Companies that develop enterprise applications download over 200,000 open-source components on average every year and one in every 16 of those components has security vulnerabilities.This is indicative of the poor state of the software supply chain, a problem that's only getting worse with the increased reliance on third-party code combined with bad software inventory practices.According to software development lifecycle firm Sonatype, third-party components account for 80 percent to 90 percent of the code found in a typical enterprise application today.The number of downloads from the largest largest public repository of open-source Java components reached 31 billion last year, a 82 percent increase over 2014, the company found.To read this article in full or to leave a comment, please click here
Companies that develop enterprise applications download over 200,000 open-source components on average every year and one in every 16 of those components has security vulnerabilities.This is indicative of the poor state of the software supply chain, a problem that's only getting worse with the increased reliance on third-party code combined with bad software inventory practices.According to software development lifecycle firm Sonatype, third-party components account for 80 percent to 90 percent of the code found in a typical enterprise application today.The number of downloads from the largest largest public repository of open-source Java components reached 31 billion last year, a 82 percent increase over 2014, the company found.To read this article in full or to leave a comment, please click here
Many computer users don't realize it, but for most people their internet router is the most important electronic device in their home. It links most of their other devices together and to the world, so it has a highly privileged position that hackers can exploit.Unfortunately many consumer and small-business routers come with insecure default configurations, have undocumented backdoor accounts, expose legacy services and have firmware that is riddled with basic flaws. Some of these problems can't be fixed by users, but there are many actions that can be taken to at least protect these devices from large-scale, automated attacks.Don't let your router be a low-hanging fruit for hackers.To read this article in full or to leave a comment, please click here
Many computer users don't realize it, but for most people their internet router is the most important electronic device in their home. It links most of their other devices together and to the world, so it has a highly privileged position that hackers can exploit.Unfortunately many consumer and small-business routers come with insecure default configurations, have undocumented backdoor accounts, expose legacy services and have firmware that is riddled with basic flaws. Some of these problems can't be fixed by users, but there are many actions that can be taken to at least protect these devices from large-scale, automated attacks.Don't let your router be a low-hanging fruit for hackers.To read this article in full or to leave a comment, please click here
Many computer users don't realize it, but for most people their internet router is the most important electronic device in their home. It links most of their other devices together and to the world, so it has a highly privileged position that hackers can exploit.Unfortunately many consumer and small-business routers come with insecure default configurations, have undocumented backdoor accounts, expose legacy services and have firmware that is riddled with basic flaws. Some of these problems can't be fixed by users, but there are many actions that can be taken to at least protect these devices from large-scale, automated attacks.Don't let your router be a low-hanging fruit for hackers.To read this article in full or to leave a comment, please click here
Researchers have identified a new Mac backdoor program that's designed to steal credentials stored in the OS-encrypted keychain and give attackers control over the system.
Dubbed OSX/Keydnap by researchers from antivirus vendor ESET, this is the second backdoor program targeting Macs found by antivirus firms in the past few days.
It's not clear how Keydnap is distributed, but it arrives on computers in the form of a zip archive. Inside there's an executable file with an apparently benign extension such as .txt or .jpg that actually has a space character at the end. The file also has an icon indicating an image or text file.To read this article in full or to leave a comment, please click here
Researchers have identified a new Mac backdoor program that's designed to steal credentials stored in the OS-encrypted keychain and give attackers control over the system.
Dubbed OSX/Keydnap by researchers from antivirus vendor ESET, this is the second backdoor program targeting Macs found by antivirus firms in the past few days.
It's not clear how Keydnap is distributed, but it arrives on computers in the form of a zip archive. Inside there's an executable file with an apparently benign extension such as .txt or .jpg that actually has a space character at the end. The file also has an icon indicating an image or text file.To read this article in full or to leave a comment, please click here
A recently discovered vulnerability in a D-Link network camera that allows attackers to remotely take over the device also exists in more than 120 other D-Link products.The vulnerability was initially discovered a month ago by researchers from security start-up firm Senrio in D-Link DCS-930L, a Wi-Fi enabled camera that can be controlled remotely through a smartphone app.The flaw, a stack overflow, is located in a firmware service called dcp, which listens to commands on port 5978. Attackers can trigger the overflow by sending specifically crafted commands and then can execute rogue code on the system.To read this article in full or to leave a comment, please click here
A recently discovered vulnerability in a D-Link network camera that allows attackers to remotely take over the device also exists in more than 120 other D-Link products.The vulnerability was initially discovered a month ago by researchers from security start-up firm Senrio in D-Link DCS-930L, a Wi-Fi enabled camera that can be controlled remotely through a smartphone app.The flaw, a stack overflow, is located in a firmware service called dcp, which listens to commands on port 5978. Attackers can trigger the overflow by sending specifically crafted commands and then can execute rogue code on the system.To read this article in full or to leave a comment, please click here
A recently discovered vulnerability in a D-Link network camera that allows attackers to remotely take over the device also exists in more than 120 other D-Link products.The vulnerability was initially discovered a month ago by researchers from security start-up firm Senrio in D-Link DCS-930L, a Wi-Fi enabled camera that can be controlled remotely through a smartphone app.The flaw, a stack overflow, is located in a firmware service called dcp, which listens to commands on port 5978. Attackers can trigger the overflow by sending specifically crafted commands and then can execute rogue code on the system.To read this article in full or to leave a comment, please click here
Google released a new batch of Android patches on Wednesday, fixing over 100 flaws in Android's own components and in chipset-specific drivers from different manufacturers.Android's mediaserver component, which handles the processing of video and audio streams and has been a source of many vulnerabilities in the past, is at the forefront of this security update. It accounts for 16 Android vulnerabilities, including 7 critical flaws that can allow an attacker to execute code with higher privileges. The bugs can be exploited by sending specifically crafted audio or video files to users' devices via the browser, email or messaging apps. Because of the repeated mediaserver flaws, Google Hangouts and the default Android Messenger applications no longer pass media to this component automatically.To read this article in full or to leave a comment, please click here
Google released a new batch of Android patches on Wednesday, fixing over 100 flaws in Android's own components and in chipset-specific drivers from different manufacturers.Android's mediaserver component, which handles the processing of video and audio streams and has been a source of many vulnerabilities in the past, is at the forefront of this security update. It accounts for 16 Android vulnerabilities, including 7 critical flaws that can allow an attacker to execute code with higher privileges. The bugs can be exploited by sending specifically crafted audio or video files to users' devices via the browser, email or messaging apps. Because of the repeated mediaserver flaws, Google Hangouts and the default Android Messenger applications no longer pass media to this component automatically.To read this article in full or to leave a comment, please click here
Security researchers have found a new backdoor program that allows attackers to hijack Mac systems and control them over the Tor network.The new malware has been dubbed Backdoor.MAC.Eleanor by researchers from antivirus vendor Bitdefender and is distributed as a file converter application through reputable websites that offer Mac software.The rogue application is called EasyDoc Converter. Once installed it displays a fake interface where users can supposedly drag and drop files for conversion, but which in reality doesn't do anything.In the background, the application executes a shell script that installs multiple malicious components in a folder called “/Users/$USER/Library/.dropbox." The Dropbox name is used to make the malware harder to spot and has nothing to do with the legitimate Dropbox file synchronization software.To read this article in full or to leave a comment, please click here
Security researchers have found a new backdoor program that allows attackers to hijack Mac systems and control them over the Tor network.The new malware has been dubbed Backdoor.MAC.Eleanor by researchers from antivirus vendor Bitdefender and is distributed as a file converter application through reputable websites that offer Mac software.The rogue application is called EasyDoc Converter. Once installed it displays a fake interface where users can supposedly drag and drop files for conversion, but which in reality doesn't do anything.In the background, the application executes a shell script that installs multiple malicious components in a folder called “/Users/$USER/Library/.dropbox." The Dropbox name is used to make the malware harder to spot and has nothing to do with the legitimate Dropbox file synchronization software.To read this article in full or to leave a comment, please click here
A critical vulnerability that was recently found in the low-level firmware of Lenovo ThinkPad systems also reportedly exists in products from other vendors, including HP and Gigabyte Technology.An exploit for the vulnerability was published last week and can be used to execute rogue code in the CPU's privileged SMM (System Management Mode).This level of access can then be used to install a stealthy rootkit inside the computer's Unified Extensible Firmware Interface (UEFI) -- the modern BIOS -- or to disable Windows security features such as Secure Boot, Virtual Secure Mode and Credential Guard that depend on the firmware being locked down.To read this article in full or to leave a comment, please click here
A critical vulnerability that was recently found in the low-level firmware of Lenovo ThinkPad systems also reportedly exists in products from other vendors, including HP and Gigabyte Technology.An exploit for the vulnerability was published last week and can be used to execute rogue code in the CPU's privileged SMM (System Management Mode).This level of access can then be used to install a stealthy rootkit inside the computer's Unified Extensible Firmware Interface (UEFI) -- the modern BIOS -- or to disable Windows security features such as Secure Boot, Virtual Secure Mode and Credential Guard that depend on the firmware being locked down.To read this article in full or to leave a comment, please click here
Attackers can exploit vulnerabilities in Android devices with Qualcomm chipsets in order to extract the encrypted keys that protect users' data and run brute-force attacks against them.The attack was demonstrated last week by security researcher Gal Beniamini and uses two vulnerabilities patched this year in Qualcomm's implementation of the ARM CPU TrustZone.The ARM TrustZone is a hardware security module that runs its own kernel and Trusted Execution Environment independent of the main OS. On Qualcomm chips, the Trusted Execution Environment is called QSEE (Qualcomm Secure Execution Environment).The full-disk encryption feature on Android devices relies on a randomly generated key called the device encryption key (DEK). This key is itself encrypted with another key derived from the user's PIN, password or swipe pattern.To read this article in full or to leave a comment, please click here
Attackers can exploit vulnerabilities in Android devices with Qualcomm chipsets in order to extract the encrypted keys that protect users' data and run brute-force attacks against them.The attack was demonstrated last week by security researcher Gal Beniamini and uses two vulnerabilities patched this year in Qualcomm's implementation of the ARM CPU TrustZone.The ARM TrustZone is a hardware security module that runs its own kernel and Trusted Execution Environment independent of the main OS. On Qualcomm chips, the Trusted Execution Environment is called QSEE (Qualcomm Secure Execution Environment).The full-disk encryption feature on Android devices relies on a randomly generated key called the device encryption key (DEK). This key is itself encrypted with another key derived from the user's PIN, password or swipe pattern.To read this article in full or to leave a comment, please click here
Attackers are developing an aggressive new ransomware program for Windows machines that encrypts user files as well as the computer's master boot record (MBR), leaving devices unable to load the OS.The program is dubbed Satana -- meaning "Satan" in Italian and Romanian -- and, according to researchers from security firm Malwarebytes, it is functional but still under development.Satana is the second ransomware threat affecting the MBR and seems inspired by another program, Petya, that appeared in March.To read this article in full or to leave a comment, please click here
Attackers are developing an aggressive new ransomware program for Windows machines that encrypts user files as well as the computer's master boot record (MBR), leaving devices unable to load the OS.The program is dubbed Satana -- meaning "Satan" in Italian and Romanian -- and, according to researchers from security firm Malwarebytes, it is functional but still under development.Satana is the second ransomware threat affecting the MBR and seems inspired by another program, Petya, that appeared in March.To read this article in full or to leave a comment, please click here
Lucian Constantin