-
Jan 16, 2020
Recently, Microsoft released a patch that fixes a critical vulnerability in the Windows' crypto library. According to the advisory [1]: A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates. An attacker could exploit… read more »
-
Jan 15, 2020
A popular term in DevOps context is “shift left”: it refers to the effort by a DevOps team to implement measures to guarantee application quality at the most early point in the software development life cycle. In a application security context,… read more »
-
Jan 14, 2020
Many Proof-of-concept exploits has been released for the unpatched remote-code-execution vulnerability in the Citrix Application Delivery Controller and Citrix Gateway products. Below a list of useful links/quotes/posts on this topic. The vulnerability The vulnerability (CVE-2019-19781), already packs a double-punch in… read more »
-
Jan 13, 2020
I know, last week I slacked off, so few interesting links.Don't worry, few but good! Cybersecurity PoC exploits for Citrix ADC and Gateway CVE-2019-19781 flaw released online Experts announced the availability online of proof-of-concept exploit code for CVE-2019-19781 flaw in Citrix NetScaler… read more »
-
Jan 10, 2020
iOS forensic is quite complex: in many cases, jailbreaking is the only way to gather all most information available in iOS devices. Ok, logical acquisition is easy, safe and it always works: however, this kind of acquisition mostly gives you… read more »
-
Jan 9, 2020
Security experts from CheckPoint discovered multiple vulnerabilities in the popular TikTok app that could be chained by remote attackers to hijack any user accounts, execute malicious code on the target system and perform unwanted actions. Those vulnerabilities (that includes SMS… read more »
-
Jan 8, 2020
In an interesting article, editors by Privacy International examines some aspects of digital forensics on mobile phones, from the acquisition process to the data analysis phase. All the topics in the article [1] has been discussed in detail in the… read more »
-
Jan 6, 2020
After a brief pause, my WeeklyRoundup begin again! So, below, something I saw on the internet last week: Cybersecurity Exploiting Wi-Fi Stack on Tesla Model S In the past two years, Keen Security Lab did in-depth research on the security… read more »
-
Jan 3, 2020
Recently, digital intruders entered the Ring surveillance camera in the bedroom of an 8-year-old girl in Mississippi and started talking to her [1], then various other intrusions took place and it emerged that 3600 e-mail addresses, passwords, localizations and other… read more »
-
Jan 2, 2020
100 years ago, Isaac Asimov was born: was one of the writers who brought science fiction out of its niche market and a great scientific popularizer with many articles and essays. His legacy is estimated in about 500 books of… read more »
-
Jan 1, 2020
20 years ago the entire world was afraid to descend into chaos as a result of computers not being able to cope with displaying a date containing year 2000: both computer experts and general public alike were convinced that computers… read more »
-
Dec 24, 2019
"The Hitchhiker's Guide to the Galaxy" is a cultural icon in science-fiction that spawned five books, stage shows, a 1981 TV series, a computer game, comic books and a major motion picture. But originally it was just a radio comedy… read more »
-
Dec 23, 2019
By default, containers run in unprivileged mode, that is, we cannot run Docker daemon inside a Docker container. However, a privileged Docker container is allowed to access to all the devices on the host woth the same privileges of the… read more »
-
Dec 20, 2019
POCKINT stands for "Pocket Intelligence".It is an OSINT multi purposes GUI program designed to be a lightweight and portable. POCKINT provides users with essential OSINT capabilities: input box accepts typical indicators (URL, IP, MD5) and gives users the ability to… read more »
-
Dec 19, 2019
According to a TrendMicro's report, 'The New Norm', the major cybersecurity risks for organizations in 2020 comes from DevOps, third-party libraries, container components and even remote workers. A pleasant reading for the Christmas holidays! The report [1] warns of a… read more »
-
Dec 18, 2019
Security research group Check Point Research recently uncovered a flaw in WhatsApp through which a single malicious user could crash the apps of all members of a group chat. After joining a group chat, a malicious user could edit specific… read more »
-
Dec 17, 2019
Some days ago, I've been looking at a website named "IBM 360 Model 20 Rescue and Restoration": a group of brave engineer started the project of restoration of an IBM System 360 Model 20, documenting all steps of the process.… read more »
-
Dec 16, 2019
Few news this week: a couple of link about ransomware (Ryuk and Snatch), an interesting attack on Intel CPUs, a Windows 0day and a phishing attack on Office365.Then, a security incident on S3 buckets and an interesting article about DNS… read more »
-
Dec 13, 2019
Google and Facebook help connect the world and provide crucial services to billions users, but this services come at a systemic cost. In a new report (a 60 page free PDF [1]), Amnesty International warned about Facebook and Google’s surveillance… read more »
-
Dec 12, 2019
British security firm Pen Test Partners tells us a creepy cybersecurity story set in a place difficult to associate with computers: the engine room of a ship. During a penetration test, the company discovered an unknown device connected to the… read more »