Data breach confirmed by Park ‘N Fly and OneStopParking: Two airport parking services, including one that shuttles travelers at Charlotte Douglas International Airport, have confirmed recent data breaches.It is unclear which airports were affected by the data breaches confirmed by Atlanta-based Park ‘N Fly and Kentucky-based OneStopParking. Park ‘N Fly, according to its website, offers […]

Germany’s Merkel urges new EU law on data tracking: German Chancellor Angela Merkel says she will press for new EU rules soon on data retention, to help in the fight against terrorism. An EU directive on data retention was made invalid by a European Court of Justice (ECJ) ruling last April. That 2006 directive opened […]

Time to fill OS X (Blue)tooth: Local privilege escalation vulnerabilities in Yosemite: Motivated by our previous findings, we performed some more tests on service IOBluetoothHCIController of the latest version of Mac OS X (Yosemite 10.10.1), and we found five additional security issues. The issues have been reported to Apple Security and, since the deadline we […]

I nostri dati sensibili in balia degli hacker: Comuni, Asl e Regioni senza difese informatiche: Un rapporto di 90 pagine dell’Università La Sapienza punta il dito senza appello sullo stato della sicurezza di Comuni, Asl, Regioni e altri enti: solo pochissime sono protetti in modo adeguato.

At this rate it will hit the launch codes in… 5.3 minutes.: Hello everyone, in this post I would like to analyze an Android application which purpose is to manage and generate passwords securely. On their Play Store page they claim to use DES to encrypt passwords on local device and that DES key is […]

Magento 1.9.0.1 PHP Object Injection: Recently, I found a PHP Object Injection (POI) vulnerability in the administrator interface of Magento 1.9.0.1. Magento is an e-commerce software written in PHP that was acquired by Ebay Inc. A bug bounty program is run that attracts with a 10,000$ bounty for remote code execution bugs. A POI vulnerability […]

powertool on Twitter: “Run calc.exe via open Chm file, no UAC warning and no av detects! Sample : https://t.co/ZntghJcnvZ http://t.co/NncyU0H2QI”: Run calc.exe via open Chm file, no UAC warning and no av detects! The exploit is: <HTML> <TITLE>Run calc.exe</TITLE> <HEAD> </HEAD> <BODY> <OBJECT id=x classid=”clsid:adb880a6-d8ff-11cf-9377-00aa003b7a11″ width=1 height=1> <PARAM name=”Command” value=”ShortCut”> <PARAM name=”Button” value=”Bitmap::shortcut”> <PARAM name=”Item1″ […]

How to leak sensitive data from an isolated computer (air-gap) to a near by mobile phone: Security researcher Mordechai Guri with the guidance of Prof. Yuval Elovici from the cyber security labs at Ben-Gurion University in Israel presented at the 9th IEEE International Conference on Malicious and Unwanted Software (MALCON 2014), at Puerto Rico, a […]

KeySweeper — Arduino-based Keylogger for Wireless Keyboards: Security researcher has developed a cheap USB wall charger that is capable to eavesdrop on almost any Microsoft wireless keyboard. MySpace mischief-maker Samy Kamkar has released a super-creepy keystroke logger for Microsoft wireless keyboards cunningly hidden in what appears to be a rather cheap, but functioning USB wall charger. The stealthy […]

Microsoft Security Bulletin MS15: This security update resolves a privately reported vulnerability in Microsoft Windows. The vulnerability could allow remote code execution if an attacker sends specially crafted packets to an affected Windows server. Only customers who enable this service are vulnerable. By default, Telnet is installed but not enabled on Windows Server 2003. Telnet […]