CyberSecurity Osservatorio

NEWS & EVENTS

Le aziende cercano milioni di professionisti per la cybersecurity. Gli stipendi? Altissimi

04/06/2021 11:19:42

Secondo un articolo di Cnn.com le aziende americane cercano milioni di professionisti della cybersecurity garantendoli stipendi articoli (https://edition.cnn.com/2021/05/28/tech/cybersecurity-labor-shortage...

Read More
Fabio Martinelli at Cyrano event

09/12/2020 13:02:00

Cyrano event will be held on December 16th, 2020 form 10 to 12 am, to share ideas about the sectorial challenges in cyber security.

During this event Fabio Martinelli will introduce the cyber security observatory, also promoted by E-CORRIDOR. All the stakeholders...

Read More
Cybersecurity day 2020 - 9 ottobre 2020

06/10/2020 18:01:22

Il 9 ottobre, durante Internet Festival, avra’ luogo il Cybersecurity Day ( dell’Istituto di Informatica e Telematica del Cnr (IIT).

All’evento parteciperanno esperti di settore, ricercatori, rappresentanti del mondo delle imprese. Nel corso della giornata saranno presentate le attività...

Read More
Il Cyber Lab del Cnr si presenta alla Commissione Europea

29/09/2020 11:45:53

Il 24 settembre scorso Fabio Martinelli è stato invitato dalla Commissione Europea a parlare delle prossime sfide in cyber security nell'ambito degli European research and innovation days 2020.

In questa occasione ha avuto cosi modo di illustrare le prossime attivita' di ricerca del Cyber...

Read More

• Cyber Security Day 2020

• Ma Internet può rompersi?

• Istituto di Informatica e Telematica

Ransomware detection

This service identifies typical ransomware behaviours such as file ciphering. Differently from signature-based anti-...

Thesaurus

The service aims at offering a representation of the Cybersecurity domain through the creation of a controlled...

Self assessment tools

The main goal of the tool is to provide a simple and quick tool for cyber risk self-assessment. The tool requires two...

Antimalware

The service detects malicious signatures in analysed files, by scanning it with 57 different commercial anti-malware....

	Published	Description
CVE-2020-13963	21-03-2021 21:15:00	SOPlanning before 1.47 has Incorrect Access Control because certain secret key information, and the related authentication algorithm, is public. The key for admin is hardcoded in the installation code, and there is no key for publicsp (which is a guest account).
CVE-2021-23360	21-03-2021 16:15:00	This affects the package killport before 1.0.2. If (attacker-controlled) user input is given, it is possible for an attacker to execute arbitrary commands. This is due to use of the child_process exec function without input sanitization. Running this PoC will cause the command touch success to be executed, leading to the creation of a file called success.
CVE-2021-28961	21-03-2021 06:15:00	applications/luci-app-ddns/luasrc/model/cbi/ddns/detail.lua in the DDNS package for OpenWrt 19.07 allows remote authenticated users to inject arbitrary commands via POST requests.
CVE-2021-28954	21-03-2021 05:15:00	In Chris Walz bit before 1.0.5 on Windows, attackers can run arbitrary code via a .exe file in a crafted repository.
CVE-2021-28957	21-03-2021 05:15:00	lxml 4.6.2 allows XSS. It places the HTML action attribute into defs.link_attrs (in html/defs.py) for later use in input sanitization, but does not do the same for the HTML5 formaction attribute.

Date	Title	Platform	Author
19-03-2021	Eclipse Mosquitto MQTT broker 2.0.9 - 'mosquitto' Unquoted Service Path	windows	Riadh Bouchahoua
19-03-2021	Profiling System for Human Resource Management 1.0 - Remote Code Execution (Unauthenticated)	php	Christian Vierschilling
19-03-2021	LiveZilla Server 8.0.1.0 - 'Accept-Language' Reflected XSS	php	Clément Cruchet
19-03-2021	Boonex Dolphin 7.4.2 - 'width' Stored XSS	php	Piyush Patil
19-03-2021	KZTech/JatonTec/Neotel JT3500V 4G LTE CPE 2.0.1 - Config Download (Unauthenticated)	hardware	LiquidWorm

Published	Title	URL
16-08-2021	La Settimana Cibernetica del 15 agosto 2021	CERT LINK
13-08-2021	Aggiornamenti di sicurezza per Node.js (AL01/210813/CSIRT-ITA)	CERT LINK
13-08-2021	Attacchi ProxyShell verso server Microsoft Exchange vulnerabili (AL03/210813/CSIRT-ITA)	CERT LINK
13-08-2021	Aggiornamenti CKEditor e DRUPAL (AL02/210813/CSIRT-ITA)	CERT LINK
13-08-2021	Aggiornamenti CKEditor e DRUPAL (AL02/210812/CSIRT-ITA)	CERT LINK