-
Mar 26, 2020
A recently discovered campaign that targets home and small-office routers is redirecting users to fake COVID-19 informational sites that attempt to install password stealing malware. A post published by security firm Bitdefender [1] said the attack is targetting Linksys routers,… read more »
-
Mar 25, 2020
Windows Service Accounts are the elephant in the room in the corporate environment: things that nobody ever talks about or considers to be a problem. Often, these service accounts are in the Domain Admins group, with passwords like "Service123", "Password123",… read more »
-
Mar 24, 2020
Microsoft has released a security advisory about a remote code execution vulnerabilities affecting all currently supported versions of Windows and Windows Server operating systems. According to advisory [1], a remote attacker can exploit these vulnerabilities, affecting the Adobe Type Manager… read more »
-
Mar 23, 2020
Also last week, the main topic was Covid-19: Let's try to recap.Ah, I forgot: STAY. AT. HOME. http://www.commitstrip.com/en/2020/03/19/stay-at-home/ Technology Google’s coronavirus information site is now live Google has just launched a site with information and resources to understand the coronavirus… read more »
-
Mar 20, 2020
Mimikatz is a famous post-exploitation tool written in C by Benjamin Delpy: it allows a local attacker to dump secrets from memory exploiting Windows single sign-on functionality. How Mimikatz works? Until Windows 10, Microsoft's OSs by default used a feature… read more »
-
Mar 19, 2020
Valerio Mulas published an interesting analysis about the security of Android-based Smart TVs. The analysis points out the default configuration of most Android-based TVs, which allows you to enable the ADB, install unsigned applications and theoretically gain full control of… read more »
-
Mar 18, 2020
Professor Douglas Leith from Trinity College in Ireland, tested six web browsers to determine what data they were sharing. According to research [1], tested browsers splits into three distinct groups from this privacy perspective.In the first group, the most private, lies… read more »
-
Mar 17, 2020
The Signal protocol is provides end-to-end encryption for instant messaging in WhatsApp, Wire, and Facebook Messenger among many others, serving well over 1 billion active users. Some years ago, a team of researchers (Katriel Cohn-Gordon, Cas Cremers, Benjamin Dowling, Luke… read more »
-
Mar 16, 2020
These are hard times but, everything will be fine! Italians are singing songs from their windows to boost morale during coronavirus lockdown https://twitter.com/Veritatisvis/status/1238552631548747777 Videos have been shared on social media of Italian citizens singing and dancing during a nationwide lockdown… read more »
-
Mar 13, 2020
Since Windows 8, Microsoft has moved to a new commercial strategy: in addition with traditional selling of OS licenses, started got revenues from searches, apps and games. But to do this, MS has started the collection of “telemetry” data, considered… read more »
-
Mar 11, 2020
Security firms inadvertently leaked info about a 0-Day 'wormable' vulnerability found in the SMBv3 protocol. UPDATE - 2020/03/13 Microsoft released the KB4551762 security update to patch the vulnerability: update ASAP! After the release of Patch Tuesday fixes, Fortinet [2] and Cisco Talos [3] published… read more »
-
Mar 11, 2020
Many processors made by Intel are vulnerable to a new type of attack named Load Value Injection. The vulnerability, tracked as CVE-2020-0551, was first reported to Intel in April 2019 by Jo Van Bulck from the KU Leuven research university… read more »
-
Mar 10, 2020
Do you need a secure and private messenger? You shouldn't be use Telegram! In the past, I've already written about security laks of major messenger systems [1]. So, today I'd like to share some interesting highlight from a post by… read more »
-
Mar 9, 2020
A lot has happened on last week, folks! But, first, don't panic! Don’t Panic: The comprehensive Ars Technica guide to the coronavirus More than 100,000 people have been infected with a new coronavirus that has spread widely from its origin… read more »
-
Mar 6, 2020
In 2008, a team of students and researchers from Princeton University, Wind River Systems and the Electronic Frontier Foundation published a research paper [3] examining the phenomena of computer memory remanence.That paper has confirmed what had long been theorized by… read more »
-
Mar 5, 2020
A research team has recently discovered a new attack method that enables remote users to interact with voice-controlled device using ultrasonic waves transmitted through (for example) the surface on which is placed the target device. The attack, dubbed "SurfingAttack" [1]… read more »
-
Mar 4, 2020
During an incident response, a fast analysis could be required, often on systems that aren't the workstation usually used by the analyst.So, I always suggest to create a small and simple toolkit that can be copied on a USB stick.… read more »
-
Mar 3, 2020
A brief update regarding the Ghostcat vulnerability (CVE-2020-1938) that affects Apache Tomcat servers. According to a tweet by cyber threat intelligence firm Bad Packets, "mass scanning activity targeting this vulnerability has already begun": The attack perimeter is huge: according to… read more »
-
Mar 2, 2020
Luckily, there's more to life than coronavirus! Cybersecurity New Wi-Fi Encryption Vulnerability Affects Over A Billion Devices Cybersecurity researchers today uncovered a new high-severity hardware vulnerability residing in the widely-used Wi-Fi chips manufactured by Broadcom and Cypress—apparently powering over a… read more »
-
Feb 28, 2020
It is well known that voice assistants aren’t perfect and will start recording event when you don't say their trigger word, but a team of researchers wanted to quantify how often these activations happen and what the devices hear when… read more »