95352513
submission
Orome1 writes:
Software developers love to reuse code wherever possible, and hackers are no exception. While we often think of different malware strains as separate entities, the reality is that most new malware recycles large chunks of source code from existing malware with some changes and additions (possibly taken from other publically released vulnerabilities and tools). This approach makes sense. Why reinvent the wheel when another author already created a working solution? While code reuse in malware can make signature-based detection methods more effective in certain cases, more often than not it frees up time for attackers to do additional work on detection avoidance and attack efficacy – which can create a more dangerous final product.
94750913
submission
Orome1 writes:
IOActive security consultant Mario Ballano has discovered two critical cybersecurity vulnerabilities affecting Stratos Global’s AmosConnect communication shipboard platform. The platform works in conjunction with the ships' satellite equipment, and integrates vessel and shore-based office applications, as well as provides services like Internet access for the crew, email, IM, position reporting, etc. The vulnerabilities were found in AmosConnect 8.4.0, and Stratos Global was notified a year ago. But Inmarsat won't fix them, and has discontinued the 8.0 version of the platform in June 2017.
94197765
submission
Orome1 writes:
For programmers and software developers, the Internet forums provide a great place to exchange knowledge and seek answers to concrete coding conundrums. Alas, they are not always the source of accurate information. A group of Virginia Tech researchers has analyzed hundreds of posts on Stack Overflow, a popular developer forum/Q&A site, and found that many of the developers who offer answers do not appear to understand the security implications of coding options, showing a lack of cybersecurity training. Another thing they discovered is that, sometimes, the most upvoted posts/answers contain insecure suggestions that introduce security vulnerabilities in software, while correct fixes are less popular and visible simply because they have been offered by users with a lower reputation score.
93654651
submission
Orome1 writes:
Today, the Department of Energy (DOE) is announcing awards of up to $50 million to DOE’s National Laboratories to support early stage research and development of next-generation tools and technologies to further improve the resilience of the Nation’s critical energy infrastructure, including the electric grid and oil and natural gas infrastructure. The electricity system must continue to evolve to address a variety of challenges and opportunities such as severe weather and the cyber threat, a changing mix of types of electric generation, the ability for consumers to participate in electricity markets, the growth of the Internet of Things, and the aging of the electricity infrastructure.Link to Original Source
93210481
submission
Orome1 writes:
Security researchers have identified over 500 apps on Google Play containing an advertising software development kit (SDK) called Igexin, which allowed covert download of spying plugins. The apps in question represent a wide selection of photo editors, Internet radio and travel apps, educational, health and fitness apps, weather apps, and so on, and were downloaded over 100 million times across the Android ecosystem. Lookout researchers did not name the apps that were found using the malicious SDK, but notified Google of the problem. The latter then proceeded to clean up house.Link to Original Source
92942319
submission
Orome1 writes:
Nothing should be more important for these sites and apps than the security of the users who keep them in business. Unfortunately, Dashlane found that that 46% of consumer sites, including Dropbox, Netflix, and Pandora, and 36% of enterprise sites, including DocuSign and Amazon Web Services, failed to implement the most basic password security requirements. Most troubling? Researchers created passwords using nothing but the lowercase letter “a” on Amazon, Google, Instagram, LinkedIn, Venmo, and Dropbox, among others.
92761183
submission
Orome1 writes:
New research released by MWR InfoSecurity reveals how attackers can compromise the Amazon Echo and turn it into a covert listening device, without affecting its overall functionality. Found to be susceptible to a physical attack, which allows an attacker to gain a root shell on the Linux Operating Systems and install malware, the Amazon Echo would enable hackers to covertly monitor and listen in on users and steal private data without their permission or knowledge.
92361949
submission
Orome1 writes:
After the recent massive WannaCry ransomware campaign, Elad Erez, Director of Innovation at Imperva, was shocked at the number of systems that still sported the Microsoft Windows SMB Server vulnerabilities that made the attack possible. So, he decided to do something about it: he created Eternal Blues, an easy-to-use vulnerability scanner that he made available for download for free. The statistics collected by the tool, as well as the total number of downloads, show that after the NotPetya attack, people’s awareness of the threat did increase. Eternal Blues was used for over 23,000 scans. Over 8 million IP addresses were scanned, and a total of 60,000 vulnerable hosts were identified (out of ~537,000 that were responsive). Of the ~537,000 responsive hosts, some 258,000 still had SMBv1 enabled.
91977775
submission
Orome1 writes:
The Password Reset Man in the Middle attack exploits the similarity of the registration and password reset processes. To launch such an attack, the attacker only needs to control a website. To entice victims to make an account on the malicious website, the attacker can offer free access to a wanted resource. Once the user initiates the account registration process by entering their email address, the attacker can use that information to initiate a password reset process on another website that uses that piece of information as the username (e.g. Google, YouTube, Amazon, Twitter, LinkedIn, PayPal, and so on). Every request for input from that site is forwarded to the potential victim, and then his or her answers forwarded back to that particular site.
91888635
submission
Orome1 writes:
In a new study, researchers from the Max Planck Institute in Erlangen, demonstrate ground-based measurements of quantum states sent by a laser aboard a satellite 38,000 kilometers above Earth. This is the first time that quantum states have been measured so carefully from so far away. A satellite-based quantum-based encryption network would provide an extremely secure way to encrypt data sent over long distances. Developing such a system in just five years is an extremely fast timeline since most satellites require around 10 years of development.
91250991
submission
Orome1 writes:
Even though many IoT devices for smart homes encrypt their traffic, a passive network observer – e.g. an ISP, or a neighborhood WiFi eavesdropper – can infer consumer behavior and sensitive details about users from IoT device-associated traffic rate metadata. A group of researchers from the Computer Science Department of Princeton University have proven this fact by setting up smart home laboratory with a passive network tap, and examining the traffic rates of four IoT smart home devices: a Sense sleep monitor, a Nest Cam Indoor security camera, a WeMo smart outlet, and an Amazon Echo smart speaker. Once an adversary identifies packet streams for a particular device, one or more of the streams are likely to encode device state. Simply plotting send/receive rates of the streams (bytes per second) revealed potentially private user interactions for each device we tested.
91095225
submission
Orome1 writes:
A default setting in Google Chrome, which allows it to download files that it deems safe without prompting the user for a download location, can be exploited by attackers to mount a Windows credential theft attack using specially crafted SCF shortcut files, DefenseCode researchers have found. What’s more, for the attack to work, the victim does not even have to run the automatically downloaded file. Simply opening the download directory in Windows File Explorer will trigger the code icon file location inserted in the file to run, and it will send the victim’s username, domain and NTLMv2 password hash to a remote SMB server operated by the attackers.
90957267
submission
Orome1 writes:
In the last five months, Google’s OSS-Fuzz program has unearthed over 1,000 bugs in 47 open source software projects, and it’s ready to integrate even more of them. So far, OSS-Fuzz has found a total of 264 potential security vulnerabilities: 7 in Wireshark, 33 in LibreOffice, 8 in SQLite 3, 17 in FFmpeg – and the list goes on. Google wants even more open source projects to reap the benefit of fuzzing, and has put out a call for more projects to participate in the program.
90392815
submission
Orome1 writes:
Back in January 2013, researchers from application security services firm DefenseCode unearthed a remote root access vulnerability in the default installation of some Cisco Linksys (now Belkin) routers. The flaw was actually found in Broadcom’s UPnP implementation used in popular routers, and ultimately the researchers extended the list of vulnerable routers to encompass devices manufactured by the likes of ASUS, D-Link, Zyxel, US Robotics, TP-Link, Netgear, and others. Since there were millions of vulnerable devices out there, the researchers refrained from publishing the exploit they created for the flaw, but now, four years later, they’ve released their full research again, and this time they’ve also revealed the exploit.Link to Original Source
89942623
submission
Orome1 writes:
Google Nest’s Dropcam, Dropcam Pro, Nest Cam Outdoor and Nest Cam Indoor security cameras can be easily disabled by an attacker that’s in their Bluetooth range. The vulnerabilities are present in the latest firmware version running on the devices (v5.2.1). They were discovered by researcher Jason Doyle last fall, and their existence responsibly disclosed to Google, but have still not been patched.Link to Original Source
