Archives

IoT and Privacy: a report by BITDEFENDER

/ Marzo 25, 2016/ IoT News&Updates/ 0 comments

BITDEFENDER has released a report about 4 well-known IoT devices (a WeMo Switch, a Lifx Bulb, a LinkHub and a MUZO Cobblestone Wi-Fi Audio). The findings shouldn’t be new to anyone, but are quite interesting. The full report can be found here: https://labs.bitdefender.com/2016/03/iot-hacking-report-confirms-privacy-is-dead/

TVT DVRs vulnerable to RCE

/ Marzo 24, 2016/ IT Security News&Updates/ 0 comments

According to http://www.kerneronsec.com/2016/02/remote-code-execution-in-cctv-dvrs-of.html, some DVRs manufactured by TVT (and we suspect other IP-enabled devices too) are susceptible to a RCE (Remote-Code-Execution) attack. In computer security, arbitrary code execution is used to describe an attacker’s ability to execute any commands of the attacker’s choice on a target machine or in a target process. It is commonly used in arbitrary code execution vulnerability

Read More

Web Application Firewall (WAF)

/ Noviembre 12, 2015/ IT Security News&Updates/ 0 comments

What is a waf? A web application firewall (WAF) is an appliance, server plugin, or filter that applies a set of rules to an HTTP conversation. Generally, these rules cover common attacks such as cross-site scripting (XSS) and SQL injection. By customizing the rules to your application, many attacks can be identified and blocked. Any example? ModSecurity is an open

Read More

DATA exfiltration: the DNS way

/ Noviembre 11, 2015/ IT Security News&Updates/ 0 comments

DNS is one of those things that usually work everywhere, anywhere, even if there’s a firewall or a security solution in place. An interesting article to read about this can be found here: https://community.infoblox.com/t5/Community-Blog/DNS-Data-Exfiltration-How-it-works/ba-p/3664#.VkT62sOQS1o.linkedin