IT Security Articles



Security

«Being able to break security doesn’t make you a hacker anymore than being able to hotwire cars makes you an automotive engineer.»

Eric Raymond


Latest posts

 

OpenSSL Security Advisory, 3rd May 2016: Patch, Patch ASAP!

May 03, 2016
Memory corruption in the ASN.1 encoder (CVE-2016-2108) and Padding oracle in AES-NI CBC MAC check (CVE-2016-2107)

Read more...

Tor in a company network: how to detect and block it?

April 27, 2016
TOR is an important tool. It has its benefits and it could be the perfect way for end users to cover their tracks, but the use of this tool in a corporate network can open up organizations to some risks.

Read more...

Mazar BOT campaign in Denmark and Italy

April 20, 2016
A new Mazar BOT campaign is currently targeting Android users in Denmark and Italy. Attackers are spoofing trustworthy organizations to infected Android smartphones.

Read more...

BadLock: let's take stock of situation!

April 18, 2016
BadLock was revealed a few days, we take a look at what is said on the internet about it

Read more...

The Panama Papers Leak – What You Need To Know

April 12, 2016
What You Need To Know About The Panama Papers Leak

Read more...

Frederike Kaltheuner @ #IJF16: understanding predictive privacy harms

April 11, 2016
Predictive analytics based on big data can turn into privacy harms? In this interesting talk at International Journalism Festival, Frederike Kaltheuner seeks to clarify.

Read more...

WhatsApp (finally!) enables End-To-End encryption by default

April 06, 2016
WhatsApp has enabled end-to-end encryption across all versions of its app, according to the announcement on the company's blog.

Read more...

SQL Injection in a Nutshell

April 04, 2016
Ay Caramba!

Read more...

FBI has successfully unlocked terrorist's iPhone without Apple's help? Let's assessing the situation.

March 31, 2016
A quick rundown of the main articles on the blogs about the unlocking of the iPhone by the FBI (constantly updated)

Read more...

Save the Date: on April 12, 2016 a critical security bug on Windows and Samba will be disclosed

March 24, 2016
The pre-patch hype is good for business?

Read more...

Governments don't understand cyber warfare. We need hackers

March 23, 2016
A TED's talk by Rodrigo Bijou about conflict that is being waged online between non-state groups, activists and private corporations, and the digital landscape that is proving to be fertile ground for the recruitment and radicalization of terrorists.

Read more...

Two new threats for mobile users

March 17, 2016
In the last two days, two new threats for mobile users are discovered by researchers.

Read more...

KeRanger, the first OSX ransomware comes bundled into Transmission installer

March 07, 2016
Security researchers from Palo Alto Networks claims to have discovered the first OSX Ransomware, called 'KeRanger'.

Read more...

Ransomware written in PHP attacks blogs and CMS?

March 03, 2016
Interesting article that i read on Naked Security Blog by Sophos, about a specific type of ransomware written in PHP attacking blogs and CMS

Read more...

Undetected Mac malware sighted online: HackingTeam has returned?

March 02, 2016
Researchers have uncovered a malicious tool that appears to be a newly developed Mac malware from HackingTeam, the first since the hack of last July that leaked gigabytes of the group's private e-mail and source code.

Read more...

DROWN attack breaking TLS using SSLv2: more than 13 million sites at risk

March 01, 2016
A new attack allows an attacker to decrypt an intercepted TLS-protected communications that rely on the RSA cryptosystem when the key is exposed even indirectly through SSLv2, a TLS precursor that was retired almost two decades ago for structural weaknesses.

Read more...

Project Shield: a Google free service to protect sites from DDoS attacks

February 25, 2016
Google has built a free tool for journalists, news sites and other organizations, called Project Shield that re-routes nasty traffic through its own infrastructure in order to stop websites being overwhelmed.

Read more...

Cisco ASA VPN Portal Cross Site Scripting, 0Day

February 18, 2016
After the vulnerability in the fragmentation of the IKE payload, a new zero-day afflicts the Cisco ASA VPN Portal.

Read more...

CVE-2015-7547: a new buffer overflow in glibc affect all Linux machines

February 17, 2016
The Google Security Team and Red Hat reported the security impact of a new buffer overflow discovered in glibc 2.9

Read more...

Mazar BOT: new Android malware that can root and erase your device

February 16, 2016
Researchers of Heimdal Security, analyzing an SMS message sent to random mobile numbers and locations, have discovered a new Android Malware, Mazar BOT.

Read more...

Vulnerability on Sparkle framework affects a lot of Mac apps

February 11, 2016
Sparkle is open source framework to include autoupdate feature in OSX apps, and a recently discovered vulnerability has made many applications using this framework susceptible to man-in-the-mirror attacks.

Read more...

New malware attacks Skype on Windows: the T9000

February 11, 2016
A new sophisticated malware which can take recordings and screenshots of Skype activity, avoiding detection by security software, has been discovered by Palo Alto Networks

Read more...

Christopher Soghoian: How to avoid surveillance with the phone in your pocket

January 20, 2016
Very interesting talk by Christopher Soghoian on a 2015 TED Conference, about phone wiretapping and privacy

Read more...

Fitbit hackable in 10 seconds?

October 24, 2015
A vulnerability in FitBit fitness trackers first reported to the vendor in March could still be exploited by an attacker that sits near you.

Read more...

eFast Browser, a smart adWare that replaces your Google Chrome: how to remove it?

October 15, 2015


Read more...

95% of Android smartphones can be hacked with a text message?

July 28, 2015
Your Android smartphone can be hacked by just a malformed text message?

Read more...

Milano: Detection Utility for Hacking Team Malware

July 22, 2015
RookSecurity has released a malware removal tool called 'Milano', that scans the filesystem to search 'Hacking Team malware' associated files.

Read more...

Weekly Roundup Special Edition: all about Hacking Team!

July 08, 2015
Some articles that i read in the last days about the 'Hacking Team breach' (in constant update)

Read more...

Shutting down computer on USB port activity? Yes, with USBKill

July 01, 2015
USBKill, a simple console tool to shutdown computer on USB port activity

Read more...

Skype: the eight-characters of death!

June 03, 2015
This eight-character message causes Skype to endlessly crash

Read more...

Crashing an iPhone with a simple message?

May 29, 2015
A iOS bug allows anyone to reboot an iPhone by simply sending it a certain string of characters in a message

Read more...

'No iOS': a 'terrifying iOS flaw'

April 23, 2015
'No iOS': a 'terrifying iOS flaw'

Read more...

'Redirect to SMB': an old Windows bug that back in the spotlight

April 15, 2015
A very old Windows bug back in the spotlight

Read more...

Reconnect, a Facebook hacking tool

March 11, 2015
Hacking Facebook Account with 'Reconnect' Tool

Read more...

A very simple bug can crash the stock Email App on Android

February 18, 2015
Hector Marco discover a very simple bug can crash the stock Email App on Android

Read more...

Discovered (and fixed) a vulnerability that permits attacker to delete any photo album on Facebook

February 12, 2015
Discovered (and fixed) a vulnerability that permits attacker to delete any photo album on Facebook

Read more...

Discovered a serious and unpatched Internet Explorer vulnerability

February 04, 2015
Discovered a serious and unpatched Internet Explorer vulnerability

Read more...

GHOST: a really serious glibc vulnerability

January 29, 2015
GHOST: a really serious glibc vulnerability

Read more...

Thunderstrike, the first OSX bootkit

January 09, 2015
Thunderstrike, infect OSX through thunderbolt

Read more...

Exploiting a computer through the USB port

December 21, 2014
USBdriveby is a device you stylishly wear around your neck which can quickly and covertly install a backdoor and override DNS settings on any unlocked machine via USB in a matter of seconds.

Read more...

OneClick PayPal Hacking?

December 03, 2014
Hacking PayPal Accounts with one click

Read more...

Three new Android vulnerabilities, one remote

November 27, 2014
Three new Android vulnerabilities, one remote

Read more...

Seriously? Another iOS vulnerability?

November 11, 2014
Masque Attack allow hackers to replace apps with malware

Read more...

WireLurker, a new malware generation?

November 06, 2014
WireLurker: A New Era in iOS and OS X Malware

Read more...

Rootpipe, a critical OS X Yosemite Vulnerability

November 04, 2014
Critical OSX vulnerability allow root access without password

Read more...

Another day, another ShellShock vector: today is the turn of the SMTP

October 29, 2014
Another ShellShock attack vector: SMTP!

Read more...

OSX vulnerable to Shellshock through DNS reverse lookup

October 15, 2014


Read more...

Change your Dropbox password, right now!

October 14, 2014


Read more...

OpenVPN Vulnerable to Shellshock

October 04, 2014


Read more...

Protesters in Hong Kong are spied through a trojan installed on their iPhone?

October 03, 2014


Read more...

Apple releases OSX bash update 1.0, patching shellshock vulnerability

September 30, 2014


Read more...