-
Feb 11, 2020
The OWASP Amass Project is tool developed to help information security professionals during the mapping process of attack perimeter. It allows DNS enumeration, attack surface mapping & external assets discovery, using open source information gathering and active reconnaissance techniques. OWASP… read more »
-
Feb 10, 2020
This week: new layout and a lots of interesting links! Privacy WhatsApp contains ‘dangerous’ and deliberate backdoors, claims Telegram founder in a scathing blog post, Telegram Messenger’s founder, Pavel Durov, has added insult to the Facebook-owned instant messaging app’s injury by… read more »
-
Feb 7, 2020
SpiderFoot is an OSINT automation tool for reconnaissance process, written in Python 3 and GPL-licensed. Recently, Steve Micallef released on GitHub [1] a new version (3) of SpiderFoot, with a lot of interesting enhancements. Web based UI or CLI Over 170 modules (see… read more »
-
Feb 6, 2020
Recently, developers of famous messaging app acknowledged and patched a major vulnerability that gave malicious users the ability to access files on a victim's computer. A target user may fall prey to this attack simply clicking a disguised link preview… read more »
-
Feb 5, 2020
Is it really possible to create a fake traffic jam on Google Maps? According to ArsTechnica [1] and TheRegister [2], the german artist Simon Wecker realized a performance art piece, named "Google Maps Hacks", walking around the roads of Berlin… read more »
-
Feb 3, 2020
Some server issues, this week! So few links, sorry! Cybersecurity IMP4GT: IMPersonation Attacks in 4G NeTworks Long Term Evolution (LTE/4G) establishes mutual authentication with a provably secure Authentication and Key Agreement (AKA) protocol on layer three of the network stack.… read more »
-
Jan 31, 2020
Some funny thoughts about information technology on a post-apocalyptic environment, and some info about a more serious project! When most people think about what to do after an apocalyptic event, the first time that comes to mind is food and… read more »
-
Jan 30, 2020
Last December, in a talk at 36th Chaos Communication Congress, Samuel Groß presented a technical report about the infamous iOS vulnerability that allowed remote code execution on all iDevices up to iOS 12.4, within a couple of minutes and without… read more »
-
Jan 29, 2020
A team of researchers from University of Michigan (Stephan van Schaik, Marina Minkin, Andrew Kwong and Daniel Genkin) and University of Adelaide (Yuval Yarom) recently presented a new attack technique that targets Intel CPUs. The attack, dubbed CacheOut (CVE-2020-0549), is… read more »
-
Jan 28, 2020
Just few words (and links) about this hot topic. The Amazon billionaire Jeff Bezos had his mobile phone “hacked” in 2018 after receiving a WhatsApp message that had apparently been sent from the personal account of the crown prince of… read more »
-
Jan 27, 2020
Starting from this week, I'm going to start a recostructing of WeeklyRoundup (and also the whole blog): less images, more content! (...and, yes! Star Trek: Picard is awesome!) Cybersecurity Jeff Bezos hack: Amazon boss's phone 'hacked by Saudi crown prince'… read more »
-
Jan 24, 2020
The SIM hijacking, also know as SIM swapping, is an attack where a criminal contacts the cell phone provider of a target user, and convinces it (sometimes involving employees of the phone company) to switch target's account to a SIM… read more »
-
Jan 23, 2020
In a previous article [1], I've started to talk about DevSecOps and the concept of "shifting left" security.In order to move security checks to the early steps of development, a great help may be the presence of a security-aware person… read more »
-
Jan 22, 2020
The recent deadly shooting last month at a naval air station in Pensacola, Fla., brought in the spotlight the issue of iOS security: attorney General William P. Barr requested Apple to provide access to two phones used by the killer.… read more »
-
Jan 21, 2020
Security researcher Andrew Klaus, from Cybera, discovered a hardcoded SSH public key in Fortinet’s Security Information and Event Management FortiSIEM that can be used in order to generate a denial of service against the FortiSIEM Supervisor. Fortinet devices share the… read more »
-
Jan 20, 2020
Just some stuff i read in the last seven days... Cybersecurity Cable Haunt: Unknown millions of Broadcom-based cable modems open to hijacking A vulnerability (CVE-2019-19494) in Broadcom‘s cable modem firmware can open unknown millions of broadband modems by various manufacturers… read more »
-
Jan 16, 2020
Recently, Microsoft released a patch that fixes a critical vulnerability in the Windows' crypto library. According to the advisory [1]: A spoofing vulnerability exists in the way Windows CryptoAPI (Crypt32.dll) validates Elliptic Curve Cryptography (ECC) certificates. An attacker could exploit… read more »
-
Jan 15, 2020
A popular term in DevOps context is “shift left”: it refers to the effort by a DevOps team to implement measures to guarantee application quality at the most early point in the software development life cycle. In a application security context,… read more »
-
Jan 14, 2020
Many Proof-of-concept exploits has been released for the unpatched remote-code-execution vulnerability in the Citrix Application Delivery Controller and Citrix Gateway products. Below a list of useful links/quotes/posts on this topic. The vulnerability The vulnerability (CVE-2019-19781), already packs a double-punch in… read more »
-
Jan 13, 2020
I know, last week I slacked off, so few interesting links.Don't worry, few but good! Cybersecurity PoC exploits for Citrix ADC and Gateway CVE-2019-19781 flaw released online Experts announced the availability online of proof-of-concept exploit code for CVE-2019-19781 flaw in Citrix NetScaler… read more »