-
May 9, 2017
Infects servers and earning around a thousand dollars a day This new botnet coming out of China and was discovered by researchers at GuardiCore Labs. The infected systems (up to 15,000 Windows servers) make up a wide variety of government, corporate,… read more »
-
May 8, 2017
Google Project Zero’s researchers have discovered another critical remote code execution vulnerability in Microsoft’s Windows, and it seems something truly bad! UPDATE Microsoft immediately releases a fix, and ProjectZero releases vulnerability details: [embed]https://www.andreafortuna.org/the-crazy-bad-vulnerability-has-been-fixed-by-microsoft-in-a-very-short-time-9dd54c0d0ece[/embed] During the weekend, the Project Zero’s researchers Tavis… read more »
-
May 8, 2017
I discover it out late enough, but the project is fantastic! On Wednesday 4th July 2012, scientists at CERN announced that they had found a Higgs-like particle after analysing results from the Large Hadron Collider. After the announce, Domenico Vicinanza… read more »
-
May 5, 2017
It contains tons of historical data that can be useful in a after-crash analysis The current generation of automotive infotainment and telematics systems is very powerful, and offers a large set of features, like: Digital radio Satellite (GPS) navigation Bluetooth… read more »
-
May 4, 2017
For the past seven years, millions of Intel PCs have been potentially vulnerable Intel have announced that there is a privilege escalation vulnerability in their Active Management Technology (AMT), Standard Manageability (ISM) and Small Business Technology (SBT) products. These products provide… read more »
-
May 3, 2017
Really simple-to-use tools, available to everyone! In this brief video (3' 14'’), from O’Reilly website, Chad Russell constructs a simple computer worm using one of the well known tools for malware building, “Internet Worm Maker Thing”. [embed]https://vimeo.com/215655847[/embed] Internet Worm Maker… read more »
-
May 2, 2017
How secure are your passwords? On WhoIsHostingThis? i found a useful infographic that explains how to create a strong password: So what constitutes the “perfect” password? If you’re serious about security, a strong password will include a mix of upper… read more »
-
May 1, 2017
“What is it, and how does it work?” A funny explanation of linux kernel, made with a comic by Consolia. https://consolia-comic.com/comics/kernel I think more developers should know how the linux kernel works. Regarding it as a black box only gets you… read more »
-
Apr 28, 2017
BGP Hijacking is an actual problem that we need to solve Yesterday i have read a brief but interesting article about BGP Hijacking written by Johannes B. Ullrich, published on SANS ISC InfoSec Forum. About BGP Hijacking i have already written… read more »
-
Apr 27, 2017
If you need to generate your own rules starting from recovered evidences YARA is a tool aimed at helping malware researchers to identify and classify malware samples. Basically, write some antivirus signatures (or essentially regular expressions) and it can search… read more »
-
Apr 26, 2017
Keep your eyes (and ears) open! Is it really possible to buy a non-original guitar? Yes! Furthermore it can happens in unexpected places like a used instruments store, as shown by these two videos made by Kennis Russell: [embed]https://www.youtube.com/watch?v=q-W3b3d4sz0[/embed] [embed]https://www.youtube.com/watch?v=t4QdOJ1B_kI[/embed] In… read more »
-
Apr 24, 2017
A script for dumping Linux memory and creating Volatility profiles I have already written something about dump of volatile memory on Linux systems.Recently i have discovered this useful script developed by Hal Pomeranz, that automate all steps required to perform… read more »
-
Apr 21, 2017
A really useful free training course ENISA (European Union Agency for Network and Information Security) is a centre of expertise for cyber security in Europe, with main mission of contribute to securing Europe’s information society by raising “awareness of network and… read more »
-
Apr 20, 2017
Useful to extract files from inside disk and memory images File carving is the process of reassembling computer files from fragments in the absence of filesystem metadata. This is done by analyzing the raw data and identifying what it is… read more »
-
Apr 19, 2017
In the last months, Apache Struts was afflicted by some serious 0-Day vulnerabilities, that allows remote code execution on unpatched hosts Every security expert trembles with fear when he reads “RCE” (Remote Code Execution) on a disclosure document, and read… read more »
-
Apr 18, 2017
The vulnerability affects Chrome, Firefox and Opera The security researcher Xudong Zheng has discovered a new technique for phishing attacks: using an homograph attack, Zheng discovers that is possible to display a fake domain names as the websites of legitimate services,… read more »
-
Apr 17, 2017
Just for fun!
Do you need a simple portscanner? Make it with a single line of Perl!
[embed]https://gist.github.com/andreafortuna/ab386f11d12d5305c069193f6680b25a[/embed]
Thats it! :-)
… read more »
-
Apr 14, 2017
…turn off your Windows computers for the weekend and go enjoy the nice weather! UPDATE: Microsoft response that exploits were patched in the last month update: Most of the exploits that were disclosed fall into vulnerabilities that are already patched in… read more »
-
Apr 14, 2017
Using the “Nmap Scripting Engine” I don’t think I need to explain what is Nmap: probably the most famous and used portscanner in the known universe. Nmap has a lot of feature, and one of them is a built-in… read more »
-
Apr 12, 2017
However, Microsoft has pached the vulnerability, so…update! On unpatched systems, the vulnerability is triggered by opening a document that opens a download warning, followed by a download from a malicious server that sends a dangerous document: The document is a… read more »