Apple has removed mobile apps from the iOS Apple store that are installing root CA certificates that enable traffic to be intercepted. Apple has pulled several apps out from the official iOS App Store over SSL/TLS security concerns, this means that the security issues could allow threat actors to compromise encrypted connections between the servers […]
A group of researchers has demonstrated that the cost of breaking the SHA-1 hash algorithm is lower than previously estimated. The SHA-1 is still one of the most used cryptographic hash algorithm, but bad news for its supporters, a New Collision Attack Lowers Cost of Breaking it. The news is worrying, the cost and time […]
Experts at Volexity discovered a hacking campaign targeting the CISCO WebVPN VPN product, attackers aim to steal corporate login credentials. A virtual private network (VPN) allows to extend a private network across a public connection, they are mainly used to protect users’ privacy and improve security for data in transit. Virtual Private Networks are commonly used many companies and organizations […]
The Cleaver group is once again in the headlines managing a well-developed network of fake LinkedIn profiles for cyber espionage purpose. Do you remember the Iran-based APT Cleaver? In December the security firm Cylance released a detailed report on the hacking Operation Cleaver that was run by state-sponsored hackers linked to the Iran. The Iranian hackers targeted critical infrastructure worldwide, ten of which […]
Microsoft web applications, such as Outlook or OneDrive and account pages, expose visitorsâ Microsoft Identifier (CID) in plain text. A Chinese developer, which uses the pseudonym of ramen-hero, discovered that Outlook.com, OneDrive, and Microsoft’s account pages use a unique user identifier known, also known as CID, in their web applications. The Microsoft CID is a 64-bit integer used […]
A group of researchers from the iTrust has demonstrated how to use a Drone to intercept wireless printer transmissions from outside an office building. Recently I wrote a blog post on the Infosec Institute titled “Modern Physical Security Awareness Is More Than Dumpster Diving” where I explain how the concept of physical security is evolving […]
The Cisco Talos Group has performed in-depth research on the threat actors behind the Angler Exploit Kit, and even had behind-the-scenes access. The Cisco Talos Group has performed in-depth research on the threat actors behind the Angler Exploit Kit, and even had behind-the-scenes access, allowing statistical information as well as Anglerâs inner-workings to be examined. Note that […]
The nuclear industry is still unprepared to respond cyberattacks exposing civil nuclear facilities worldwide at risk of cyber attacks. Civil nuclear facilities worldwide are privileged targets for cyber attacks, according to a new report published this week by the Chatham House. The Stuxnet attack that targeted Iranian nuclear facilities demonstrated the risks for cyberattacks, for the first […]
The Independent AV-Test Institute has analyzed 16 Linux security solutions against Windows and Linux threats under Ubuntu. The results are disconcerting. The result of the tests on Linux security solutions demonstrates that many Linux machines are vulnerable to cyber attacks, let’s consider to billions of internet users that daily access Web servers. In many cases, […]
At the Virus Bulletin 2015 conference, the security researcher Oleg Petrovsky detailed methods that can be used to hack drones with pre-programmed routes. The drone industry is growing at a rapid pace, the aerospace research company Teal Group estimated that sales of military and civilian drones will total over $89 billion in the next 10 […]