Articles about Exploits

Image by gyn9037 http://www.shutterstock.com/gallery-691846p1.html

Odds are your office is ill-prepared for network-ransacking ransomware

Organizations are unprepared for future strains of more sophisticated ransomware, a report by Cisco warns. The networking giant's 2016 Midyear Cybersecurity Report concludes that the next wave of ransomware is expected to be more pervasive and resilient. While current strains typically infect a single computer, future …
John Leyden, 26 Jul 2016
Gil C http://www.shutterstock.com/gallery-762415p1.html

PHP flaws allowed God mode access to top smut site

A trio of hackers have gained remote code execution powers on servers used by adult entertainment outlet Pornhub, using a complex hack that revealed twin zero-day flaws in PHP. Google sofware intern and security boffin Ruslan Habalov (@evonide) detailed the Return Orientated Programming hack in detailed debriefing explaining …
Darren Pauli, 24 Jul 2016
Rotten apple. Pic: Shutterstock (http://www.shutterstock.com/pic-29447929/stock-photo-a-rotten-apple-on-a-white-background.html)

Wavering about Apple's latest security fix? Don't, says Talos

Here's another reason to press “install” on Apple's latest OS X and iOS security patches: a slew of image-handling vulnerabilities. Now that Apple's released the patched versions, Cisco's Talos researchers have gone public with the details of their contribution to the fixes. The most serious of the bugs is in TIFF image …

Flaws found in security products from AVG, Symantec and McAfee

Updated Hundreds of security products may not be up to the job, researchers say, thanks to flawed uses of code hooking. The research is the handiwork of EnSilo duo Udi Yavo and Tommer Bitton, who disclosed the bugs in anti-virus and Windows security tools ahead of their presentation at the Black Hat Las Vegas conference next month. …
Darren Pauli, 20 Jul 2016
Data breach

World-Check terror suspect DB hits the web at just US$6750

The World-Check database that lists "heightened risk individuals and organizations" is reportedly up for sale on the dark web. The database is a commercial product offered by Thomson Reuters, which bills it as a useful tool for those fighting money laundering, "organized crime, sanctions, Countering the Financing of Terrorism …
Darren Pauli, 19 Jul 2016

15-year-old security hole HTTPoxy returns to menace websites – it has a name, logo too

A dangerous easy-to-exploit vulnerability discovered 15 years ago has reared its head again, leaving server-side website software potentially open to hijackers. The Apache Software Foundation, Red Hat, Ngnix and others have rushed to warn programmers of the so-called httpoxy flaw, specifically: CVE-2016-5385 in PHP; CVE-2016- …
Darren Pauli, 18 Jul 2016
Mr Robot: Credit USA Network

World's worst exploit kit weaponises white hats' proof of concept code

The new wearer of the crown for World's Worst Exploit Kit is compromising users with exploit code for a dangerous new attack published by a white hat researcher. Neutrino is the new king of for-profit p0wnage packages, a market in which criminals create tools to compromise scores of users through the latest vulnerabilities. …
Darren Pauli, 18 Jul 2016
Twiki

White hat hacker AI bots prepare for DARPA's DEF CON cyber brawl

The research wing of the US military has picked the seven teams who will compete to build machine-learning software that can find and patch bugs automatically to fend off hackers. The DARPA Cyber Grand Challenge will be held at the DEF CON hacking conference next month. The agency has put up $2m in prize money in the unlikely …
Iain Thomson, 13 Jul 2016
Cthulu emerges from a printer. Image created by illustrator Andy Davies. Copyright: The Register

Webpages, Word files, print servers menacing Windows PCs – yup, it's Patch Tuesday

Microsoft will fix critical holes in Internet Explorer, Edge, Office and Windows with this month's Patch Tuesday security bundle. Meanwhile, Adobe has patched dozens of exploitable vulnerabilities in its Flash player. Redmond's July release includes 11 sets of patches, six rated as "critical" and five classified as "important …
Shaun Nichols, 12 Jul 2016
Wordpress logo

Nasty session stealing hole filled in WordPress All in One SEO plugin

The developers have patched a hole in the popular All in One search engine optimisation WordPress plugin, a tool that's been downloaded by some 30 million users and is used on a million sites. Flaws exist in the Bot Blocker component which can be exploited to steal administrator tokens and conduct actions through cross-site …
Darren Pauli, 12 Jul 2016
Image: Marvel

Aussie researcher claims 'Antminer' bitcoin boxen can be broken

Australian security researcher Tim Noise says scores of popular Antminer Bitcoin mining devices could be commandeered. Noise demonstrated how a vulnerability in the configuration of the open source mining program CGminer running on an Antminer box can be abused to redirect the efforts of massive mining operations to fill an …
Darren Pauli, 12 Jul 2016

Google slammed over its 'free' school service

Two Swedish researchers have torn into Google's free school service, accusing the online giant of purposefully misleading users in order to continue profiting from the sale of children's data. Maria Lindh and Jan Nolin from the University of Borås have published a research paper [note: paid access] that digs into the policies …
Kieren McCarthy, 11 Jul 2016

EU cybersecurity directive will reach Britain, come what May

The passage of the EU Directive on the Security of Network and Information Systems (NIS) will have a profound effect on corporate security across Europe and even in Britain, despite the Brexit vote. The NIS Directive applies to organisations that provide elements of a country’s critical national infrastructure – i.e. operators …
John Leyden, 11 Jul 2016
The finished sandwich

Cycling paramedics in epic rush to save patient who ate stale sandwich

Cancel Independence 3 and put Episode VIII on hold. Hollywood need look no further than the London Ambulance Service’s Cycle Response Team for next year’s summer blockbuster, after its Twitter feed revealed the gritty reality of saving East London while balanced on two wheels. The bike-based team revealed yesterday that its …
Joe Fay, 11 Jul 2016

414,949 D-Link cameras, IoT devices can be hijacked over the net

Shodan has turned up half a million D-Link devices exposed to the internet, and subject to easy hijacking using zero-day vulnerabilities. The stack overflow vulnerabilities affect more than 120 D-Link products, from Wi-Fi cameras to routers and modems, and allow remote attackers to completely hijack the administer account of …
Darren Pauli, 08 Jul 2016

Word hole patched in 2012 is 'unchallenged' king of Office exploits

Possibly the most exploited unchallenged Microsoft Office vulnerability of the last decade was found and patched in 2012. Sophos threat researcher Graham Chantry says the longevity of the dusty bug affecting Office 2003, 2007, and 2010, is thanks to its constant adaptation by exploit kit authors, and a pervasive unwillingness …
Darren Pauli, 05 Jul 2016
Image: Serazetdinov http://www.shutterstock.com/fr/pic-114819721/stock-vector-illustration-of-a-strong-blast-of-brain.html

Zero-interaction remote wormable hijack hole blasts Symantec kit

Scores (or thousands, or millions) of enterprise and home Symantec users are open to remote compromise through multiple now-patched (where possible) wormable remote code execution holes described by Google as 'as bad as it gets'. The flaws are "100 percent" reliable against Symantec's Norton Antivirus and Endpoint according to …
Darren Pauli, 29 Jun 2016

US hospitals hacked with ancient exploits

Attackers have popped three prominent US hospitals, using deliberately ancient malware so old that it slips under the radar of modern security controls to compromise Windows XP boxes and gain network beacheads. The attacks were foiled using deceptive honeypot-style frameworks, according to California-based TrapX. Hospitals …
Darren Pauli, 28 Jun 2016

Medicos could be world's best security bypassers, study finds

Medicos are so adept at mitigating security controls that their bypassing exploits have become official policy, a university-backed study has revealed. The work finds that nurses, doctors, and other medical workers will so often bypass information security controls in a bid to administer rapid health care that the shortcuts …
Darren Pauli, 27 Jun 2016
MagMac83 http://www.shutterstock.com/gallery-2897194p1.html

Swagger staggered as hacker drops dapper code execution cracker

An unpatched remote code execution hole has been publicly disclosed in the popular Swagger API framework, putting users at risk. The client and server hole (CVE-2016-5641) exists in code generators within the REST programming tool, also know as the OpenAPI Specification. A module for the popular Metasploit hacking suite has …
Darren Pauli, 24 Jun 2016

Objective-C can fly the COOP, says subversive at Microsoft Research

Objective-C programmers should use message authentication codes to protect sensitive objects and data structures, according to research presented to this week's Usenix Annual Technical Conference (ATC). A Microsoft Research staffer, and software researchers from UC Irving in America and folks in Germany focused on a technique …
Onions

Tor onion hardening will be tear-inducing for feds

The University of California wants to defeat deanonymisation with a hardened version of the Tor browser. The uni boffins are with the Tor Project testing an address space layout randomisation (ASLR) -esque technique dubbed Selfrando. It is hoped the technique described in the paper Selfrando: Securing the Tor Browser against …
Darren Pauli, 23 Jun 2016

Google to shower 50%+ more gold on code-bearing bug hunters

Google will pay out potentially 50 per cent or more cash to bug hunters who couple software vulnerability reports with proof-of-concept exploit code or patches. Example exploits alone will bump critical bug payments by 33 per cent from US$3,000 (£2,101, A$4,060) to US$4,000 (£2,802, A$5,413). A "high quality" bug report with …
Darren Pauli, 17 Jun 2016

East Euro crims pwning 'high profile' victims with Flash zero day

An eastern European group has for more than three months been using an unpatched Flash zero day vulnerability to target 'high profile' victims, Kaspersky Labs researcher Costin Raiu says. The attacks are linked to a group dubbed ScarCruft which under the Operation Daybreak has used the vulnerability since March. A patch for …
Darren Pauli, 15 Jun 2016

RIP ROP: Intel's cunning plot to kill stack-hopping exploits at CPU level

Intel is pushing a neat technique that could block malware infections on computers at the processor level. That's the 40,000ft view of the new safety mechanism, the details of which were published on Thursday. What's really going on is this: Intel's so-called Control-flow Enforcement Technology (CET) [PDF] attempts to thwart …
Chris Williams, 10 Jun 2016

Juniper: Yes, IPv6 ping-of-death hits Junos OS, too

That IPv6 neighbour packet discovery bug Cisco warned about last week? Juniper has just followed Switchzilla by warning it has the same problem. When Cisco announced the vuln, it said other IPv6 implementations would also be at risk. The Gin Palace agrees: CVE-2016-1409 is an issue for anybody running Junos OS. The advisory …

Ransomware dodges EMET

Infosec biz FireEye has blogged in detail about how new versions of the Angler Exploit Kit – used by malicious webpages to inject ransomware and other software nasties into people's PCs – sidestep Microsoft's EMET protections. Included with Windows, EMET has a whole bundle of features designed to thwart attempts by hackers to …
Chris Williams, 07 Jun 2016
Crypto fingers

DNS security can be improved with cookies, suggest IETF boffins

A proposal raised late May at the Internet Engineering Task Force (IETF) suggests adding cookies to the DNS to help defend the critical system against denial-of-service exploits. The domain name system (DNS) is an old and fundamental piece of the Internet architecture, providing translation between human-readable addresses …
Image composite: Microsoft and StudioLondon http://www.shutterstock.com/gallery-893620p1.html

Windows 10 zero day selling for $90,000

A Windows zero day vulnerability granting hackers deeper access to compromised machines is being sold for US$90,000 (£62,167, A$124,348). The local privilege escalation vulnerability is being sold on crime forum exploit.in and promises to help attackers who already have access to hacked machines. Seller BuggiCorp claims in a …
Darren Pauli, 01 Jun 2016

KNOX knocked three times by Israeli infosec boffins

A pair of Israeli researchers has detailed their discovery of three Android / KNOX vulnerabilities in older Samsung phones, and it makes for depressing reading. In this paper at Arxiv, Tel Aviv University's Uri Kanonov and Avishai Wool dissect KNOX for your enjoyment. In particular, they write that in sharing KNOX services …

Dedupe, dedupe, dedupe dedupe dedupe... Who snuck in to attack Microsoft Edge?

Security researchers have discovered a means to use previously unknown vulnerabilities found in in-memory deduplication to attack otherwise well-defended systems. The well-known standard compression technique, which is ubiquitous as a way of reducing the memory footprint across virtual machines, is also a by-default feature …
John Leyden, 27 May 2016
Screenshot from the movie Airplane!

In-flight movies via BYOD? Just what I always wan... argh no we’re all going to die!

Something for the Weekend, Sir? It’s sunny outside, which can mean only one thing: I am about to go on holiday to a place where it will be pissing down with rain and sleet for the next fortnight. My globetrotting exploits have been limited this year, so I’m looking forward to enjoying my first experience of in-flight entertainment via Wi-Fi to my own device …
Alistair Dabbs, 27 May 2016

Judge torpedoes 'Tor pedo' torpedo evidence

A US District Court judge has tossed out evidence gathered by the FBI from Tor users, because the Feds wouldn't reveal how exactly it exploits their browsers to unmask them. Jay Michaud, a Vancouver school administration worker, was charged with viewing a hidden service called Playpen, which hosted child abuse material, on the …
Image by gyn9037 http://www.shutterstock.com/gallery-691846p1.html

You've patched that Flash hole, but have the users? Phone's ringing. It's for you

Security researchers are warning of a new wave of malvertising that harnesses the latest Flash exploit. The attack features tainted ads from websites including dailymotion.com, vodlocker.com, answers.com and legacy.com. Fraudulent advertisers are posing as legitimate retail or legal businesses in order distribute "conditional …
John Leyden, 25 May 2016

VXer group ramps up malware to attack Indian embassies

Attackers have revamped their malware to better target embassy staff, says a Palo Alto Networks security team. The "Operation Ke3chang" campaign is slinging the TidePool malware which it has quietly upgraded over recent years. Researchers Micah Yates, Mike Scott, Brandon Levene, Jen Miller-Osborn and Tom Keigher say the group …
Darren Pauli, 25 May 2016

60 per cent of Androids exposed by new attack on mediaserver

Duo Security researcher Kyle Lady says attackers can compromise more than half of enterprise Android phones by chaining two operating system and chip vulnerabilities. The flaws affect scores of phones on the market from the most popular Lollipop version 5 Android system, second-placed KitKat version 4.4, and the barely-used …
Darren Pauli, 20 May 2016
Dounreay shaft explosion copyright Dounrea Site Restoration Ltd and Nuclear Decommissioning Authority

Inside the world's second worst exploit toolkit

Security researchers have lifted the lid on the Nuclear exploit kit, rated the second largest malware-as-a-service toolkit in the world. Nuclear has generated 1.8 million attacks worth $12m in revenue in one month alone, chiefly through slinging the infamous Locky ransomware. The estimated monthly revenue for the developers of …
John Nicholson, 19 May 2016
Image by: TijanaM http://www.shutterstock.com/gallery-501730p1.html

Android Lollipop sucks at security, says researcher

Skycure security researcher Yair Amit has revealed a chained Android attack path that will greatly enhance attackers' ability to compromise 1.34 billion devices, or 95 percent of those in use. The Accessibility Clickjacking attack exploits flaws in protections for Android's accessibility and draw-over-apps features to allow …
Darren Pauli, 19 May 2016

Magento attacks uncanny hacks-men with shopper-popper patch

Independent security researcher Nethanel Rubin has reported a since-patched vulnerability in eBay's Magento e-commerce platform that could have allowed hackers to compromise retailers. The vulnerability (CVE-2016-4010) is fixed in version 2.0.6 issued overnight. Magento handed the flaw a 9.8 out of 10 severity score explaining …
Darren Pauli, 18 May 2016

Kids these days can't even write a decent virus

The crusty headless Conficker worm is the web's most prolific web threat, says security Check Point. The net menace was the one-time world's biggest bot worming its way since 2008 through millions of machines across every country in the world, smashing through social networks including Facebook, Skype, and popular email …
Darren Pauli, 18 May 2016
parcels_shutterstock_648

Microsoft shifts Windows 7 and 8.1 fixes to 'rollup' bundles

Microsoft says it will simplify the update process for older versions of Windows by switching to once-a-month "rollup" bundles. Redmond says that all PCs running Windows 7 SP1 and Windows 8.1, and servers running Windows Server 2008, Windows Server 2008 R2 SP1, and Windows Server 2012 will begin getting the monthly updates. " …
Shaun Nichols, 17 May 2016
virus_1_648

Kill Flash now? Chrome may be about to do just that

Google's Chrome web browser could be disabling all Flash content by default before the year's out. El Reg has learned that developers with the Chromium Project are working on a new feature known as 'HTML5 by Default'. The move could help to keep users safe by locking off a favorite target for web-based malware exploits. As …
Shaun Nichols, 13 May 2016
Vlera http://www.shutterstock.com/gallery-2241824p1.html

Compression tool 7-Zip pwned, pain flows to top security, software tools

Some of the world's biggest security and software vendors will be rushing to patch holes in implementations of the popular 7-zip compression tool to stop attackers gaining full control of customer machines. Cisco security researcher Marcin Noga found and reported the holes to the maintainers of the open source 7-Zip platform …
Darren Pauli, 12 May 2016

Spaniard live streams 195km/h burn-up

Spanish police have traced and cuffed a driver who live streamed a Madrid ring road burn-up during which he hit 195km/h (121mph) and narrowly avoided taking out several other vehicles. The unnamed speed merchant used Periscope to transmit his night-time high-speed exploits, then ill-advisedly shared the footage on his Twitter …
Lester Haines, 10 May 2016
winnond http://www.shutterstock.com/gallery-606205p1.html

Prince of pop trash PerezHilton pwned, visitors hit with cryptxxx

Pop trash giant PerezHilton.com has served the world's most dangerous exploit kit to some of its 500,000 daily visitors. The site is home to Hollywood and celebrity news and has been pwned before under hugely successful malvertising campaigns using the dominant Angler exploit kit. Cyphort researcher Nick Bilogorskiy says the …
Darren Pauli, 10 May 2016

ImageMagick exploits spotted

Malicious images exploiting server-hijacking holes in ImageMagick have been spotted and documented by web host biz CloudFlare. As we reported last week, ImageMagick – a tool used by countless websites to process images submitted by users – has a pretty bad bug that allows images to execute commands on vulnerable systems. The …
Chris Williams, 09 May 2016
Image by Danomyte http://www.shutterstock.com/gallery-256714p1.html

Six-year-old patched Stuxnet hole still the web's biggest killer

The six-year-old vulnerability first burnt by Stuxnet remains the internet's chief pwning vector and is a key instrument of the world's worst exploit kit known as Angler. The vulnerability is a hole in Windows Shell that is both long since patched and well publicised as part of its discovery in the US' Stuxnet worm, the killer …
Darren Pauli, 09 May 2016

Apple needs silver bullet to slay App Store's escaped undead – study

Online software bazaars – such as Apple's App Store and Google Play – need to claim responsibility for "dead applications" and notify people when their programs have been revoked or removed, a study by security firm Appthority recommends. “Dead apps” are those that have been removed from an app store, but remain on devices – …
John Leyden, 06 May 2016
Blackmail

Ransomware grifters offer to donate proceeds of crime to charity

Ransomware crooks are offering to donate ransom fees to a children's charity. Security experts dismiss the promise as “psychological manipulation” from unscrupulous crooks. The offer comes from the “kind hearted” slingers of "CryptMix", one of a growing number of crypto-ransomware strains menacing Windows users worldwide. …
John Leyden, 06 May 2016

Miscreants tripled output of proof of concept exploits in 2015

Hackers collectively tripled the production of Proof-of-Concept exploits last year, according to a new study out on Thursday. Researchers and black hats develop proof-of-concept (PoC) exploits for research or demonstration purposes. These PoCs are developed for a various reasons – to demonstrate that software is vulnerable, …
John Leyden, 05 May 2016