Items tagged with exploit

As unfortunate as it is, it's really hard nowadays to be shocked at the thought of someone getting infected with malware, or even a piece of ransomware (which can now even affect Linux). It is still possible to get shocked though, with Betabot proving it for us. This piece of malicious software doesn't just fetch user data from an infected machine, it also infects the machine with ransomware. Oy. Betabot is arguably one of the worst types of malware out there, as it's effective at getting through security protections to find and take financial information, and then lock the machine up type before... Read more...
If you operate a Web server that runs on Linux, we're here to give you a bit of a prod in case you haven't updated it in a while. A piece of ransomware called FairWare is floating around, and as you'll soon see, its name is ironic as it's anything but "fair". Reports are coming in of users who have been struck with this awful type of malware, although it doesn't seem clear at this point exactly how the infection takes place. It's also not clear if this is some sort of automated attack -- one that simply scans the internet at large and infects where it can -- or if the attacks are focused. Either... Read more...
We reported earlier this week on a large collection of exploits that have been put up for auction by a group that calls itself Shadow Brokers. The promise was that all of the files were sourced from a secret NSA group called Equation Group, and now, Edward Snowden has released documents to prove that's just the case. This confirmation comes from The Intercept, a website which ultimately came to be as a direct result of Snowden's leaks three summers ago. With this trove of software confirmed to be sourced from the NSA, it raises some big questions. When Shadow Brokers put its collection of exploits... Read more...
We wrote a couple of days ago about a huge treasure trove of alleged NSA-derived exploits that were hitting the market. That gold mine was accessed by a group calling itself Shadow Brokers, and it's been said that their source was Equation Group, which is believed to be an extension of the NSA. At that time, there was no proof that any of the exploits contained in the collection were still valid. Quickly, some noted that a few of the targets were already patched, leading the rest of us to believe that the entire collection came a bit too late. However, anyone who thought that might have to back... Read more...
Nothing beats wireless for convenience, but whenever you transmit important data through the air, there's a risk that someone could be nearby, ready to intercept the signals before they reach their destination. If this sounds familiar, it might be because we talked about this very thing earlier this year, when security firm Bastille ousted 'MouseJack', an overly-marketed vulnerability affecting wireless peripherals from major vendors, including Microsoft and Logitech. Well, Bastille is back, this time with 'KeySniffer', another vulnerability (or set of vulnerabilities) that has apparently also... Read more...
With Nintendo's latest game - a mobile one, at that - the company has proven that there is still a lot of innovating to do in the market. While Pokemon GO is based on another title, Ingress, any game is going to have a greater chance of success when it features one of the most popular franchises ever. GO isn't just some regular Pokemon game: it's making the masses realize that augmented reality can be really cool. What's not cool, though, is that popular mobile apps are a hot target for malware. And since Pokemon GO hasn't been released worldwide yet, many have taken to the scarier parts of the... Read more...
It seems impossible for the world to go a single week without a major security breach, so to fill the inevitable void this week is a hacker that goes by the name "thedarkoverlord," who claims to be in possession of a staggering 655,000 healthcare records. Of course, he is looking to sell them off. This latest records leak was first reported by Deep Dot Web, which has exclusive images to prove that the leak is real (one can be seen below). These images were not sourced by the website; rather, thedarkoverlord himself provided the images, probably as a way to build up some notoriety, and to flaunt... Read more...
We wrote earlier about the kind of success Google has been seeing with its Android bug bounty program -- success that has led the company to actually increase its rewards. Over the years, we've seen other major companies offer bug bounties as well, such as Facebook and Microsoft, so it's clear that they can provide some real value. Could that value be important enough for the US government to get in on the action? It appears that "yes", it certainly can. In a new report from the Pentagon, the groundwork is laid for future programs that target much more than some front-facing websites, which is... Read more...
It has been suggested that the microprocessors we use each and every day could pack in a bit more than we bargained for; namely, the tools needed for spying or undetectable access. And unfortunately, according to security researcher and developer Damien Zammit, there's a potential reason to be concerned over the "ME" or Management Engine module found in all Intel chipsets manufactured after the Core 2 era. If you've built your own Intel-based PC in recent years, or have at least reinstalled the OS and needed to install all of the drivers on your own, you've probably noticed a piece of software... Read more...
The greatest benefit wireless peripherals offer is what they help cut down on: wires. Fewer wires means that our desktops are easier to keep clean, and we're not kicking wires as often under our desk. It's a win-win overall. Or is it? As with most things convenient, wireless peripherals can suffer exploits just like anything else that's open to a wireless connection. While your keyboard is designed to handshake with an adapter that's plugged into your PC, there's usually nothing stopping the data stream from being intercepted. Though remote, no question, it could be a legitimate attack vector.... Read more...
Security researchers thought that we were all rid of a pesky vulnerability that was initially patched over three years ago. The exploit takes advantage of code lurking within the “libupnp” library, which is included in the Portable SDK for UPnP Devices used for DLNA media playback. However, some lax vendors have failed to include newer versions of the SDK with an updated version of libupnp, leaving millions of devices that we use everyday exposed -- 6.1 million devices to be exact, including smartphones, routers and smart TVs. In addition to hardware vendors, it’s also been discovered that 547... Read more...
We've talked lots in the past about vulnerabilities that hit home and enterprise routers, but not quite as much about cable modems, where the importance of good security is arguably even more paramount. The reason for that is that most often, customers do not have control over the firmware in such devices. If a vulnerability is found and patched, it's up to the ISP to issue it, automatically. As you might imagine, this could lead to some serious problems if your ISP isn't too on top of things. A great example of this is brought forth by security researcher Bernardo Rodrigues. He found that with... Read more...
UpdatedThe lock screen on your phone might not be foolproof as you thought. Researchers at The University of Texas at Austin released a demonstration this week of what they say is a vulnerability in mobile devices running Android 5.x. Also known as Lollipop, it is the latest version of Android and is run by many modern phones, but the attack may not affect all phones running Lollipop. Researchers used a Nexus 4 in the proof-of-concept attack. Also, phones running the latest version of Android (5.5.1 build LMY48M) are not vulnerable. The attack involves copying and pasting multiple characters, starting... Read more...
If you’re a Firefox user, you should update your browser immediately. Mozilla was informed earlier this week by an astute Firefox user that a Russian news site was was using malicious advertisements to take advantage of an exploit in the browser when installed on Windows and Linux machines. The exploit takes advantage of a vulnerability in the PDF viewer that is built into the Firefox browser. That also means that the mobile version of Firefox, which doesn’t include the PDF viewer, is not affected. Mac users were also spared from this particular exploit, but Mozilla still suggests that they upgrade... Read more...
1 2 3 Next