Security

Pierluigi Paganini January 21, 2019
Unpatched Cisco critical flaw CVE-2018-15439 exposes small Business Networks to hack

Unpatched critical flaw CVE-2018-15439 could be exploited by a remote, unauthenticated attacker to gain full control over the device. Cisco Small Business Switch software is affected by a critical and unpatched vulnerability (CVE-2018-15439) that could be exploited by a remote, unauthenticated attacker to gain full control over the device. Cisco Small Business Switch SOHO devices allow […]

Pierluigi Paganini January 19, 2019
6 Reasons We Need to Boost Cybersecurity Focus in 2019

Paying attention to cybersecurity is more important than ever in 2019. But, some companies are still unwilling to devote the necessary resources to securing their infrastructures against cyberattacks, and naive individuals think they’re immune to the tactics of cybercriminals, too. For people who still need some convincing that cybersecurity is an essential point of focus, […]

Pierluigi Paganini January 19, 2019
A bug in Microsoft partner portal ‘exposes ‘ support requests to all partners

A bug in Microsoft partner portal ‘exposes ‘ support requests to all partners, fortunately, no customer data was exposed. The Register in exclusive reported that Microsoft partner portal ‘exposed ‘every’ support request filed worldwide.’ Tickets submitted from all over the world were exposed to all Microsoft support partners due to the glitch. “At the moment […]

Pierluigi Paganini January 18, 2019
Oracle critical patch advisory addresses 284 flaws, 33 critical

Oracle released the first critical patch advisory for 2019 that addresses a total of 284 vulnerabilities, 33 of them are rated “critical”. Let’s give a close look at some of the vulnerabilities fixed by this patch advisory. The advisory fixed the CVE-2016-1000031 flaw, a remote code execution (RCE) bug in the Apache Commons FileUpload,  disclosed in November […]

Pierluigi Paganini January 17, 2019
Drupal fixes 2 critical code execution issues flaws in Drupal 7, 8.5 and 8.6

Drupal released security updates for Drupal 7, 8.5 and 8.6 that address two “critical” security vulnerabilities that could be exploited for arbitrary code execution. The first vulnerability could be exploited by a remote attacker to execute arbitrary PHP code. The flaw resides in the phar stream wrapper implemented in PHP and is related to the way […]

Pierluigi Paganini January 15, 2019
Too many issues in Pentagon networks expose it to cybersecurity risks

A new security assessment conducted by the Defense Department Inspector General revealed that the Pentagon is still exposed to many cyber risks, The report published by the Defense Department Inspector General on January 9, shows a worrisome situation, there are 266 issue, some of them are ten-years-old cybersecurity‑related recommendations still unresolved in the Pentagon infrastructure. This means that […]

Pierluigi Paganini January 15, 2019
Mozilla will disable Adobe Flash by default starting from Firefox 69

Starting from Firefox 69, Mozilla will disable Adobe Flash by default, a process that aims to completely remove the support for the popular plugin.  Mozilla announced that the Firefox 69 will no longer support Adobe Flash due to a large number of serious flaws exploited by hackers in attacks across the years. The decision was […]

Pierluigi Paganini January 14, 2019
Zurich refuses to pay Mondelez for NotPetya damages because it’s ‘an act of war’

Zurich American Insurance Company is refusing to refund its client because consider the attack as “an act of war” that is not covered by its policy. The US food giant Mondelez is suing Zurich for $100 Million after the insurance company rejected its claim to restore normal operations following the massive NotPetya ransomware attack. On […]

Pierluigi Paganini January 11, 2019
British hacker sentenced to jail for attack on Liberian Telecoms firms

The British hacker Daniel Kaye has been sentenced to 32 months in prison for the cyberattack on Liberian telecom firms. The British hacker Daniel Kaye (29) has been sentenced to 32 months in prison for the 2016 attack that took down telecommunications services in Liberia. Kaye pleaded guilty in December to two charges under the Computer Misuse […]

Pierluigi Paganini January 10, 2019
CISCO addresses DoS bugs in CISCO ESA products

Cisco addressed two DoS vulnerabilities in CISCO ESA products that can be exploited by remote unauthenticated attacker. Cisco fixed two denial-of-service (DoS) flaws in Email Security Appliance (ESA) products that can be exploited by a remote unauthenticated attacker. The first flaw tracked as CVE-2018-15453  has been rated as “critical,” it is a memory corruption bug caused […]