Andrea Fortuna
AboutSearch
Tools
DFIR Toolkit OSINT Toolkit
  • Jan 2, 2020

    Happy Birthday, Isaac Asimov!

    100 years ago, Isaac Asimov was born: was one of the writers who brought science fiction out of its niche market and a great scientific popularizer with many articles and essays. His legacy is estimated in about 500 books of… read more »
  • Jan 1, 2020

    Millennium Bug, 20 years on: a disaster that never happened... or not?

    20 years ago the entire world was afraid to descend into chaos as a result of computers not being able to cope with displaying a date containing year 2000: both computer experts and general public alike were convinced that computers… read more »
  • Dec 24, 2019

    The Hitchhiker's Guide To The Galaxy: the Christmas Special

    “The Hitchhiker’s Guide to the Galaxy” is a cultural icon in science-fiction that spawned  five books, stage shows, a 1981 TV series, a computer game, comic books and a major motion picture. But originally it was just a radio comedy… read more »
  • Dec 23, 2019

    Privileged containers in Docker? A bad idea!

    By default, containers run in unprivileged mode, that is, we cannot run Docker daemon inside a Docker container. However, a privileged Docker container is allowed to access to all the devices on the host woth the same privileges of the… read more »
  • Dec 20, 2019

    Pockint: a portable OSINT Swiss Army Knife

    POCKINT stands for “Pocket Intelligence”. It is an OSINT multi purposes GUI program designed to be a lightweight and portable. … read more »
  • Dec 19, 2019

    Cybersecurity Trends for 2020

    According to a TrendMicro’s report, ‘The New Norm’, the major cybersecurity risks for organizations in 2020 comes from DevOps, third-party libraries, container components and even remote workers. … read more »
  • Dec 18, 2019

    BreakingApp: a vulnerability in WhatsApp let one message render the app unusable for entire groups

    Security research group Check Point Research recently uncovered a flaw in WhatsApp through which a single malicious user could crash the apps of all members of a group chat. … read more »
  • Dec 17, 2019

    IBM System/360: the turning point

    Some days ago, I’ve been looking at a website named “IBM 360 Model 20 Rescue and Restoration”: a group of brave engineer started the project of restoration of an IBM System 360 Model 20, documenting all steps of the process.… read more »
  • Dec 13, 2019

    Google and Facebook surveillance threatens human rights, Amnesty International says

    Google and Facebook help connect the world and provide crucial services to billions users, but this services come at a systemic cost. … read more »
  • Dec 12, 2019

    PenTest Chronicles: a mistery box on a ship

    British security firm Pen Test Partners tells us a creepy cybersecurity story set in a place difficult to associate with computers: the engine room of a ship. … read more »
  • Dec 11, 2019

    AirDoS: a bug allows remote lock-up of nearby iPhones using AirDrop

    Security researcher Kishan Bagaria found a “bug” in AirDrop that let him repeatedly sent files to all devices able to accept files within wireless range of an attacker. … read more »
  • Dec 10, 2019

    Integrating Security into DevOps

    Security should be built into every part of the DevOps lifecycle, including inception, design, build, test, release, support, maintenance, and beyond. … read more »
  • Dec 7, 2019

    Android flaw allows attackers to permanently freeze your device

    Android’s December 2019 updates patches a small list of system and Qualcomm flaws across the operating system’s two patch levels [1]. According with Google, a specific flaws (CVE-2019-2232) may allows an attacker to cause a permanent denial of service by… read more »
  • Dec 6, 2019

    Access Analyzer for S3: a new tool from Amazon for monitor, review, and protect S3 buckets

    At the re:Invent event, Amazon Web Services reveiled a new tool that can help customers to avoid publishing of unsecured S3 buckets. … read more »
  • Dec 5, 2019

    BlackDirect: a vulnerability in Microsoft OAuth 2.0 may allows attackers to takeover Microsoft and Azure Accounts

    Security researcher Omer Tsarfati from CyberArk has discovered [1] a vulnerability in Microsoft’s OAuth implementation that may allows attacker to create authentication tokens with the victim’s permissions. This could let a malicious attacker access and control a victim’s account and… read more »
  • Dec 4, 2019

    Netsons.com security breach: some customers' data may have been leaked

    Recently, the italian hosting provider Netsons[1] discovered some unauthorized access on its Management System, occurred on March 2019. … read more »
  • Dec 4, 2019

    RIPlace: a new evasion technique that allows ransomware to bypass most antivirus

    Researchers by cybersecurity firm Nyotron has discovered a new way that lets windows malware to modify files in a unique style that current anti-ransomware solutions are unable to identify. … read more »
  • Dec 3, 2019

    New frontiers of planned obsolescence: your SSD may dies after 32.768 hours of use

    Hewlett Packard Enterprise has issued a notice about some of its solid-state hard drives: they have a defect that causes the crash of the drive after exactly 32.768 hours of operation (3 years, 270 days and 8 hours). … read more »
  • Nov 29, 2019

    Michael Gillespie, the Ransomware Superhero

    Despite in the last months the infection number is decreasing (source), finding yourself with personal or corporate files blocked by a ransomware attack is a widespread drama. … read more »
  • Nov 28, 2019

    What's new in Volatility 3?

    In last years, the way that operating systems are developed, deployed, and maintained evolved quickly. Similarly, the skillsets of memory analysts and their preferred work flows have changed to meet a world with increasingly large volumes of complex data. In… read more »
« Previous page Next page »

Andrea Fortuna

  • Andrea Fortuna
  • andrea@andreafortuna.org
  • andreafortuna
  • andreafortunaig
  • andrea-fortuna

Cybersecurity expert, software developer, experienced digital forensic analyst, musician