CyberSecurity Osservatorio

NEWS & EVENTS

Le aziende cercano milioni di professionisti per la cybersecurity. Gli stipendi? Altissimi

04/06/2021 11:19:42

Secondo un articolo di Cnn.com le aziende americane cercano milioni di professionisti della cybersecurity garantendoli stipendi articoli (https://edition.cnn.com/2021/05/28/tech/cybersecurity-labor-shortage...

Read More
Fabio Martinelli at Cyrano event

09/12/2020 13:02:00

Cyrano event will be held on December 16th, 2020 form 10 to 12 am, to share ideas about the sectorial challenges in cyber security.

During this event Fabio Martinelli will introduce the cyber security observatory, also promoted by E-CORRIDOR. All the stakeholders...

Read More
Cybersecurity day 2020 - 9 ottobre 2020

06/10/2020 18:01:22

Il 9 ottobre, durante Internet Festival, avra’ luogo il Cybersecurity Day ( dell’Istituto di Informatica e Telematica del Cnr (IIT).

All’evento parteciperanno esperti di settore, ricercatori, rappresentanti del mondo delle imprese. Nel corso della giornata saranno presentate le attività...

Read More
Il Cyber Lab del Cnr si presenta alla Commissione Europea

29/09/2020 11:45:53

Il 24 settembre scorso Fabio Martinelli è stato invitato dalla Commissione Europea a parlare delle prossime sfide in cyber security nell'ambito degli European research and innovation days 2020.

In questa occasione ha avuto cosi modo di illustrare le prossime attivita' di ricerca del Cyber...

Read More

• Ma Internet può rompersi?

• Istituto di Informatica e Telematica

• Cyber Security Day 2020

Tweets analysis

This service shows statistics related to Tweets related to Cyber-Security, allowing to search them by keywords such as...

DGA detection

The service analyzes a DNS request log and detects if there are domain names which can be generated by a Domain...

Thesaurus

The service aims at offering a representation of the Cybersecurity domain through the creation of a controlled...

GDPR tools

The service offers a survey to check the compliance of an organization with the GDPR (General Data Protection...

	Published	Description
CVE-2020-13963	21-03-2021 21:15:00	SOPlanning before 1.47 has Incorrect Access Control because certain secret key information, and the related authentication algorithm, is public. The key for admin is hardcoded in the installation code, and there is no key for publicsp (which is a guest account).
CVE-2021-23360	21-03-2021 16:15:00	This affects the package killport before 1.0.2. If (attacker-controlled) user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization. Running this PoC will cause the command touch success to be executed, leading to the creation of a file called success.
CVE-2021-28961	21-03-2021 06:15:00	applications/luci-app-ddns/luasrc/model/cbi/ddns/detail.lua in the DDNS package for OpenWrt 19.07 allows remote authenticated users to inject arbitrary commands via POST requests.
CVE-2021-28957	21-03-2021 05:15:00	lxml 4.6.2 allows XSS. It places the HTML action attribute into defs.link_attrs (in html/defs.py) for later use in input sanitization, but does not do the same for the HTML5 formaction attribute.
CVE-2021-28953	21-03-2021 05:15:00	The unofficial C/C++ Advanced Lint extension before 1.9.0 for Visual Studio Code allows attackers to execute arbitrary binaries if the user opens a crafted repository.

Date	Title	Platform	Author
19-03-2021	Eclipse Mosquitto MQTT broker 2.0.9 - 'mosquitto' Unquoted Service Path	windows	Riadh Bouchahoua
19-03-2021	Profiling System for Human Resource Management 1.0 - Remote Code Execution (Unauthenticated)	php	Christian Vierschilling
19-03-2021	LiveZilla Server 8.0.1.0 - 'Accept-Language' Reflected XSS	php	Clément Cruchet
19-03-2021	Boonex Dolphin 7.4.2 - 'width' Stored XSS	php	Piyush Patil
19-03-2021	KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Config Download (Unauthenticated)	hardware	LiquidWorm

Published	Title	URL
01-06-2021	Campagna di phishing a tema Agenzia delle Entrate (AL01/210601/CSIRT-ITA)	CERT LINK
31-05-2021	La Settimana Cibernetica del 30 maggio 2021	CERT LINK
28-05-2021	Attacchi rivolti a Pulse Connect Secure (AL01/210528/CSIRT-ITA)	CERT LINK
28-05-2021	Sofisticata campagna malspam colpisce 3000 account di oltre 150 organizzazioni (AL02/210528/CSIRT-ITA)	CERT LINK
27-05-2021	Rilevata vulnerabilità in nginx (AL02/210527/CSIRT-ITA)	CERT LINK