Lucian Constantin

Author Archives: Lucian Constantin

Android patches fix Drammer RAM attack, but not Dirty Cow exploit

Google released a new monthly batch of security patches for Android, fixing a dozen critical vulnerabilities that could allow attackers to compromise devices. One of the mitigated issues is a bit-flipping attack against memory chips that could lead to privilege escalation, but a more widespread rooting vulnerability in the Linux kernel remains unpatched.While Google releases firmware updates for its Nexus and Pixel devices on the first Monday of every month, the security patches are shared with third-party device manufacturers one month in advance and are also contributed later to the Android Open Source Project to benefit the entire ecosystem.To read this article in full or to leave a comment, please click here

Android patches fix Drammer RAM attack, but not Dirty Cow exploit

Google released a new monthly batch of security patches for Android, fixing a dozen critical vulnerabilities that could allow attackers to compromise devices. One of the mitigated issues is a bit-flipping attack against memory chips that could lead to privilege escalation, but a more widespread rooting vulnerability in the Linux kernel remains unpatched.While Google releases firmware updates for its Nexus and Pixel devices on the first Monday of every month, the security patches are shared with third-party device manufacturers one month in advance and are also contributed later to the Android Open Source Project to benefit the entire ecosystem.To read this article in full or to leave a comment, please click here

Hackers can abuse LTE protocols to knock phones off networks

When you travel between countries, the mobile operators that temporarily provide service to your phone need to communicate with your operator back home. This is done over a global interconnection network where most traffic still uses an ageing protocol, called SS7, that's known to be vulnerable to location tracking, eavesdropping, fraud, denial of service (DoS), SMS interception and other attacks.With the advance of Long-Term Evolution (LTE) networks, some roaming traffic is switching to a newer protocol, called Diameter, that's more secure than SS7 in theory, but which still allows for attacks if it's not deployed with additional security mechanisms.To read this article in full or to leave a comment, please click here

Hackers can abuse LTE protocols to knock phones off networks

When you travel between countries, the mobile operators that temporarily provide service to your phone need to communicate with your operator back home. This is done over a global interconnection network where most traffic still uses an ageing protocol, called SS7, that's known to be vulnerable to location tracking, eavesdropping, fraud, denial of service (DoS), SMS interception and other attacks.With the advance of Long-Term Evolution (LTE) networks, some roaming traffic is switching to a newer protocol, called Diameter, that's more secure than SS7 in theory, but which still allows for attacks if it's not deployed with additional security mechanisms.To read this article in full or to leave a comment, please click here

5 things you need to know about virtual private networks

A virtual private network is a secure tunnel between two or more computers on the internet, allowing them to access each other as if on a local network. In the past, VPNs were mainly used by companies to securely link remote branches together or connect roaming employees to the office network, but today they're an important service for consumers too, protecting them from attacks when they connect to public wireless networks. Given their importance, here's what you need to know about VPNs:VPNs are good for your privacy and securityOpen wireless networks pose a serious risk to users, because attackers sitting on the same networks can use various techniques to sniff web traffic and even hijack accounts on websites that don't use the HTTPS security protocol. In addition, some Wi-Fi network operators intentionally inject ads into web traffic, and these could lead to unwanted tracking.To read this article in full or to leave a comment, please click here

5 things you need to know about virtual private networks

A virtual private network is a secure tunnel between two or more computers on the internet, allowing them to access each other as if on a local network. In the past, VPNs were mainly used by companies to securely link remote branches together or connect roaming employees to the office network, but today they're an important service for consumers too, protecting them from attacks when they connect to public wireless networks. Given their importance, here's what you need to know about VPNs:VPNs are good for your privacy and securityOpen wireless networks pose a serious risk to users, because attackers sitting on the same networks can use various techniques to sniff web traffic and even hijack accounts on websites that don't use the HTTPS security protocol. In addition, some Wi-Fi network operators intentionally inject ads into web traffic, and these could lead to unwanted tracking.To read this article in full or to leave a comment, please click here

5 things you need to know about virtual private networks

A virtual private network is a secure tunnel between two or more computers on the internet, allowing them to access each other as if on a local network. In the past, VPNs were mainly used by companies to securely link remote branches together or connect roaming employees to the office network, but today they're an important service for consumers too, protecting them from attacks when they connect to public wireless networks. Given their importance, here's what you need to know about VPNs:VPNs are good for your privacy and securityOpen wireless networks pose a serious risk to users, because attackers sitting on the same networks can use various techniques to sniff web traffic and even hijack accounts on websites that don't use the HTTPS security protocol. In addition, some Wi-Fi network operators intentionally inject ads into web traffic, and these could lead to unwanted tracking.To read this article in full or to leave a comment, please click here

Update your Belkin WeMo devices before they become botnet zombies

Owners of WeMo home automation devices should upgrade them to the latest firmware version, which was released this week to fix a critical vulnerability that could allow hackers to fully compromise them.The vulnerability was discovered by researchers from security firm Invincea in the Belkin WeMo Switch, a smart plug that allows users to remotely turn their electronics on or off by using their smartphones. They confirmed the same flaw in a WeMo-enabled smart slow cooker from Crock-Pot, and they think it's probably present in other WeMo products, too.WeMo devices like the WeMo Switch can be controlled via a smartphone app that communicates with them over a local Wi-Fi network or over the Internet through a cloud service run by Belkin, the creator of the WeMo home automation platform.To read this article in full or to leave a comment, please click here

Update your Belkin WeMo devices before they become botnet zombies

Owners of WeMo home automation devices should upgrade them to the latest firmware version, which was released this week to fix a critical vulnerability that could allow hackers to fully compromise them.The vulnerability was discovered by researchers from security firm Invincea in the Belkin WeMo Switch, a smart plug that allows users to remotely turn their electronics on or off by using their smartphones. They confirmed the same flaw in a WeMo-enabled smart slow cooker from Crock-Pot, and they think it's probably present in other WeMo products, too.WeMo devices like the WeMo Switch can be controlled via a smartphone app that communicates with them over a local Wi-Fi network or over the Internet through a cloud service run by Belkin, the creator of the WeMo home automation platform.To read this article in full or to leave a comment, please click here

Mobile subscriber identity numbers can be exposed over Wi-Fi

For a long time, law enforcement agencies and hackers have been able to track the identity and location of mobile users by setting up fake cellular network towers and tricking their devices to connect to them. Researchers have now found that the same thing can be done much more cheaply with a simple Wi-Fi hotspot.The devices that pose as cell towers are known in the industry as IMSI catchers, with the IMSI (international mobile subscriber identity) being a unique number tied to a mobile subscriber and stored on a SIM card. IMSI catchers can be used for tracking and in some cases, for intercepting calls, but commercial solutions, such as the Stingray used by the FBI, are expensive.To read this article in full or to leave a comment, please click here

Mobile subscriber identity numbers can be exposed over Wi-Fi

For a long time, law enforcement agencies and hackers have been able to track the identity and location of mobile users by setting up fake cellular network towers and tricking their devices to connect to them. Researchers have now found that the same thing can be done much more cheaply with a simple Wi-Fi hotspot.The devices that pose as cell towers are known in the industry as IMSI catchers, with the IMSI (international mobile subscriber identity) being a unique number tied to a mobile subscriber and stored on a SIM card. IMSI catchers can be used for tracking and in some cases, for intercepting calls, but commercial solutions, such as the Stingray used by the FBI, are expensive.To read this article in full or to leave a comment, please click here

Researchers build undetectable rootkit for programmable logic controllers

Researchers have devised a new malware attack against industrial programmable logic controllers (PLCs) that takes advantage of architectural shortcomings in microprocessors and bypasses current detection mechanisms.The attack changes the configuration of the input/output pins that make up the interface used by PLCs to communicate with other devices such as sensors, valves, and motors. PLCs are specialized embedded computers used to control and monitor physical processes in factories, power stations, gas refineries, public utilities, and other industrial installations.The attack, which will be presented at the Black Hat Europe security conference in London on Thursday, was developed by Ali Abbasi, a doctoral candidate in the distributed and embedded system security group at the University of Twente in the Netherlands, and Majid Hashemi, a research and development engineer at Quarkslab, a Paris-based cybersecurity company.To read this article in full or to leave a comment, please click here

Researchers build undetectable rootkit for programmable logic controllers

Researchers have devised a new malware attack against industrial programmable logic controllers (PLCs) that takes advantage of architectural shortcomings in microprocessors and bypasses current detection mechanisms.The attack changes the configuration of the input/output pins that make up the interface used by PLCs to communicate with other devices such as sensors, valves, and motors. PLCs are specialized embedded computers used to control and monitor physical processes in factories, power stations, gas refineries, public utilities, and other industrial installations.The attack, which will be presented at the Black Hat Europe security conference in London on Thursday, was developed by Ali Abbasi, a doctoral candidate in the distributed and embedded system security group at the University of Twente in the Netherlands, and Majid Hashemi, a research and development engineer at Quarkslab, a Paris-based cybersecurity company.To read this article in full or to leave a comment, please click here

Google to untrust WoSign and StartCom certificates

Following similar decisions by Mozilla and Apple, Google plans to reject new  digital certificates issued by two certificate authorities because they violated industry rules and best practices.The ban will go into effect in Chrome version 56, which is currently in the dev release channel, and will apply to all certificates issued by certificate authorities WoSign and StartCom after October 21. Browsers rely on digital certificates to verify the identity of websites and to establish encrypted connections with them.Certificates issued before October 21 will continue to be trusted as long as they're published to the public Certificate Transparency logs or have been issued to a limited set of domains owned by known WoSign and StartCom customers.To read this article in full or to leave a comment, please click here

Google to untrust WoSign and StartCom certificates

Following similar decisions by Mozilla and Apple, Google plans to reject new  digital certificates issued by two certificate authorities because they violated industry rules and best practices.The ban will go into effect in Chrome version 56, which is currently in the dev release channel, and will apply to all certificates issued by certificate authorities WoSign and StartCom after October 21. Browsers rely on digital certificates to verify the identity of websites and to establish encrypted connections with them.Certificates issued before October 21 will continue to be trusted as long as they're published to the public Certificate Transparency logs or have been issued to a limited set of domains owned by known WoSign and StartCom customers.To read this article in full or to leave a comment, please click here

Joomla websites attacked en masse using recently patched exploits

Attackers are aggressively attacking Joomla-based websites by exploiting two critical vulnerabilities patched last week.The flaws allow the creation of accounts with elevated privileges on websites built with the popular Joomla content management system, even if account registration is disabled. They were patched in Joomla 3.6.4, released Tuesday.Hackers didn't waste any time reverse engineering the patches to understand how the two vulnerabilities can be exploited to compromise websites, according to researchers from Web security firm Sucuri.To read this article in full or to leave a comment, please click here

Joomla websites attacked en masse using recently patched exploits

Attackers are aggressively attacking Joomla-based websites by exploiting two critical vulnerabilities patched last week.The flaws allow the creation of accounts with elevated privileges on websites built with the popular Joomla content management system, even if account registration is disabled. They were patched in Joomla 3.6.4, released Tuesday.Hackers didn't waste any time reverse engineering the patches to understand how the two vulnerabilities can be exploited to compromise websites, according to researchers from Web security firm Sucuri.To read this article in full or to leave a comment, please click here

New Windows code injection method could let malware bypass detection

Security researchers have discovered a new way that allows malware to inject malicious code into other processes without being detected by antivirus programs and other endpoint security systems.The new method was devised by researchers from security firm Ensilo who dubbed it AtomBombing because it relies on the Windows atom tables mechanism. These special tables are provided by the operating system and can be used to share data between applications."What we found is that a threat actor can write malicious code into an atom table and force a legitimate program to retrieve the malicious code from the table," Ensilo researcher Tal Liberman said in a blog post. "We also found that the legitimate program, now containing the malicious code, can be manipulated to execute that code."To read this article in full or to leave a comment, please click here

New Windows code injection method could let malware bypass detection

Security researchers have discovered a new way that allows malware to inject malicious code into other processes without being detected by antivirus programs and other endpoint security systems.The new method was devised by researchers from security firm Ensilo who dubbed it AtomBombing because it relies on the Windows atom tables mechanism. These special tables are provided by the operating system and can be used to share data between applications."What we found is that a threat actor can write malicious code into an atom table and force a legitimate program to retrieve the malicious code from the table," Ensilo researcher Tal Liberman said in a blog post. "We also found that the legitimate program, now containing the malicious code, can be manipulated to execute that code."To read this article in full or to leave a comment, please click here

No need to shoot down drones! Many of them can now be hijacked

A security researcher has devised a method of hijacking a wide variety of radio- controlled airplanes, helicopters, cars, boats and other devices that use a popular wireless transmission technology.The attack was developed by Jonathan Andersson, manager of the Advanced Security Research Group at Trend Micro DVLabs, and targets a "wideband, frequency-agile 2.4GHz signal protocol" called DSMx. This protocol is used in radio-control (R/C) toys, including in drones, that are owned by millions of users.Andersson's attack exploits weaknesses in DSMx and was presented in detail Wednesday at the PacSec security conference in Tokyo. The researcher built a device that he dubbed Icarus, using off-the-shelf electronic components and software-defined radio (SDR). With it, he can take over the control of drones or other R/C devices and lock out their real owners in seconds.To read this article in full or to leave a comment, please click here

1 16 17 18 19 20 58