Nastiest Malware 2023
News, Announcements, Tech Discussions
[b]By [url=https://www.securityweek.com/authors/eduard-kovacs]Eduard Kovacs[/url] on November 09, 2018[/b] [b]VMware informed customers on Friday that patches are available for a critical virtual machine (VM) escape vulnerability disclosed recently by a researcher at the GeekPwn2018 hacking competition.[/b] Organized by the security team of Chinese company Keen Cloud Tech, GeekPwn is a hacking competition that in the past years has led to the discovery of many important vulnerabilities. The competition has been held in China since 2014, but starting with 2017 there has also been an event in the United States. [url=https://twitter.com/geekpwn?lang=en]GeekPwn2018[/url] took place in Shanghai, China, on October 24-25, and its initial prize pool was $800,000. [url=https://www.securityweek.com/vmware-patches-vm-escape-flaw-disclosed-chinese-hacking-contest]Full Article.[/url]
[b]November 14th, 2018, By Mark Wycislik-Wilson[/b] [img]https://betanews.com/wp-content/uploads/2018/11/spectre-meltdown-grabbing-hands.jpg[/img] One of the biggest security stories of 2018 has been the discovery of the Meltdown and Spectre chip flaws. Known as speculative execution exploits, the flaws make it possible to steal potentially sensitive information and there has been an on-going battle to issue patches wherever possible. Just as things were starting to die down a little, security researchers have revealed details of no fewer than seven more speculative execution attacks. While some of these attack vectors have already been mitigated against, this is not the case for all of them. The fallout from the original Spectre and Meltdown discoveries has been massively impactful and terribly long-winded. Software-makers have struggled to issue patches to mitigate against the problems without affecting system performance too much, so the prospect of y
[h2][b]And Apple fixes Watch-killing security patch of its own[/b][/h2] [b]By [url=https://www.theregister.co.uk/Author/Shaun-Nichols]Shaun Nichols[/url] 6 Nov 2018[/b] [img]https://regmedia.co.uk/2018/11/05/shutterstock_android_on_notebook.jpg?x=442&y=293&crop=1[/img] Google today pushed out the November edition of its monthly Android security updates, giving carriers and device makers a fresh set of patches to install. Fingers cross the patches are rolled out to you ASAP. The [url=https://source.android.com/security/bulletin/2018-11-01.html]November bulletin[/url] contains fixes for three remote code execution flaws as well as a number of information disclosure and elevation of privilege vulnerabilities in various core components of Android. The three RCEs, two rated "critical" risks (CVE-2018-9527, CVE-2018-9531) and one rated "high" (CVE-2018-9521), were all found within the Android media framework. If exploited by, say, a booby-t
[b]November 6th, 2018 , By Ionut Ilascu[/b] [img]https://www.bleepstatic.com/content/posts/2018/11/05/U-boot_boot-up_headpic.png[/img] Memory handling issues in U-Boot open-source bootloader for embedded devices make possible multiple exploitation techniques that lead to arbitrary code execution. U-Boot, short for the [url=https://www.denx.de/wiki/U-Boot/WebHome]Universal Boot Loader[/url], is a first-stage and second-stage bootloader. It is responsible for the initial hardware configuration and loading the operating system (OS) kernel. It has support for a variety of architectures, including ARM, MIPS, and PowerPC. Among the types of devices it can initiate are Chromebooks, routers, and Amazon Kindle. To ensure that authentic code is running on the system, U-Boot features 'Verified Boot' - its own version of [url=https://docs.microsoft.com/en-us/windows-hardware/design/device-experiences/oem-secure-boot]Secure Boot[/url] - which verifies th
[h2][b]Largely pointless, since they're never going to stand trial[/b][/h2] [b]By [url=https://www.theregister.co.uk/Author/Richard-Chirgwin]Richard Chirgwin[/url] 5 Oct 2018[/b] [img]https://regmedia.co.uk/2018/10/04/detail_fron_fbi_wanted_poster.jpg?x=442&y=293&crop=1[/img][i]Detail from the FBI's "Wanted" poster[/i] In what's turning into International Cyber-Attribution Week, a US federal grand jury has indicted seven alleged Russian military intelligence officers – and accused them of hacking anti-doping watchdogs, sports officials, and others. Four of the men are said to be part of a hacking operation, run by Kremlin spy agency GRU, that [url=https://www.theregister.co.uk/2018/10/04/gru_opcw_hack_bust/]fell foul[/url] of Dutch intelligence. The Feds today [url=https://www.fbi.gov/wanted/cyber/gru-hacking-to-undermine-anti-doping-efforts]named the seven[/url] as Dmitriy Sergeyevich Badin, Artem Andreyevich Malyshev, Alexey Valerevich Minin,
[b]22nd October 2018, By Steve McGregory[/b] The advent of 5G presents an opportunity for us to think the exploding number of IoT devices and how we securely connect to the digital world. There is a lot of buzz building over fifth-generation mobile networks (5G) and how they will revolutionize the fast-growing numbers of internet-connected devices — but what about security? What makes 5G so closely tied to billions of Internet of Things (IoT) devices is its speed (5G is expected to be 10 times faster than 4G LTE), low latency, and the fact that it is expected to use Low Power Wide Area (LPWA) technology to connect large numbers of far-flung, low-power IoT devices for industrial applications. It should be noted that the revolution of 5G and IoT is still years away (by 2022, only about 15 percent of the world’s population will have access to 5G networks, according the Ericcson). But that doesn’t mean we shouldn’t start planning today for a 5G/IoT future of tom
[b][url=https://www.helpnetsecurity.com/author/helpnet/]Help Net Security [/url]October 26, 2018[/b] As cybercriminals and nation-states continue to improve the sophistication of attacks that bypass traditional preventive defenses, organizations must evolve their security defenses to reduce dwell time. Fidelis Cybersecurity asked cybersecurity leaders, security architects and security analysts about the evolution of their cyber defense strategies, including post-breach detection and response, as well as [url=https://www.helpnetsecurity.com/tag/threat-hunting/]threat hunting[/url]. [img]https://www.helpnetsecurity.com/images/posts2018/fidelis-102018-1.jpg[/img] Fidelis interviewed over 580 security professionals from around the globe to understand how they are shifting their [url=https://www.helpnetsecurity.com/2018/10/01/proactive-approach-to-cybersecurity/]security strategies[/url]. In the Fidelis 2018 State of Threat Detection Report, 63 percent of all respondent
[b]If true, could convince users not to update printer software[/b] [b]Oct 11, 2018 15:44 GMT · By [url=https://news.softpedia.com/editors/browse/sergiu-gatlan]Sergiu Gatlan[/url][/b] [b]The Electronic Frontier Foundation (EFF) sent a letter to the Texas Attorney General's office regarding possible firmware updates released by Epson for their printers which disabled support for third-party inks.[/b] Moreover, the EFF found out about Epson's problematic firmware upgrade from a Texas supporter and [url=https://www.eff.org/deeplinks/2018/10/eff-texas-ag-epson-tricked-its-customers-dangerous-fake-update]sent a letter[/url] to the Texas Attorney General's office asking the consumer protection division to take a closer look into the reported third-party ink disabling incident. Although Epson's firmware updates reportedly did nothing else besides restricting a printer's functionality, this can lead to serious cybersecurity issues if true because
[h2][b]RCE, information disclosure, and DoS issues fixed by TP-Link[/b][/h2] [b]November 19th, 2018, By Sergiu Gatlan[/b] [b]TP-Link TL-R600VPN routers with HWv3 FRNv1.3.0 and HWv2 FRNv1.2.3 were found to contain multiple remotely exploitable remote code execution (RCE), denial-of-service (DoS), and information disclosure security issues as [url=https://blog.talosintelligence.com/2018/11/tplinkr600.html]disclosed by Cisco Talos' Jared Rittle[/url].[/b] Luckily, the remote code execution vulnerabilities discovered in the [url=https://www.tp-link.com/us/products/details/cat-4909_TL-R600VPN.html]TP-Link TL-R600VPN[/url] 'SafeStream Gigabit Broadband VPN Router' require the remote attackers to be authenticated which decreases the seriousness of these security issues. [url=https://news.softpedia.com/news/multiple-remote-tp-link-tl-r600vpn-router-vulnerabilities-patched-523857.shtml]Full Article.[/url]
[b]By [url=https://www.securityweek.com/authors/ionut-arghire]Ionut Arghire[/url] on November 19, 2018[/b] [b]Vulnerabilities recently addressed by [/b][b]WiFi device maker TP-Link [/b][b]in its TL-R600VPN small and home office (SOHO) router could allow remote code execution, Cisco Talos security researchers warn.[/b] The issues were mainly caused by lack of input sanitization and parsing errors. Lack of proper input sanitization can be exploited without authentication to cause denial of service and leak server information. Parsing errors require an authenticated session for exploitation, but can lead to remote code execution under the context of HTTPD. While the attacker needs to be authenticated to exploit the flaw, because the HTTPD process runs as root, the code would be executed with elevated privileges. [url=https://www.securityweek.com/tp-link-patches-remote-code-execution-flaws-soho-router]Full Article.[/url]
[b]November 12th, 2018, By Byron V. Acohido[/b] [b][img]https://media.threatpost.com/wp-content/uploads/sites/103/2018/11/12101606/Facial-Recognition.jpg[/img][/b] Tech advances are accelerating the use of facial recognition as a reliable and ubiquitous mass surveillance tool, privacy advocates warn. Somewhat quietly over the past couple of years there has been a flurry of breakthroughs in biometric technology, led by some leapfrog advances in facial recognition systems. Now facial recognition appears to be on the verge of blossoming commercially, with security use-cases paving the way. Last week, SureID, a fingerprint services vendor based in Portland, Ore., announced a partnership with Robbie.AI, a Boston-based developer of a facial recognition system designed to be widely deployed on low-end cameras. The partners aim to combine fingerprint and facial data to more effectively authenticate employees in workplace settings. And their grand
[b]27th November 2018, By Zack Whittaker[/b] Urban Massage, a popular massage startup that bills itself as providing “wellness that comes to you,” has leaked its entire customer database. The London, U.K.-based startup — now known as [url=https://techcrunch.com/2018/11/15/urban/]just Urban[/url] — left its Google-hosted ElasticSearch database online without a password, allowing anyone to read hundreds of thousands of customer and staff records. Anyone who knew where to look could access, edit or delete the database. Security researcher [url=https://twitter.com/olihough86]Oliver Hough[/url] found the database through Shodan, a search engine for exposed devices and databases, and told TechCrunch of the exposure. [url=https://techcrunch.com/2018/11/27/urban-massage-data-exposed-customers-creepy-clients/?guccounter=1]Full Article.[/url]
[h2][b]Let's lift our eyes from the balance sheet and take a look around...[/b][/h2] [b]By [url=https://www.theregister.co.uk/Author/Mark-Pesce]Mark Pesce[/url] 13 Nov 2018 [/b] [img]https://regmedia.co.uk/2016/03/08/usb.jpg?x=442&y=293&crop=1[/img] Arriving at a recent conference organised by one of the government's many regulatory bodies, I received my obligatory lanyard – and something else, credit-card-shaped, emblazoned with the branding for event. "What's this?" I asked. "Oh, that's a USB key." I presume the conference organisers mistook my wild-eyed stare of disbelief as one of benevolent gratitude and admiration for their consideration of my storage needs. Who could have thought this.gift a good idea? Someone who had never heard of [url=https://www.theregister.co.uk/2010/10/09/stuxnet_enisa_response/]Stuxnet[/url], or of any of the now-too-numerous-to-count stories of USB keys being used to infiltrate organisations, exfiltra
[b][url=https://www.helpnetsecurity.com/author/helpnet/]Help Net Security [/url]November 16, 2018[/b] WatchGuard Technologies’ information security predictions for 2019 include the emergence of vaporworms, a new breed of fileless malware with wormlike properties to self-propagate through vulnerable systems, along with a takedown of the internet itself and ransomware targeting utilities and industrial control systems. [img]https://www.helpnetsecurity.com/images/posts2018/bomb2.jpg[/img] “Cyber criminals are continuing to reshape the threat landscape as they update their tactics and escalate their attacks against businesses, governments and even the infrastructure of the internet itself,” said [url=https://www.helpnetsecurity.com/tag/corey_nachreiner/]Corey Nachreiner[/url], CTO at WatchGuard Technologies. “The Threat Lab’s 2019 predictions span from highly likely to audacious, but consistent across all eight is that there’s hope for preventing them. Organisations of
