Items tagged with vulnerability

As unfortunate as it is, it's really hard nowadays to be shocked at the thought of someone getting infected with malware, or even a piece of ransomware (which can now even affect Linux). It is still possible to get shocked though, with Betabot proving it for us. This piece of malicious software doesn't just fetch user data from an infected machine, it also infects the machine with ransomware. Oy. Betabot is arguably one of the worst types of malware out there, as it's effective at getting through security protections to find and take financial information, and then lock the machine up type before... Read more...
If you operate a Web server that runs on Linux, we're here to give you a bit of a prod in case you haven't updated it in a while. A piece of ransomware called FairWare is floating around, and as you'll soon see, its name is ironic as it's anything but "fair". Reports are coming in of users who have been struck with this awful type of malware, although it doesn't seem clear at this point exactly how the infection takes place. It's also not clear if this is some sort of automated attack -- one that simply scans the internet at large and infects where it can -- or if the attacks are focused. Either... Read more...
We reported earlier this week on a large collection of exploits that have been put up for auction by a group that calls itself Shadow Brokers. The promise was that all of the files were sourced from a secret NSA group called Equation Group, and now, Edward Snowden has released documents to prove that's just the case. This confirmation comes from The Intercept, a website which ultimately came to be as a direct result of Snowden's leaks three summers ago. With this trove of software confirmed to be sourced from the NSA, it raises some big questions. When Shadow Brokers put its collection of exploits... Read more...
We wrote a couple of days ago about a huge treasure trove of alleged NSA-derived exploits that were hitting the market. That gold mine was accessed by a group calling itself Shadow Brokers, and it's been said that their source was Equation Group, which is believed to be an extension of the NSA. At that time, there was no proof that any of the exploits contained in the collection were still valid. Quickly, some noted that a few of the targets were already patched, leading the rest of us to believe that the entire collection came a bit too late. However, anyone who thought that might have to back... Read more...
Nothing beats wireless for convenience, but whenever you transmit important data through the air, there's a risk that someone could be nearby, ready to intercept the signals before they reach their destination. If this sounds familiar, it might be because we talked about this very thing earlier this year, when security firm Bastille ousted 'MouseJack', an overly-marketed vulnerability affecting wireless peripherals from major vendors, including Microsoft and Logitech. Well, Bastille is back, this time with 'KeySniffer', another vulnerability (or set of vulnerabilities) that has apparently also... Read more...
With Nintendo's latest game - a mobile one, at that - the company has proven that there is still a lot of innovating to do in the market. While Pokemon GO is based on another title, Ingress, any game is going to have a greater chance of success when it features one of the most popular franchises ever. GO isn't just some regular Pokemon game: it's making the masses realize that augmented reality can be really cool. What's not cool, though, is that popular mobile apps are a hot target for malware. And since Pokemon GO hasn't been released worldwide yet, many have taken to the scarier parts of the... Read more...
It's beginning to look like some rather sophisticated hackers have made their way into Apple's core and crippled iCloud security so severely that some iPhones have essentially been held hostage. A few iPhones here and there might not seem like a big deal, but ultimately, there could be a staggering 40 million iCloud accounts (approximately) at risk here. According to CSO Online, some iPhone users, dating back to February this year, have found their devices compromised, held hostage by Russian hackers. The attack is almost too simple. An iCloud account is broken into (with the help of leaked credentials),... Read more...
We wrote earlier about the kind of success Google has been seeing with its Android bug bounty program -- success that has led the company to actually increase its rewards. Over the years, we've seen other major companies offer bug bounties as well, such as Facebook and Microsoft, so it's clear that they can provide some real value. Could that value be important enough for the US government to get in on the action? It appears that "yes", it certainly can. In a new report from the Pentagon, the groundwork is laid for future programs that target much more than some front-facing websites, which is... Read more...
If you've shopped at Acer's US website at any point between May 12, 2015 and April 28, 2016, you have immediate reason for concern. Acer has just revealed to the California Attorney General's office that its ecommerce servers were hit last spring, and remained vulnerable up until this spring. Unfortunately, this isn't a mere case of someone gaining access to names and addresses - it gets much worse. Acer admits that credit card information could have been fetched by these third parties, which includes not only the credit card number, but also the CCV security code and expiry date. It's not clear... Read more...
It has been suggested that the microprocessors we use each and every day could pack in a bit more than we bargained for; namely, the tools needed for spying or undetectable access. And unfortunately, according to security researcher and developer Damien Zammit, there's a potential reason to be concerned over the "ME" or Management Engine module found in all Intel chipsets manufactured after the Core 2 era. If you've built your own Intel-based PC in recent years, or have at least reinstalled the OS and needed to install all of the drivers on your own, you've probably noticed a piece of software... Read more...
The greatest benefit wireless peripherals offer is what they help cut down on: wires. Fewer wires means that our desktops are easier to keep clean, and we're not kicking wires as often under our desk. It's a win-win overall. Or is it? As with most things convenient, wireless peripherals can suffer exploits just like anything else that's open to a wireless connection. While your keyboard is designed to handshake with an adapter that's plugged into your PC, there's usually nothing stopping the data stream from being intercepted. Though remote, no question, it could be a legitimate attack vector.... Read more...
It's not often that people feel compelled to side with Google on the topic of privacy, but the company's newest CEO, Sundar Pinchai, gives us a great reason to. As Brandon covered in great detail yesterday, Apple has been ordered by U.S. Magistrate Judge Sheri Pym to provide the FBI access to an iPhone 5c that was used by the terrorists in December's San Bernardino shootings - but, there are a couple of problems with that. Apple insists that the backdoor the U.S. government wants doesn't exist, and CEO Tim Cook rages against the idea that his company should build one for any of its products. If... Read more...
If you're surfing the Internet with a browser (a rarity, we know), there's a new bug to be cautious of. With a bit of simple JavaScript, a browser's HTML5 History API can be called upon thousands of times, ultimately causing a meltdown. Of course, a dedicated website (CrashSafari.com) exists to act as a proof of concept, and of course, there are many trolls out there trying to trick you into visiting it. This prank isn't harmful, but it can still be a major nuisance. In a rare case, it could cause you to have to reboot, and almost always, it will cause you to lose your open tabs (unless you have... Read more...
2015 has proven to be a massive year for Adobe's Flash plugin, but for all the wrong reasons. Flash is already infamous for being one of the most vulnerable pieces of software on the planet, but in 2015, 316 bugs were found and squashed. That comes out to about 6 bugs per week for a piece of software that's used by the vast majority of notebook and desktop users. What's most impressive about the sheer number of bugs Flash has is the fact that ultimately, we're dealing with a mere plugin here, not a massive software package. While Flash was once considered "cool", a de facto choice for Web animation,... Read more...
1 2 3 4 Next