-
Feb 17, 2020
Some reading to start the week! Cybersecurity Abused Cloudflare Workers Service Used to Inject Korean SEO Spam ... After further investigation, it was found that the website was actually loading SEO spam content through Cloudflare’s Workers service. This service allows… read more »
-
Feb 14, 2020
Cross-Site Request Forgery (CSRF) is a type of attack that allows a malicious web site, email, blog, instant message, or program to causes a user’s web browser to perform an unwanted action on a trusted site, when the user is… read more »
-
Feb 13, 2020
Security researchers at ERNW disclosed a vulnerability in Android bluetooth stack that lets attackers silently deliver malware to and steal data from nearby phones simply knowing the Bluetooth MAC address of the target (easy to guess just by looking at… read more »
-
Feb 12, 2020
A vulnerability (CVE-2020-2100), discovered by Adam Thorn from the University of Cambridge, may allows attacker to abuse internet-facing Jenkins servers to mount and amplify reflective DDoS attacks. Using a single, spoofed UDP packet can force vulnerable Jenkins servers [1] into… read more »
-
Feb 11, 2020
The OWASP Amass Project is tool developed to help information security professionals during the mapping process of attack perimeter. It allows DNS enumeration, attack surface mapping & external assets discovery, using open source information gathering and active reconnaissance techniques. OWASP… read more »
-
Feb 10, 2020
This week: new layout and a lots of interesting links! Privacy WhatsApp contains ‘dangerous’ and deliberate backdoors, claims Telegram founder in a scathing blog post, Telegram Messenger’s founder, Pavel Durov, has added insult to the Facebook-owned instant messaging app’s injury by… read more »
-
Feb 7, 2020
SpiderFoot is an OSINT automation tool for reconnaissance process, written in Python 3 and GPL-licensed. Recently, Steve Micallef released on GitHub [1] a new version (3) of SpiderFoot, with a lot of interesting enhancements. Web based UI or CLI Over 170 modules (see… read more »
-
Feb 6, 2020
Recently, developers of famous messaging app acknowledged and patched a major vulnerability that gave malicious users the ability to access files on a victim's computer. A target user may fall prey to this attack simply clicking a disguised link preview… read more »
-
Feb 5, 2020
Is it really possible to create a fake traffic jam on Google Maps? According to ArsTechnica [1] and TheRegister [2], the german artist Simon Wecker realized a performance art piece, named "Google Maps Hacks", walking around the roads of Berlin… read more »
-
Feb 3, 2020
Some server issues, this week! So few links, sorry! Cybersecurity IMP4GT: IMPersonation Attacks in 4G NeTworks Long Term Evolution (LTE/4G) establishes mutual authentication with a provably secure Authentication and Key Agreement (AKA) protocol on layer three of the network stack.… read more »
-
Jan 31, 2020
Some funny thoughts about information technology on a post-apocalyptic environment, and some info about a more serious project! When most people think about what to do after an apocalyptic event, the first time that comes to mind is food and… read more »
-
Jan 30, 2020
Last December, in a talk at 36th Chaos Communication Congress, Samuel Groß presented a technical report about the infamous iOS vulnerability that allowed remote code execution on all iDevices up to iOS 12.4, within a couple of minutes and without… read more »
-
Jan 29, 2020
A team of researchers from University of Michigan (Stephan van Schaik, Marina Minkin, Andrew Kwong and Daniel Genkin) and University of Adelaide (Yuval Yarom) recently presented a new attack technique that targets Intel CPUs. The attack, dubbed CacheOut (CVE-2020-0549), is… read more »
-
Jan 28, 2020
Just few words (and links) about this hot topic. The Amazon billionaire Jeff Bezos had his mobile phone “hacked” in 2018 after receiving a WhatsApp message that had apparently been sent from the personal account of the crown prince of… read more »
-
Jan 27, 2020
Starting from this week, I'm going to start a recostructing of WeeklyRoundup (and also the whole blog): less images, more content! (...and, yes! Star Trek: Picard is awesome!) Cybersecurity Jeff Bezos hack: Amazon boss's phone 'hacked by Saudi crown prince'… read more »
-
Jan 24, 2020
The SIM hijacking, also know as SIM swapping, is an attack where a criminal contacts the cell phone provider of a target user, and convinces it (sometimes involving employees of the phone company) to switch target's account to a SIM… read more »
-
Jan 23, 2020
In a previous article [1], I've started to talk about DevSecOps and the concept of "shifting left" security.In order to move security checks to the early steps of development, a great help may be the presence of a security-aware person… read more »
-
Jan 22, 2020
The recent deadly shooting last month at a naval air station in Pensacola, Fla., brought in the spotlight the issue of iOS security: attorney General William P. Barr requested Apple to provide access to two phones used by the killer.… read more »
-
Jan 21, 2020
Security researcher Andrew Klaus, from Cybera, discovered a hardcoded SSH public key in Fortinet’s Security Information and Event Management FortiSIEM that can be used in order to generate a denial of service against the FortiSIEM Supervisor. Fortinet devices share the… read more »
-
Jan 20, 2020
Just some stuff i read in the last seven days... Cybersecurity Cable Haunt: Unknown millions of Broadcom-based cable modems open to hijacking A vulnerability (CVE-2019-19494) in Broadcom‘s cable modem firmware can open unknown millions of broadband modems by various manufacturers… read more »