Andrea Fortuna
AboutRss
  • Mar 11, 2020

    SMBGhost (CVE-2020-0796): a new wormable Windows SMBv3 vulnerability

    Security firms inadvertently leaked info about a 0-Day 'wormable' vulnerability found in the SMBv3 protocol. UPDATE - 2020/03/13 Microsoft released the KB4551762 security update to patch the vulnerability: update ASAP! After the release of Patch Tuesday fixes, Fortinet [2] and Cisco Talos [3] published… read more »
  • Mar 11, 2020

    Load Value Injection (CVE-2020-0551): a new Side-Channel attack affects Intel's CPUs

    Many processors made by Intel are vulnerable to a new type of attack named Load Value Injection. The vulnerability, tracked as CVE-2020-0551, was first reported to Intel in April 2019 by Jo Van Bulck from the KU Leuven research university… read more »
  • Mar 10, 2020

    Security analysis of Telegram Messenger

    Do you need a secure and private messenger? You shouldn't be use Telegram! In the past, I've already written about security laks of major messenger systems [1]. So, today I'd like to share some interesting highlight from a post by… read more »
  • Mar 9, 2020

    My Weekly RoundUp #130

    A lot has happened on last week, folks! But, first, don't panic! Don’t Panic: The comprehensive Ars Technica guide to the coronavirus More than 100,000 people have been infected with a new coronavirus that has spread widely from its origin… read more »
  • Mar 6, 2020

    Cold Boot attack in Digital Forensics

    In 2008, a team of students and researchers from Princeton University, Wind River Systems and the Electronic Frontier Foundation published a research paper [3] examining the phenomena of computer memory remanence.That paper has confirmed what had long been theorized by… read more »
  • Mar 5, 2020

    SurfingAttack: manipulating voice assistant devices with ultrasonic waves

    A research team has recently discovered a new attack method that enables remote users to interact with voice-controlled device using ultrasonic waves transmitted through (for example) the surface on which is placed the target device. The attack, dubbed "SurfingAttack" [1]… read more »
  • Mar 4, 2020

    RECmd: command line tool for Windows Registry analysis

    During an incident response, a fast analysis could be required, often on systems that aren't the workstation usually used by the analyst.So, I always suggest to create a small and simple toolkit that can be copied on a USB stick.… read more »
  • Mar 3, 2020

    Ghostcat (CVE-2020-1938): ongoing scans for unpatched Apache Tomcat servers. Patch now!

    A brief update regarding the Ghostcat vulnerability (CVE-2020-1938) that affects Apache Tomcat servers. According to a tweet by cyber threat intelligence firm Bad Packets, "mass scanning activity targeting this vulnerability has already begun": https://twitter.com/bad_packets/status/1233900872159002624 The attack perimeter is huge: according… read more »
« Previous page Next page »

Andrea Fortuna

  • Andrea Fortuna
  • andrea@andreafortuna.org
  • andreafortuna
  • andrea-fortuna
  • andrea

Cybersecurity expert, software developer, experienced digital forensic analyst, musician