Articles about Exploits

Pacemaker

Fatal flaws in ten pacemakers make for Denial of Life attacks

A global research team has hacked 10 different types of implantable medical devices and pacemakers finding exploits that could allow wireless remote attackers to kill victims. Eduard Marin and Dave Singelée, researchers with KU Leuven University, Belgium, began examining the pacemakers under black box testing conditions in …
Darren Pauli, 01 Dec 2016

UCam247 tells El Reg most of its cams aren't vulnerable to GET vuln

IoT security camera vendor UCam247 has contacted The Register to say most devices in the wild aren't vulnerable to the “single URL pwnage” vulnerability. Yesterday, we reported that more than 30 cameras from seven vendors had shipped with a modified GoAhead Web server. Among other things, the modification introduced a simple- …
Pic: Shutterstock

Drive-by web nasty unmasks Tor Browser users, Mozilla dashes to patch zero-day vuln

Updated Mozilla is scrambling to patch a vulnerability in Firefox that is apparently being exploited in the wild to unmask Tor Browser users. Earlier today, a small package of SVG, JavaScript and x86 code popped up on a Tor mailing list that, when opened by Firefox or Tor Browser on a Windows PC, phones home to a remote server and …
Darren Pauli, 30 Nov 2016
Well-dressed man drinks whisky in expensive flat. Photo by Shutterstock

Confirmation of who constitutes average whisky consumer helps resolve dispute

The average consumer of Scotch whisky is reasonably well informed and reasonably observant and circumspect member of the general public who has an average level of attention, the EU's General Court has confirmed in ruling over a trade mark dispute. The determination by the Court helped whisky manufacturer William Grant & Sons …
OUT-LAW.COM, 29 Nov 2016
Image by rudall30 http://www.shutterstock.com/gallery-573151p1.html

Microsoft update servers left all Azure RHEL instances hackable

Microsoft has patched flaws that attackers could exploit to compromise all Azure Red Hat Enterprise Linux (RHEL) instances. Software engineer Ian Duffy found the flaws while building a secure RHEL image for Microsoft Azure. During that process he noticed an installation script Azure uses in its preconfigured RPM Package …
Darren Pauli, 28 Nov 2016
Tesla Model X

Grand App Auto: Tesla smartphone hack can track, locate, unlock, and start cars

A smartphone app flaw has left Tesla vehicles vulnerable to being tracked, located, unlocked, and stolen. Security experts at Norwegian app security firm Promon were able to take full control of a Tesla vehicle, including finding where the car is parked, opening the door and enabling its keyless driving functionality. A lack …
John Leyden, 25 Nov 2016
Image by Maythee Voran https://www.shutterstock.com/gallery-3935591p1.html

Poison .JPG spreading ransomware through Facebook Messenger

Checkpoint has found an image obfuscation trick it thinks may be behind a recent massive phishing campaign on Facebook that's distributing the dangerous Locky ransomware. The security firm has not released technical details as the flaw it relies on still impacts Facebook and LinkedIn, among other unnamed web properties. The …
Darren Pauli, 25 Nov 2016
image by TSHIRT-FACTORYdotCOM http://www.shutterstock.com/gallery-110716p1.html

Attackers use ancient zero-day to pop Asian banks, govts

Attackers are compromising government and banks across Asia by exploiting a years-old zero day vulnerability in desktop publishing application InPage, which targets users working in Urdu or Arabic. Kaspersky Labs analyst Denis Legezo found the attacks and reported the zero-day to InPage, which he says ignored his disclosures …
Darren Pauli, 24 Nov 2016

Telegram API ransomware wrecked three weeks after launch

Ransomware scum abusing the protocol of the popular Telegram encrypted chat app have been wrecked and their malware ransom system decrypted. TeleCrypt throws a message to Russian-speaking victims thanking them for helping the "Young Programmers Fund" via the US$78 (5000 ruble) ransom payments, a comparatively small charge …
Darren Pauli, 23 Nov 2016
Twilight Zone, 'Time Enough At Last'

It's time: Patch Network Time Protocol before it loses track of time

The maintainers of the Network Time Protocol daemon (ntpd) have pushed out a patch for ten security vulnerabilities. Leading the fixfest is a trap-crash turned up by Cisco's Matthew Van Gundy. If ntpd is configured with the trap service enabled, a malformed packet causes a null pointer dereference and crash it. A Windows bug …

WordPress auto-update server had flaw allowing anyone to add anything to websites worldwide

Up to a quarter of all websites on the internet could have been attacked through a since-patched vulnerability that allowed WordPress' core update server to be compromised. The since-shuttered remote code execution flaw was found in a php webhook within api.wordpress.org that allows developers to supply a hashing algorithm of …
Darren Pauli, 23 Nov 2016
Michele Orru. Image: Darren Pauli / The Register.

Hacker dishes advanced phishing kit to hook clever staff in 10 mins

Kiwicon Michele Orru has released an automated phishing toolkit to help penetration testers better exploit businesses. The well-known FortConsult hacker, better known as Antisnatchor (@antisnatchor), dropped the phishing kit at the Kiwicon hacking event in Wellington New Zealand last week, offering hackers tips to more successfully …
Darren Pauli, 21 Nov 2016
Shubham Shah and Moloch. Image: Darren Pauli / The Register.

Hackers' modular worm builder hoses popular team web chat apps

KIWICON Hackers everywhere can now more easily compromise popular chat apps to steal users' webcam and audio feeds using a worm framework published online - and they even have a new zero day to help the plundering. The framework, dubbed "Little Doctor" after the planet-annihilating super weapon of Ender's Game will compromise …
Darren Pauli, 18 Nov 2016
Dan Tentler. Image: Darren Pauli / The Register.

Hacker's Mac pwning expedition: 'Help, I've got too many shells!'

Kiwicon When Dan Tentler hacked writer Kevin Roose's Mac, his chief problem wasn't trying to pop the shell; it was trying to rein in the hundreds of shells he spawned. Tentler had been tasked with breaching Roose's computer for a documentary showcasing penetration testers' ability to compromise users. Tentler, also known as "Viss", …
Darren Pauli, 17 Nov 2016
Kamkar's RPi Zero-based attack

PoisonTap fools your PC into thinking the whole internet lives in an rPi

How do you get a sniff of a locked computer? Tell it you're its gateway to the entire Internet IPv4 routing space. That's the basic principle behind a demo from brainiac cracker Samy Kamkar. Plugged into a victim, his Raspberry Pi Zero-based "PoisonTap" isn't just a network sniffer, it's a backdoor-digger. MacOS users can …
Her Majesty the Queen. Crown copyright/MoD

British politicians sign off on surveillance law, now it's over to the Queen

The UK's Investigatory Powers Bill has completed its passage through parliament and now only awaits Her Majesty's stamp of approval before becoming law. Also known as the Snoopers' Charter, the legislation has been criticised as being among the most onerous in the world upon the civilian population, and will require British …
Batman. Credit: DC Comics.

Google Pixel pwned in 60 seconds

Power of Community The Google Pixel fell to a team of Chinese hackers alongside Apple Safari and Adobe Flash at the PwnFest hacking competition in Seoul on Friday. Mountain View's latest offering was smashed by white-hat friendlies from Qihoo 360, who used an undisclosed vulnerability to gain remote code execution for $120,000 cash prize. The …
Darren Pauli, 11 Nov 2016
Junghoon Lee. Image: Darren Pauli / The Register

Reg meets 'Lokihardt', quite possibly the world's best hacker

Power of Community If Jung Hoon Lee is not the world's best hacker, he can't be far from the top of the dais: the 22 year-old South Korean better known as Lokihardt has an uncanny knack for finding zero-day exploits in the world's most popular and most secure systems. Lee is a fixture at global hacking competitions like Pwn2Own and PwnFest where …
Darren Pauli, 11 Nov 2016

Hackers cook god-mode remote exploits against Edge, VMware in world-first

Power of Community Hackers have twice completely compromised Microsoft Edge operating on Windows 10 Red Stone 1 and for the first time twice broken VMWare Workstation without user interaction. The bugs landed via SYSTEM-level remote code execution while the second VMware hacks could also be performed remotely. The four hacks were demonstrated …
Darren Pauli, 10 Nov 2016

Mac administrators brace for big changes to Apple-powered fleets

Special report A looming set of changes to the macOS has some administrators worried that the way they manage and configure Apple systems will need switching up. Those changes, which have only been partly revealed by Apple, will see a new file system implemented in the OS and, in the process, a lockdown of key components of the operating …
Shaun Nichols, 10 Nov 2016
segula_bulb_648

IoT worm can hack Philips Hue lightbulbs, spread across cities

Researchers have developed a proof-of-concept worm they say can rip through Philips Hue lightbulbs across entire cities – causing the insecure web-connected globes to flick on and off. The software nasty, detailed in a paper titled IoT Goes Nuclear: Creating a ZigBee Chain Reaction [PDF], exploits hardcoded symmetric …
Darren Pauli, 10 Nov 2016
android logo

Android's Hover feature is a data HOOVER

That took a while: Android's had Hover since Ice Cream, but boffins have taken until now to work out how to attack it. Hover is a set of interface calls that let application designers imitate mouse-over behaviours people know from PCs, and it only needs to be implemented on a phone or tablet to be vulnerable - whether or not a …

Boffins turn phone into tracker by abusing pairing with – that's right – IoT kit

Black Hat EU Security researchers have worked out how to hack into a smartphone and turn it into a tracking device by abusing its pairing with a Belkin home automation device. Joe Tanen and Scott Tenaglia of Invincea Labs were able to root a WeMo device before injecting code into the WeMo Android app from a compromised WeMo device. The …
John Leyden, 07 Nov 2016

Microsoft extends support for EMET security tool

Microsoft has extended the support life of its enhanced mitigation toolkit (EMET) affording Windows 8 laggards an extra 18 months of protection. EMET adds extra defences to older versions of Windows, dating all the way back to Vista. Among the improvements it offers are address space layout randomisation and data execution …
Darren Pauli, 04 Nov 2016

Universal hijack hole turns DIY Wix blogs into botnets

Millions of do-it-yourself websites built with the Wix web maker were at risk of hijack thanks to a brief zero day DOM-based cross-site scripting vulnerability. Wix boasts some 87 million users, among them two million paying subscribers. Contrast Security researcher Matt Austin (@mattaustin) dug up the flaw he rates as severe …
Darren Pauli, 03 Nov 2016

Vuln hunter finds nasty shared server god mode database hack holes

Dangerous since-patched vulnerabilities in MySQL, MariaDB, and Percona's Server and XtraDB Cluster have been found that, when chained, allow attackers in shared environments complete compromise of servers. The database servers are among the world's most popular and count all major tech giants as customers including Google and …
Darren Pauli, 03 Nov 2016

England expects... you to patch your apps and not just Windows

Brits are getting better at patching Windows on their personal computers but worse at updating their applications, according to a new study. Stats from vulnerability management outfit Secunia Research reveal that 6.4 per cent of UK users had unpatched Windows operating systems in Q3 of 2016, up from 5.4 per cent in Q2 but down …
John Leyden, 02 Nov 2016

Multiple RCE flaws found in Memcached web speed tool

A remote code execution vulnerability in popular website backend performance tool Memcached has been found and squashed. Cisco penetration tester Aleksandar Nikolich reported three remote code execution holes in the tool used by big name sites including Facebook, Twitter, YouTube, and Reddit to help decrease database burdens …
Darren Pauli, 02 Nov 2016
lychy 01 http://www.shutterstock.com/gallery-299362p1.html

Hackers hustle to hassle un-patched Joomla! sites

Attackers are already exploiting a dangerous privileged account creation hole in the Joomla! content management system attempting, with attempts made on about 30,000 sites in the days days after a patch for the flaw landed. The vulnerability, which allows anyone to create privileged accounts on Joomla! sites, was first flagged …
Darren Pauli, 02 Nov 2016
google_vs_ms_648

Microsoft flips Google the bird after Windows kernel bug blurt

Microsoft has not responded well to Google's bug grenade, accusing the ad giant of screwing over netizens and getting its facts wrong. "We believe in coordinated vulnerability disclosure, and today's disclosure by Google puts customers at potential risk," Microsoft said in a statement. It then disputed Google's claims about …
Kieren McCarthy, 01 Nov 2016
Mambo Unlimited's gold bug. Pic: Steve Caplin

Run a JSON file through multiple parsers and you'll get different results every time

The ubiquitous message-passing JSON format is something of an untended garden with plenty of security and stability traps for the unwary. That warning comes from software engineer Nicholas Seriot, who last week presented his work on JSON parsers to an audience at Geneva's Soft-Shake Conference. The problems arise because …
Snail on a leaf... looking surprised (yes, that's possible). Photo by SHUTTERSTOCK

Google drops a zero-day on Microsoft: Web giant goes public with bug exploited by hackers

Google has slung a grenade at Microsoft by disclosing a Windows vulnerability before Redmond has a patch ready. The bug can be exploited by malware on a machine to gain administrator-level access. According to this blog post by Neel Mehta and Billy Leonard of the Chocolate Factory's Threat Analysis Group, the reason for going …

Shadow Brokers leak systems hacked by NSA – mostly mail and uni servers in India, China

The Shadow Brokers crew has dumped online a list of servers apparently compromised by NSA hackers. The list contains historic targets of the NSA-linked Equation Group. The date stamps suggest the systems were compromised around 2001 and 2003, and they appear to be used as bases from which US snoops could carry out surveillance …
John Leyden, 31 Oct 2016

130 serious Firefox holes plugged this year

Mozilla has shuttered more than 130 serious vulnerabilities reported by community hackers this year. The browser-backing outfit announced the statistics in a post covering its bug bounty program and broader information security efforts. More than 500 million users ran Firefox at the close of 2015. It's since become the world' …
Darren Pauli, 30 Oct 2016

Lad cuffed after iOS call exploit knocks out Arizona 911 center

An Arizona teen is facing three felony tampering charges after the cops said code he wrote to exploit an iOS security hole downed a 911 call center. According to the Maricopa County Sheriff's Office, 18-year-old Meetkumar ("Meet") Hiteshbhai Desai found a vulnerability in Apple's mobile operating system and crafted a proof-of- …
Shaun Nichols, 28 Oct 2016
Dr Strangelove bomb

Windows Atom Tables popped by security researchers

Wonderful: a security researcher has found a way to abuse the system-level Atom Tables in Windows – all versions of Windows, through to Win 10. Atom Tables are defined by the system to store strings with an identifier to access them; they can be global (like the tables that pass data via DDE between applications), or local ( …

Divide the internet into compartments to save us from the IoT fail whale

The best way of protecting us from Internet of Things botnets is to compartmentalise the entire internet, Intel’s chief architect for IoT security solutions has said. Sven Schrecker, speaking exclusively to The Register at IoT Solutions World Congress in Barcelona, also branded the potential impact of IoT botnets as ‘“ …
Gareth Corfield, 27 Oct 2016

Adobe emits emergency patch for Flash hole malware is exploiting right this minute

Adobe is advising folks to update Flash Player – as malware is right now exploiting a newly discovered hole in the internet's screen door to hijack Windows PCs. The emergency patch addresses a single vulnerability, CVE-2016-7855. The use-after-free() programming blunder allows an attacker to achieve remote code execution when …
Shaun Nichols, 26 Oct 2016
Doctors run to save patient. Photo by Shutterstock

Cyber-crooks menacing hospitals are put under the microscope

Cybercriminals are spreading into the healthcare sector even though the price per stolen medical record remains lower than for comparable financial account crime. From hospitals becoming victims of hacking attacks to Olympic champions getting their health records leaked by hackers, the health sector has become a major target …
John Leyden, 26 Oct 2016
HPE demo at Barcelona. Pic by Gareth Corfield

Beer, security by design and actual revenue: HPE shows off IoT offerings

IoT World Congress Beer-as-a-service at American football games is just one of the things Hewlett Packard Enterprise has brought to the Internet of Things playground, its chief IoT technologist, Colin I’Anson, told The Register this morning. I’Anson also said that, as far as IoT goes, HPE will not be signing any exclusivity deal with partners …
Gareth Corfield, 26 Oct 2016
HP Enterprise Consulting Services managing principal Stephen Kho. Image: Darren Puali / The Register

Got Ancient exploit but nowhere to use it? Try the horrid GRX network

Ruxcon They've been warned for years, but scores of telcos are still making bone-headed configuration mistakes in their GPRS Global Roaming Exchange (GRX) networks, leaving mail and FTP servers vulnerable. The international phone routing system is used for passing and billing calls between providers, using encryption to funnel data …
Darren Pauli, 26 Oct 2016
I AM NIKOM / Shutterstock.com

This is not a drill: Hackers pop stock Nexus 6P in five minutes

The Nexus 6P appears to have been hacked with attackers at the Mobile Pwn2Own contest installing malware without user interaction in less than five minutes. The hack by China's Keen Team happened minutes ago at the Tokyo event and does not require users to do anything. It is as of the time of writing yet to be confirmed but …
Darren Pauli, 26 Oct 2016

Joomla! readies patch for core vulnerability so critical it isn't talking

The world's second-favourite content management system, Joomla!, is warning of a critical security hole so bad its developers aren't saying what it fixes. The Register understands a patch for the mystery hole will take the name of version 3.6.4 and will be published around 1400 UTC today, October 25th. Joomla! has been …
Darren Pauli, 25 Oct 2016
Internet anonymity

Judge orders FBI to reveal whether White House launched 'Tor pedo' torpedo exploits

A US judge overseeing an FBI “Playpen case” has told agents to reveal whether or not their investigative hacking was approved by the White House. The case is one of several the Feds are pursuing against more than 100 alleged users of the child sex abuse material exchange network called the Playpen. The prosecutions have become …

App proves Rowhammer can be exploited to root Android phones – and there's little Google can do to fully kill it

Security researchers have demonstrated how to gain root privileges from a normal Android app without relying on any software bug. The unprivileged application is able to gain full administrative permissions by exploiting the Rowhammer vulnerability present in modern RAM chips. Essentially, malicious code can change the content …
John Leyden, 24 Oct 2016

Chinese electronics biz recalls webcams at heart of botnet DDoS woes

Chinese electronics firm Hangzhou Xiongmai is set to recall swathes of webcams after they were compromised by the Mirai botnet. Mirai exploits the low security standards of internet-connected devices, from routers to webcams, and after enslaving them with malware uses their network connections to launch DDoS attacks, such as …
Gerhard Klostermeier. Image: Darren Pauli, The Register.

Hackers pop top 'secure' wireless keyboard and mouse kits, gain RCE

Ruxcon Wireless keyboard and mouse manufacturers including Microsoft, Fujitsu, and Logitech have been forced to fix borked encryption in peripherals that allow physical attackers to hijack computers. Researchers and phDs Gerhard Klostermeier and Matthias Deeg with Germany-based security firm SySS tested five devices badged as secure …
Darren Pauli, 24 Oct 2016
Image: Seinfield. Credit: NBC.

Como–D'oh! Infosec duo exploits OCR flaw to nab a website's HTTPS cert

Two European security researchers exploited Comodo's crappy backend systems to obtain a HTTPS certificate for a domain they do not own. That cert could be used to impersonate the website, allowing passwords and other sensitive information to be swiped from victims in man-in-the-middle attacks. The infosec bods, Florian Heinz …
Shaun Nichols, 21 Oct 2016

Fruity hacking group juiced by Microsoft's October patch parade

Kaspersky Labs researcher Anton Ivanov says an advanced threat group was exploiting a Windows zero day vulnerability before Microsoft patched it last week. Microsoft says the graphics device interface vulnerability (CVE-2016-3393) allowed attackers to gain remote code execution and elevation of privilege powers. Ivanov's …
Darren Pauli, 21 Oct 2016

US DNC hackers blew through SIX zero-days vulns last year alone

Security researchers have shone fresh light on the allegedly Russian state-sponsored hacking crew blamed for ransacking the US Democratic National Committee's computers. Sednit – also known as APT28, Fancy Bear and Sofacy – has been operating since 2004. The cyber-mob has reportedly infiltrated machines operated by targets as …
John Leyden, 20 Oct 2016