NEWS & EVENTS

  • Fabio Martinelli at Cyrano event
    09/12/2020 13:02:00

    Cyrano event will be held on December 16th, 2020 form 10 to 12 am, to share ideas about the sectorial challenges in cyber security.

    During this event Fabio Martinelli will introduce the cyber security observatory, also promoted by E-CORRIDOR. All the stakeholders...

    Read More
  • Cybersecurity day 2020 - 9 ottobre 2020
    06/10/2020 18:01:22

    Il 9 ottobre, durante Internet Festival, avra’ luogo il Cybersecurity Day ( dell’Istituto di Informatica e Telematica del Cnr (IIT).

    All’evento parteciperanno esperti di settore, ricercatori, rappresentanti del mondo delle imprese. Nel corso della giornata saranno presentate le attività...

    Read More
  • Il Cyber Lab del Cnr si presenta alla Commissione Europea
    29/09/2020 11:45:53

    Il 24 settembre scorso Fabio Martinelli è stato invitato dalla Commissione Europea a parlare delle prossime sfide in cyber security nell'ambito degli European research and innovation days 2020.

    In questa occasione ha avuto cosi modo di illustrare le prossime attivita' di ricerca del Cyber...

    Read More
  • Uscito il bando di iscrizione per l'edizione 2020-2021 del Master in Cybersecurity
    04/09/2020 13:57:59

    Pubblicato il bando per la quinta edizione del Master in Cybersecurity dell'Università di Pisa, anno accademico 2020/21.

    Per immatricolarsi al Master, l’interessato deve collegarsi al Portale Alice all’indirizzo https://www.studenti.unipi.it...

    Read More

BLOGS & VIDEOS

Istituto di Informatica e Telematica
Cyber Security Day 2020
Lezioni di Scienza - Sicurezza Informatica di Fabio Martinelli
Ma Internet può rompersi?

SERVICES

DGA detection

The service analyzes a DNS request log and detects if there are domain names which can be generated by a Domain...

Read More
Tweets analysis

This service shows statistics related to Tweets related to Cyber-Security, allowing to search them by keywords such as...

Read More
Ransomware detection

This service identifies typical ransomware behaviours such as file ciphering. Differently from signature-based anti-...

Read More
Spam email detection

This service analyses sets of email file in .eml format to identify the unsolicited ones (SPAM). Moreover, the service...

Read More

LATEST CVE

Published Description
CVE-2021-25331
04-03-2021 21:15:00
 Improper access control in Samsung Pay mini application prior to v4.0.14 allows unauthorized access to balance information over the lockscreen in specific condition.
CVE-2021-26293
04-03-2021 21:15:00
 An issue was discovered in AfterLogic Aurora through 8.5.3 and WebMail Pro through 8.5.3, when DAV is enabled. They allow directory traversal to create new files (such as an executable file under the web root). This is related to DAVServer.php in 8.x and DAV/Server.php in 7.x.
CVE-2021-25333
04-03-2021 21:15:00
 Improper access control in Samsung Pay mini application prior to v4.0.14 allows unauthorized access to balance information over the lockscreen via scanning specific QR code.
CVE-2021-25335
04-03-2021 21:15:00
 Improper lockscreen status check in cocktailbar service in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows unauthenticated users to access hidden notification contents over the lockscreen in specific condition.
CVE-2021-25338
04-03-2021 21:15:00
 Improper memory access control in RKP in Samsung mobile devices prior to SMR Mar-2021 Release 1 allows an attacker, given a compromised kernel, to write certain part of RKP EL2 memory region.

Pages

LATEST EXPLOIT

Date Title Platform Author
23-02-2021
 Monica 2.19.1 - 'last_name' Stored XSS multiple BouSalman
23-02-2021
 HFS (HTTP File Server) 2.3.x - Remote Command Execution (3) windows Pergyz
19-02-2021
 Comment System 1.0 - 'multiple' Stored Cross-Site Scripting php Pintu Solanki
19-02-2021
 Beauty Parlour Management System 1.0 - 'sername' SQL Injection php Thinkland Security Team
19-02-2021
 dataSIMS Avionics ARINC 664-1 - Local Buffer Overflow (PoC) windows Kağan Çapar

Pages

CERT feeds

Published Title URL
28-01-2021 Vulnerabilità su Mozilla Firefox (AL03/210128/CSIRT-ITA) CERT LINK
28-01-2021 Campagna di Phishing ai danni di Unicredit e N26 (AL02/210128/CSIRT-ITA) CERT LINK
28-01-2021 Vulnerabilità nel software Sudo (AL01/210128/CSIRT-ITA) CERT LINK
27-01-2021 Phishing a tema “Mail Quarantine" (AL01/210127/CSIRT-ITA) CERT LINK
27-01-2021 Vulnerabilità su dnsmasq (AL02/210127/CSIRT-ITA) CERT LINK

Pages