Hacking

Pierluigi Paganini October 24, 2015
You need just $8,000 to exploit a zero-day in a critical infrastructure

How much cost a zero-day for an industrial control system? Where is to possible to buy them and who are the main buyers of these commodities? We have discussed several times about the importance of zero-day in cyber attacks against computer systems, the exploitation of previously unknown vulnerabilities is a prerogative of well-funded hacking groups such as state-sponsored crews. […]

Pierluigi Paganini October 24, 2015
How to improve Internet security after the disclosure of the Diffie-Hellman flaw

Now that it is known a critical flaw in the Diffie-Hellman key-exchange protocol was exploited by the NSA to break the internet encryption, how to stop it? Recently a group of researchers has revealed how the NSA has cracked HTTPS, SSH, and VPNs rely on the Diffie-Hellman encryption by exploiting a wrong implementation of the cryptographic algorithm. The […]

Pierluigi Paganini October 23, 2015
Crooks are hacking CCTV Cameras to launch severe DDoS attacks

Imperva has discovered that attackers hijack CCTV cameras to launch powerful DDoS attacks exploiting weak credentials and poor configurations of IoT devices. Internet of Things devices are becoming privilege targets of threat actors that daily abuse of their resources to run cyber attacks or to organize frauds or to spy on unaware users. Unfortunately, most IoT devices […]

Pierluigi Paganini October 22, 2015
Fitbit trackers can be infected with a malware in just 10 seconds

A security expert conducted a series of tests on the Fitbit trackers discovering how they can be infected with a malware in just 10 seconds. The security researcher Axelle Apvrille revealed that infect Fitbit trackers with a malware is too easy. Axelle Apvrille has managed to infect FitBit Flex fitness tracker and uses them as infection […]

Pierluigi Paganini October 22, 2015
Network Time Protocol flaws can cause chaos on a global scale

Serious flaws in the Network Time Protocol can be exploited to cause severe outages, eavesdrop encrypted communications, bypass authentication processes. Bad news for network administrators, new attacks on Network Time Protocol can defeat HTTPS and create serious problems. The bugs exploited in the attacks was discovered by the experts at the Cisco’s Talos group that has been working […]

Pierluigi Paganini October 21, 2015
Businesses Using Millions of insecure SHA-1 Certificates

Experts at Netcraft discovered that nearly a million SSL SHA-1 certificates were signed with the potentially vulnerable SHA-1 hashing algorithm. Businesses Using Millions of Flawed Certificates, the news is shocking and refers the adoption of SHA-1 certificates, despite the algorithm is considered no more secure. Many big businesses, including firms like Deloitte, are still using SHA-1 certificates, […]

Pierluigi Paganini October 21, 2015
Western Digital self-encrypting hard drives are not secure

A trio of researchers has demonstrated that some versions of self-encrypting hard drives manufactured by the Western Digital are affected by security flaws. Some versions of self-encrypting hard drives manufactured by the Western Digital are affected by security flaws that could be exploited with physical access to access protected data, even without knowing the decryption […]

Pierluigi Paganini October 21, 2015
Crooks stole €600,000 in MitM attacks on EMV Cards

A group of French researchers discovered how Fraudsters Stole nearly $680,000 Via MitM Attack on EMV Cards. On October 1st, EMV (Europay, MasterCard, Visa) cards have been introduced in the US to improve the security of payment card holders. EMV cards, also known as chip-and-PIN cards, rely on a cryptographic chip to improve security of banking transaction and avoid […]

Pierluigi Paganini October 20, 2015
Thousands of Magento websites compromised to serve malware

Security experts have discovered that thousands of websites running the eBay’s Magento e-commerce platform have been compromised and used to deliver malware. Security experts at Sucuri have discovered a malware campaign that targeted a large number of websites the eBay Magento e-commerce platform. The same campaign was also monitored by the researchers at Malwarebytes which focused their analysis […]

Pierluigi Paganini October 20, 2015
A young hacker violated the CIA Director’s private AOL email

A young hacker violated the CIA Director’s personal email account and leaked sensitive files including a top-secret application for a security clearance. A high-school student claims to have hacked the personal email account of the CIA Director John Brennan. CIA and the US law enforcement agencies are investigating on the case. The teen told the New York […]