla, a popular open-source Content Management System (CMS). This component has been used in various Joomla sites. Through the use of the […]
Pierluigi Paganini
August 10, 2016
The bug hunting company Exodus announced its bug bounty program. Who will pay more for a 0-day exploit? Reflecting on the zero-day market. Almost every IT giant has launched its bug bounty program, the last in order of time is Apple that last week announced the initiative during the Black Hat Conference. How much is […]
Pierluigi Paganini
August 08, 2016
The experts from the Irish Garda are investigating a malware-based attack that forced it to shut down its data systems. No system was breached. The Garda Síochána, the national police service of Ireland, was forced to shut down its data systems in response to a malware-based attack. The Ireland’s national police put in place the emergency […]
Pierluigi Paganini
August 06, 2016
FireEye documented more than 1,500 vulnerabilities affecting ICS disclosed in the past 15 years, and some of them are still present. Security of critical infrastructure is a pillar of the cyber strategy of any government, both the NIS directive and Warsaw NATO summit stressed the importance of a proper security posture to protect our systems from cyber […]
Pierluigi Paganini
July 18, 2016
DARPA organized a challenge where 7 finalists will battle it out with the Artificial Intelligence system to detect flaws and scan networks for exploits. The Rio Olympics 2016 is something everyone is looking forward to. The sportsmanship, the record making, medals the spirit of the game and the hilarious doping scandals like the 1920’s grafting […]
Pierluigi Paganini
July 04, 2016
The researcher Dmytro Oleksiuk published details of ThinkPwn flaw, a UEFI zero-day that could be exploited by hackers to disable security features. Once again the IT giant Lenovo is in the headlines, some products of the company and some others from other PC vendors, are affected by a UEFI vulnerability, dubbed ThinkPwn, that can be exploited […]
Pierluigi Paganini
June 19, 2016
Adobe Flash Player 22.0.0.192 release fixes the Flash Player zero-day vulnerability (CVE-2016-4171) exploited by the APT group dubbed ScarCruft. Adobe has issued the Flash Player 22.0.0.192, a release that fixes the Flash Player zero-day vulnerability (CVE-2016-4171) exploited by the APT group dubbed ScarCruft in attacks on high-profile targets. The Flash Player flaw CVE-2016-4171 affects versions 21.0.0.242 and earlier for […]
Pierluigi Paganini
June 15, 2016
Security experts from Kaspersky Lab revealed that an APT group dubbed ScarCruft exploited the zero day vulnerability (CVE-2016-4171) in Adobe Flash Player. According to the experts from Kaspersky Lab, an APT group dubbed ScarCruft exploited a zero day vulnerability (CVE-2016-4171) in Adobe Flash Player. The group launched a series of attacks against high-profile targets against entities in […]
Pierluigi Paganini
June 15, 2016
Adobe states that the Flash Player zero-day vulnerability (CVE-2016-4171) has been exploited in targeted attacks. It will be fixed later this week. Once again Adobe Flash Player is the target of hackers in the wild. Adobe has released security updates for several of its products announcing that the fix for a critical Flash Player zero-day vulnerability […]
Pierluigi Paganini
May 16, 2016
The FireEye researcher Genwei Jiang revealed the exploit chain related to phishing attacks leveraging CVE-2016-4117 flaw recently fixed by Adobe. Security experts at FireEye have recently spotted an attack leveraging on an Adobe zero-day vulnerability (CVE-2016-4117) recently patched. The CVE-2016-4117 flaw affects older versions of the Adobe Flash, a few days ago the company was informed of a new zero-day […]
