Archive for the ‘Security’ Category

Ubuntu: Guest session processes are not confined in 16.10

Processes launched under a lightdm guest session are not confined by the /usr/lib/lightdm/lightdm-guest-session AppArmor profile in Ubuntu 16.10, Ubuntu 17.04, and Ubuntu Artful (current dev release). The processes are unconfined. The simple test case is to log into a guest session, launch a terminal with ctrl-alt-t, and run the following command: $ cat /proc/self/attr/current Expected […]

Huge Trove of Confidential Medical Records Discovered on Unsecured Server Accessible to Anyone

At least tens of thousands, if not millions of medical records of New York patients were until recently readily accessible online to just about anyone who knew how to look. Patient demographic information, social security numbers, records of medical diagnoses and treatments, along with a plethora of other highly-sensitive records were left completely undefended by […]

‘Accidental Hero’ Finds Kill Switch To Stop Wana Decrypt0r Ransomware

“An ‘accidental hero’ has halted the global spread of the WannaCry ransomware that has wreaked havoc on organizations…” writes The Guardian. An anonymous reader quotes their report: A cybersecurity researcher tweeting as @malwaretechblog, with the help of Darien Huss from security firm Proofpoint, found and implemented a “kill switch” in the malicious software that was […]

Keylogger Found in Audio Driver of HP Laptops

The audio driver installed on some HP laptops includes a feature that could best be described as a keylogger, which records all the user’s keystrokes and saves the information to a local file, accessible to anyone or any third-party software or malware that knows where to look. Swiss cyber-security firm modzero discovered the keylogger on […]

Avast blocks the entire internet – again

“Non tech savvy users will have issues reporting or getting the problem fixed,” he explained. “To regain web access you have to disable Web Shield or disable Avast or uninstall Avast. To fix the issue you have to do a clean install of the latest version of software.” It’s unclear how widespread the problem is. […]

Macron defeats Russian hackers and puts leakers at a disadvantage

Emmanuel Macron’s digital team responded to cyberattacks with a “cyber-blurring” strategy that involved fake email accounts loaded with false documents. […] “We created false accounts, with false content, as traps. We did this massively, to create the obligation for them to verify, to determine whether it was a real account,” Mr. Mahjoubi said. “I don’t […]

Well this is awkward. As Microsoft was bragging about Office at Build, Office 365 went down

TITSUP: Total Inability To Stand Up Products Loads of people reported that, at around 1245 PT, access to the service went out. Microsoft confirmed shortly after it was having problems, and said it was looking into the matter. Subscribers in New York, Denver, Texas, and Portland, in the US, were, for example, unable to access […]

Debenhams Flowers shoppers stung by bank card-stealing tech pest

Malware has infected backend systems used by Brit high street chain Debenhams – and swiped 26,000 people’s personal information in the process. The cyber-break-in targeted the online portal for the retailer’s florist arm, Debenhams Flowers. Miscreants had access to the internal systems at Ecomnova, the biz that runs the Debenhams Flowers business, for more than […]

Intel chip remote auth fail worse than thought – authentication doesn’t work at all!

A remote hijacking flaw that lurked in Intel chips for seven years was more severe than many people imagined, because it allowed hackers to remotely gain administrative control over huge fleets of computers without entering a password. This is according to technical analyses published Friday… AMT makes it possible to log into a computer and […]

WikiLeaks Reveals CIA Man-in-the-Middle LAN Hacking Tool Archimedes

WikiLeaks isn’t done exposing the CIA’s arsenal of hacking tools used to infiltrate computer systems around the globe. Last month, we told you about Weeping Angel, which targeted select Samsung Smart TVs for surveillance purposes. Today, we’re learning about Archimedes, which attacks computers attached to a Local Area Network (LAN). Although we have no way […]

Leaked: The UK’s secret blueprint with telcos for mass spying on internet, phones – and backdoors

The UK government has secretly drawn up more details of its new bulk surveillance powers – awarding itself the ability to monitor Brits’ live communications, and insert encryption backdoors by the backdoor. In its draft technical capability notices paper [PDF], all communications companies – including phone networks and ISPs – will be obliged to provide […]

After years of warnings, mobile network hackers exploit SS7 flaws to drain bank accounts via MitM attacks

Experts have been warning for years about security blunders in the Signaling System 7 protocol – the magic glue used by cellphone networks to communicate with each other. These shortcomings can be potentially abused to, for example, redirect people’s calls and text messages to miscreants’ devices. Now we’ve seen the first case of crooks exploiting […]

FuturePets.com database of thousands of credit cards was left exposed for months

A US online pet store has exposed the details of more than 110,400 credit cards used to make purchases through its website, researchers have found. In a stunning show of poor security, the Austin, Texas-based company FuturePets.com exposed its entire customer database, including names, postal and email addresses, phone numbers, credit card information, and plain-text […]

Yes, your whatsapp messages can be read by the London police

Bruce66423 brings word that a terrorist’s WhatsApp message has been decrypted “using techniques that ‘cannot be disclosed for security reasons’, though ‘sources said they now have the technical expertise to repeat the process in future.’” The Economic Times reports: U.K. security services have managed to decode the last message sent out by Khalid Masood before […]

Russian-controlled telecom hijacks financial services’ Internet traffic

On Wednesday, large chunks of network traffic belonging to MasterCard, Visa, and more than two dozen other financial services companies were briefly routed through a Russian government-controlled telecom under unexplained circumstances that renew lingering questions about the trust and reliability of some of the most sensitive Internet communications. Anomalies in the border gateway protocol—which routes […]

Jenkins admin? Get buzzy patching, says Cloudbees

The bug, CVE-2017-1000353, exists in how Jenkins implements HTTP upload/download requests. The bug lets an attacker exploit a serialised object in the preamble of commands sent to the CLI. As described by Securiteam, “since Jenkins does not validate the serialised object, any serialise[d] object can be sent.” The attacker can use the channel to send […]

Remote security exploit in all 2008+ Intel platforms – SemiAccurate

The short version is that every Intel platform with AMT, ISM, and SBT from Nehalem in 2008 to Kaby Lake in 2017 has a remotely exploitable security hole in the ME (Management Engine) not CPU firmware. If this isn’t scary enough news, even if your machine doesn’t have SMT, ISM, or SBT provisioned, it is […]

Netgear says sorry four weeks after losing customer backups on cloud and locally(!!!!) – yes the cloud can hurt you!

Neatgear has cocked up its cloud management service, losing data stored locally on ReadyNAS devices’ shared folders worldwide – and customers have complained to The Register about only being informed four weeks later. This week, the San Jose-based networking business sent an email to customers, seen by The Register, confirming that an “outage” affecting ReadyCLOUD, […]

Shadow Brokers release 4 year old NSA hacks for Win2k to Windows 8

The Shadow Brokers have leaked more hacking tools stolen from the NSA’s Equation Group – this time four-year-old exploits that attempt to hijack venerable Windows systems, from Windows 2000 up to Server 2012 and Windows 7 and 8. The toolkit puts into anyone’s hands – from moronic script kiddies to hardened crims – highly classified […]

Smartphone gyros and open background tabs reveal your inputs, even when locked

Cyber experts at Newcastle University, UK, have revealed the ease with which malicious websites, as well as installed apps, can spy on us using just the information from the motion sensors in our mobile phones. Analysing the movement of the device as we type in information, they have shown it is possible to crack four-digit […]

one security researcher, 40 holes in Samsungs’ Tizen

A security researcher has found 40 unknown zero-day vulnerabilities in Tizen, the operating system that runs on millions of Samsung products. Source: Samsung’s Android Replacement Is a Hacker’s Dream – Motherboard

Cisco Aironet 1830 Series and 1850 Series Access Points Mobility Express with hardcoded passwords

The vulnerability is due to the existence of default credentials for an affected device that is running Cisco Mobility Express Software, regardless of whether the device is configured as a master, subordinate, or standalone access point. An attacker who has layer 3 connectivity to an affected device could use Secure Shell (SSH) to log in […]

Miele Professional PG 8528 dishwasher insecure – Web Server Directory Traversal

Details: ======== The corresponding embeded webserver “PST10 WebServer” typically listens to port 80 and is prone to a directory traversal attack, therefore an unauthenticated attacker may be able to exploit this issue to access sensitive information to aide in subsequent attacks. Proof of Concept: ================= ~$ telnet 192.168.0.1 80 Trying 192.168.0.1… Connected to 192.168.0.1. Escape […]

UK flight ban on electronic devices announced – copying Trumpist insanity

The UK government has announced a cabin baggage ban on laptops and tablets on direct flights to the UK from Turkey, Lebanon, Jordan, Egypt, Tunisia and Saudi Arabia. The ban follows a similar move in the US, where officials say bombs could be hidden in a series of devices. Downing Street said it was “necessary, […]

Burglars can easily make Google Nest security cameras stop recording

The first two flaws can be triggered and lead to a buffer overflow condition if the attacker sends to the camera a too-long Wi-Fi SSID parameter or a long encrypted password parameter, respectively. That’s easy to do as Bluetooth is never disabled after the initial setup of the cameras, and attackers (e.g. burglars) can usually […]

 
Skip to toolbar