Andrea Fortuna
AboutRss
  • Dec 11, 2019

    AirDoS: a bug allows remote lock-up of nearby iPhones using AirDrop

    Security researcher Kishan Bagaria found a "bug" in AirDrop that let him repeatedly sent files to all devices able to accept files within wireless range of an attacker. How it works? The flaw, dubbed AirDoS, exploits the absence of receive… read more »
  • Dec 10, 2019

    Integrating Security into DevOps

    Security should be built into every part of the DevOps lifecycle, including inception, design, build, test, release, support, maintenance, and beyond. This model of security in DevOps is often called DevSecOps. DevSecOps aims to improve security through shared responsibility with… read more »
  • Dec 9, 2019

    My Weekly RoundUp #119

    Last week was challenging: i left my old job and started in the same role in a new company.But, despite I haven’t had much spare time for reading my RSS feeds, I was able to collect some interesting news, especially… read more »
  • Dec 7, 2019

    Android flaw allows attackers to permanently freeze your device

    Android's December 2019 updates patches a small list of system and Qualcomm flaws across the operating system’s two patch levels [1].According with Google, a specific flaws (CVE-2019-2232) may allows an attacker to cause a permanent denial of service by simply… read more »
  • Dec 6, 2019

    Access Analyzer for S3: a new tool from Amazon for monitor, review, and protect S3 buckets

    At the re:Invent event, Amazon Web Services reveiled a new tool that can help customers to avoid publishing of unsecured S3 buckets. Access Analyzer for S3 is a new feature that monitors your access policies, ensuring that the policies provide… read more »
  • Dec 5, 2019

    BlackDirect: a vulnerability in Microsoft OAuth 2.0 may allows attackers to takeover Microsoft and Azure Accounts

    Security researcher Omer Tsarfati from CyberArk has discovered [1] a vulnerability in Microsoft's OAuth implementation that may allows attacker to create authentication tokens with the victim’s permissions. This could let a malicious attacker access and control a victim’s account and… read more »
  • Dec 4, 2019

    Netsons.com security breach: some customers' data may have been leaked

    Recently, the italian hosting provider Netsons [1] discovered some unauthorized access on its Management System, occurred on March 2019. According with GDPR article 34 [2], Netsons had to inform its custover about the databreach. Here the statement: we would like… read more »
  • Dec 4, 2019

    RIPlace: a new evasion technique that allows ransomware to bypass most antivirus

    Researchers by cybersecurity firm Nyotron has discovered a new way that lets windows malware to modify files in a unique style that current anti-ransomware solutions are unable to identify. The technique [1] exploits documented Windows file system rename operations, altering… read more »
  • Dec 3, 2019

    New frontiers of planned obsolescence: your SSD may dies after 32.768 hours of use

    Hewlett Packard Enterprise has issued a notice about some of its solid-state hard drives: they have a defect that causes the crash of the drive after exactly 32.768 hours of operation (3 years, 270 days and 8 hours). A firmware's… read more »
  • Dec 2, 2019

    My Weekly RoundUp #118

    This week i was very busy at work, so i wasn't able to collect a lot of news. However, the few news i've read are really juicy stuff: for example, E.T. is back! So, let's talk about Mixcloud, Signal, unsecure… read more »
  • Nov 29, 2019

    Michael Gillespie, the Ransomware Superhero

    Despite in the last months the infection number is decreasing (source), finding yourself with personal or corporate files blocked by a ransomware attack is a widespread drama. But luckily there are little-known people who work to get out of trouble… read more »
  • Nov 28, 2019

    What's new in Volatility 3?

    In last years, the way that operating systems are developed, deployed, and maintained evolved quickly.Similarly, the skillsets of memory analysts and their preferred work flows have changed to meet a world with increasingly large volumes of complex data. In order… read more »
  • Nov 27, 2019

    Flan Scan: a lightweight network vulnerability scanner by Cloudflare

    Cloudflare released a new open source vulnerability scanner that uses Nmap results to generate more complex vulnerability reports. The tool, called Flan Scan, is a Python script developed in order to fill-the-gap between “industry standard” scanners and Cloudflare's compliance scans… read more »
  • Nov 26, 2019

    CVE-2019-14271: a Docker 'cp' container escape vulnerability

    Researchers from Paloalto Networks' Unit42 discovered an issue in the implementation of the Docker cp command that can lead to full container escape if exploited by an attacker. This would allow an attacker full root control of the host and… read more »
  • Nov 25, 2019

    My Weekly RoundUp #117

    Sure, the main event of this week was the launch of Tesla Cybertruck, but I've also other interesting topics, for example Wordpress sites under attack, Roboto Linux botnets, Mac malware related to Lazarus and Nextcry, a ransonware that targets Nextcloud… read more »
  • Nov 22, 2019

    A new Android vulnerability (CVE-2019-2234) allows attackers to hijack Camera App

    Researchers from Checkmarx Security Research Team has discovered and disclosed a vulnerability [2] in Android camera app that may allows a malicious app to bypass camera access permissions. How it works? Android camera applications usually store their photos and videos… read more »
  • Nov 21, 2019

    New WhatsApp vulnerability allows remote command execution using a crafted MP4 file

    Update your client ASAP! In October, a double-free vulnerability was disclosed in WhatsApp messenger: this flaw could be triggered through the sending of a crafted .GIF file and, if exploited, could result in the remote execution of code. The vulnerability… read more »
  • Nov 20, 2019

    ATFuzzer: exploiting AT commands on Android basebands using malicious USB and Bluetooth accessories

    Researchers at Purdue College and University of Iowa have revealed a paper detailing how the baseband processors of a large number of common Android smartphones may be compromised using malicious USB and Bluetooth accessories. The research team is, for the… read more »
  • Nov 19, 2019

    146 new security vulnerabilities discovered in various Android versions

    Researchers by security firm Kryptowire have discovered and revealed 146 vulnerabilities in various version of Android. The vulnerabilities were found by scanning the phones of 29 different Android models using a set of custom automated tools [1]. https://www.youtube.com/watch?v=8GK9RiyKRXU The discovery… read more »
  • Nov 18, 2019

    My Weekly RoundUp #116

    The week kicked off with the launch of Disney+, but also other things happened! So let's not waste time, and let's start to talk about WhatsApp, ZoneAlarm, Telegram, Python, Java and JQuery, Further, some news about Elon Musk's Neuralink, a… read more »
« Previous page Next page »

Andrea Fortuna

  • Andrea Fortuna
  • andrea@andreafortuna.org
  • andreafortuna
  • andreafortunaig
  • andrea-fortuna
  • andrea
  • andreafortunatw

Cybersecurity expert, software developer, experienced digital forensic analyst, musician