-
Mar 9, 2020
A lot has happened on last week, folks! But, first, don't panic! Don’t Panic: The comprehensive Ars Technica guide to the coronavirus More than 100,000 people have been infected with a new coronavirus that has spread widely from its origin… read more »
-
Mar 6, 2020
In 2008, a team of students and researchers from Princeton University, Wind River Systems and the Electronic Frontier Foundation published a research paper [3] examining the phenomena of computer memory remanence.That paper has confirmed what had long been theorized by… read more »
-
Mar 5, 2020
A research team has recently discovered a new attack method that enables remote users to interact with voice-controlled device using ultrasonic waves transmitted through (for example) the surface on which is placed the target device. The attack, dubbed "SurfingAttack" [1]… read more »
-
Mar 4, 2020
During an incident response, a fast analysis could be required, often on systems that aren't the workstation usually used by the analyst.So, I always suggest to create a small and simple toolkit that can be copied on a USB stick.… read more »
-
Mar 3, 2020
A brief update regarding the Ghostcat vulnerability (CVE-2020-1938) that affects Apache Tomcat servers. According to a tweet by cyber threat intelligence firm Bad Packets, "mass scanning activity targeting this vulnerability has already begun": https://twitter.com/bad_packets/status/1233900872159002624 The attack perimeter is huge: according… read more »
-
Mar 2, 2020
Luckily, there's more to life than coronavirus! Cybersecurity New Wi-Fi Encryption Vulnerability Affects Over A Billion Devices Cybersecurity researchers today uncovered a new high-severity hardware vulnerability residing in the widely-used Wi-Fi chips manufactured by Broadcom and Cypress—apparently powering over a… read more »
-
Feb 28, 2020
It is well known that voice assistants aren’t perfect and will start recording event when you don't say their trigger word, but a team of researchers wanted to quantify how often these activations happen and what the devices hear when… read more »
-
Feb 26, 2020
The researchers who disclosed the aLTEr attack last year (David Rupprecht, Thorsten Holz, and Christina Pöpper), have found new ways to exploit the lack of integrity protection on the 4G/5G user plane in a new attack called Imp4Gt. Whereas the… read more »
-
Feb 25, 2020
Recently, a new vulnerability on Apache Tomcat AJP connector was disclosed. The flaw was discovered by a security researcher of Chaitin Tech [1] and allows a remote attacker to read any webapps files or include a file. The AJP Connector… read more »
-
Feb 24, 2020
Big news, even this week! Cybersecurity Hackers Were Inside Citrix for Five Months Networking software giant Citrix Systems says malicious hackers were inside its networks for five months between 2018 and 2019, making off with personal and financial data on… read more »
-
Feb 21, 2020
In order to avoid sourveillance, privacy invasion or information theft you must be sure that the data on your devices are secure, and the only way to do that in this day and age is to make sure they are… read more »
-
Feb 20, 2020
Social engineering techniques are frequently part of an overall security penetration test because also the "human network" need to be tested. But, when security tests are made on human beings, is really important pay attention to etics.Indeed, there are some… read more »
-
Feb 19, 2020
Most Docker images build on full Linux distributions often containing a lot of unnecessary complexity, adversely affecting also the application security. However, by using Google’s “distroless” approach we can build small and secured runtime images. Containerizing Apps, not VMs The… read more »
-
Feb 18, 2020
There's no rest for the (bluetooth) wearables A team of security researchers have discovered numerous vulnerabilities in the Bluetooth Low Energy (BLE) implementations of major vendors. Bluetooth Low Energy is a wireless communication technology (consisting of a set of standardized… read more »
-
Feb 17, 2020
Some reading to start the week! Cybersecurity Abused Cloudflare Workers Service Used to Inject Korean SEO Spam ... After further investigation, it was found that the website was actually loading SEO spam content through Cloudflare’s Workers service. This service allows… read more »
-
Feb 14, 2020
Cross-Site Request Forgery (CSRF) is a type of attack that allows a malicious web site, email, blog, instant message, or program to causes a user’s web browser to perform an unwanted action on a trusted site, when the user is… read more »
-
Feb 13, 2020
Security researchers at ERNW disclosed a vulnerability in Android bluetooth stack that lets attackers silently deliver malware to and steal data from nearby phones simply knowing the Bluetooth MAC address of the target (easy to guess just by looking at… read more »
-
Feb 12, 2020
A vulnerability (CVE-2020-2100), discovered by Adam Thorn from the University of Cambridge, may allows attacker to abuse internet-facing Jenkins servers to mount and amplify reflective DDoS attacks. Using a single, spoofed UDP packet can force vulnerable Jenkins servers [1] into… read more »
-
Feb 11, 2020
The OWASP Amass Project is tool developed to help information security professionals during the mapping process of attack perimeter. It allows DNS enumeration, attack surface mapping & external assets discovery, using open source information gathering and active reconnaissance techniques. OWASP… read more »
-
Feb 10, 2020
This week: new layout and a lots of interesting links! Privacy WhatsApp contains ‘dangerous’ and deliberate backdoors, claims Telegram founder in a scathing blog post, Telegram Messenger’s founder, Pavel Durov, has added insult to the Facebook-owned instant messaging app’s injury by… read more »