Articles about Exploits

Exploits no more! Firefox 26 blocks all Java plugins by default

The latest release of the Firefox web browser, version 26, now blocks Java software on all websites by default unless the user specifically authorizes the Java plugin to run. The change has been a long time coming. The Mozilla Foundation had originally planned to make click-to-run the default for all versions of the Java plugin …
Neil McAllister, 10 Dec 2013

NSA spooks tooled up with zero-day PC security exploits from the FRENCH

The NSA bought specialist computer hacking tools and research from French security outfit Vupen, according to documents unearthed using the Freedom of Information Act. A contract shows the American spooks paid for a year's supply of zero-day vulnerability information and the software needed to exploit those flaws to attack …
John Leyden, 17 Sep 2013

Vulns, exploits, hacks: Trusteer touts tech to terminate troubles

Infosec 2013 Trusteer is expanding from its speciality of providing transaction protection security to financial institutions with an enterprise-level product designed to guard against zero-day exploits and social engineering. Unpatched application vulnerabilities in widely deployed endpoint applications (such as web browsers) can be given …
John Leyden, 24 Apr 2013
More flaws found in Java

It's about time: Java update includes tool for blocking drive-by exploits

Oracle's latest update to the Java SE Development Kit (JDK) version 7 adds new security features designed to help businesses avoid being stung by critical vulnerabilities in out-of-date versions of Java. After a string of embarrassing Java security flaws was disclosed by independent researchers, Oracle has made addressing …
Neil McAllister, 13 Sep 2013
Flash Gordon

Attackers sling recent Flash 0day through 1800 domains

Some 1800 subdomains have been found slinging the Angler exploit kit using Adobe's most recent Flash zero day exploit, Cisco researcher Nick Biasini says. The lion's share of nasty subdomains were set up on 28 and 29 January and tied to about 50 GoDaddy registrant accounts. Biasini said the malvertising attacks used several …
Darren Pauli, 04 Feb 2015

Biter bitten as hacker leaks source code for popular exploit kit

A black hat trouble maker appears to have released recent source code for one of the most popular exploit kits, malware-probers say. The dump was posted online by a user known as (@EkMustDie) before it was removed. The leaker appears to have previously tried to sell access to the exploit kit. Independent malware investigators …
Darren Pauli, 13 Feb 2015
Scrooge McDuck

Frontier wipes credit of Elite: Dangerous 'billionaire' badboys

Players of the game Elite: Dangerous who were made overnight "billionaires" due to a credit refund glitch will get their "winnings" wiped, the game's maker, Frontier Developments, has said. Initially the company offered the affected "commanders" a choice over whether they kept their loot or had their credit reset in order to …
Kat Hall, 08 Jan 2015
The Register breaking news

Samsung's smart TVs 'wide open' to exploits

Samsung's Smart TV has a vulnerability which allows remote attackers to swipe data, according to security researchers. Malta-based security start-up ReVuln claims to have discovered a zero-day vulnerability affecting Smart TV, in particularly a Samsung TV LED 3D. Smart TV can be used to browse the internet, use social networks …
John Leyden, 12 Dec 2012

Dangerous NTP hole ruins your Chrissy lunch

Critical holes have been reported in the implementation of the network time protocol (NTP) that could allow unsophisticated attackers root access on servers. System administrators may need to forego the Christmas beers and roasted beasts until they've updated NTP daemons running versions 4.2.8 and below. The grinch bug was …
Darren Pauli, 22 Dec 2014

Bad romance: Ransomware, exploit kits in criminal cuddle

The lowlifes behind the Cryptowall ransomware seem to have decided it's no longer worth developing their own exploit kits. Instead, according to analysis by Cisco, they're relying on other popular exploits to distribute the malware. The ransomware was considered one of the most effective ransomware offerings that encrypted a …
Darren Pauli, 10 Feb 2015

Hackers fear arms control pact makes exporting flaws illegal

Export regulations that threaten to hinder vulnerability research and exploit development have put hackers on edge ahead of the annual Pwn2Own contest. Operators of the hack-fest have reportedly issued an email warning to researchers to obtain legal advice about how the Wassenaar Arrangement, a 42-nation effort aimed at " …
Darren Pauli, 16 Feb 2015

APT devs are LOUSY coders, says Sophos

The most infamous advanced persistent threat groups write exploits that fail more often than they work, malware bod Gabor Szappanos says. The malware prober with SophosLabs Hungary office examined 15 exploit writing groups and rated six as having only basic skills. Szappanos found one popular exploit (CVE-2014-1761) used as a …
Darren Pauli, 05 Feb 2015
The Register breaking news

Crims prefer old exploits: Microsoft

While media around the world are excited by the announcement of every new zero-day vulnerabilities, attackers yawn, according to Microsoft. Presenting Volume 11 of its Security Intelligence Report at the RSA Conference in Europe on October 11, Microsoft pointed out that less than one percent of the attacks its report identified …

Pay-by-bonk chip lets hackers pop all your favourite phones

Blood is flowing on the floor of the Pwn2Own challenge slaughterhouse, after whitehats hacked their way through an Apple iPhone 5S, Samsung Galaxy S5, LG Nexus 5 and Amazon Fire, most often by using Near Field Communications. The annual contest backed by HP, BlackBerry and Google, and run by HP's Zero Day Initiative …
Darren Pauli, 13 Nov 2014

Oracle releases July patch batch... with 27 fixes for remote exploits

Oracle has pushed out a quarterly patch batch of 89 updates that mean almost all of its enterprise software products need updating for one reason or another. Craig Young, a security researcher at Tripwire, noted that most of the vulnerabilities were picked up by third-party researchers. “The constant drumbeat of critical Oracle …
John Leyden, 17 Jul 2013

Your hard drives were RIDDLED with NSA SPYWARE for YEARS

The US National Security Agency (NSA) infected hard disk firmware with spyware in a campaign valued as highly as Stuxnet that dates back at least 14 years and possibly up to two decades – all according to an analysis by Kaspersky Labs. The campaign infected possibly tens of thousands of Windows computers in telecommunications …
Darren Pauli, 17 Feb 2015
The Office

Office MACROS PERIL! Age-old VBScript tactic is BACK in biz attack

The dangers of allowing Office macros have been underlined by a newly discovered attack against European and Israeli companies. Malicious Office macros were used as the launchpad of the so-called RocketKitten attacks presented at this year's Chaos Communication Congress hacking conference (stream here, relevant material starts …
John Leyden, 31 Dec 2014
Ancient skull found in cave in northern Laos

Siemens issues emergency SCADA patch

Got Siemens SCADA? Get patching: the company has issued updates for software using its WinCC application to plug a bunch of remotely-exploitable vulnerabilities. According to the ICS-CERT advisory, versions of the company's SIMANTIC WinCC, SIMANTIC PCS7 and TIA Portal V13 (which includes a WinCC runtime) are all vulnerable. …
Stuxnet

Oi! Rip Van Winkle: PATCH, already

Nearly 20 million computers remain infected with malware targeting a vulnerability first targeted four years ago by the Stuxnet worm. The flaw (CVE-2010-2568) was a Windows operating system bug in the way shortcuts worked allowing quiet download of the random dynamic library on Win Server 2003 and XP through to version 7. Since …
Darren Pauli, 20 Aug 2014

Hacker catches Apple's Lightning in a jailbroken bottle

Apple's Lightning connector protocols have been pried open in what could be a boon for the jailbreaking community. The hack opens access to Apple's serial kernel debugger, previously available on older iDevices, and reportedly gives jailbreak engineers an improved ability to debug kernel issues and iBoot exploits. Apple …
Darren Pauli, 16 Feb 2015
Hacker image

Psst, hackers. Just go for the known vulnerabilities

Despite all the publicity about zero-day exploits, a big percentage of breaches (44 per cent) come from vulnerabilities which are two to four years old. Server misconfigurations were the number one vulnerability, according to the latest edition of HP’s annual Cyber Risk Report, which concludes that well-known issues posed the …
John Leyden, 23 Feb 2015
Fraud image

Webcam-snooping spawn of ZeuS hits 150 banks worldwide

The latest evolution of the online bank account raiding Trojan ZeuS is the webcam-spying Chthonic malware, according to researchers. Chthonic infects Windows PCs, and allows criminals to connect to the compromised PC remotely and command it to carry out fraudulent transactions. The software nasty is targeting customers of more …
John Leyden, 19 Dec 2014
Google Chrome warning

Google looks to scrape away scumware, as only it can

Google is looking to cut down on the risk of attacks from web pages serving up unwanted downloads. The company said on Monday that it will add security protections into Chrome, Ads and Google Search in an effort to keep users away from sites believed to be installing adware, browser toolbars and other nuisance programs. For …
Shaun Nichols, 24 Feb 2015

Noooo... WAIT. Google slaps on Chrome patches ahead of Pwn2Own hackfest

Pwn2Own Google trowelled plaster over seven security cracks in Chrome on Tuesday, a day before the browser became one of the targets at the annual Pwn2Own hacking competition. The latest cross platform security update for Chrome fixed four "high" severity flaws and three lesser bugs. Three of the four high profile bugs were discovered …
John Leyden, 13 Mar 2014
Facebook security

Facebook slings $50k Internet Defense Prize™ at bug hunter duo

Facebook and Usenix have together created the Internet Defense Prize™ – and awarded its first gong to security bods Johannes Dahse and Thorsten Holz. The pair, of Ruhr University Bochum in Germany, received $50,000 from Facebook's prize-giving committee for their paper, Static Detection of Second-Order Vulnerabilities in Web …
Darren Pauli, 21 Aug 2014

Dev put AWS keys on Github. Then BAD THINGS happened

Bots are crawling all over GitHub seeking secret keys, a developer served with a $2,375 Bitcoin mining bill found. DevFactor founder Andrew Hoffman said he used Figaro to secure Rails apps which published his Amazon S3 keys to his GitHub account. He noticed the blunder and pulled the keys within five minutes, but that was …
Darren Pauli, 06 Jan 2015
Good riddance to bad Java

Now even Internet Explorer will throw lousy old Java into the abyss

Internet Explorer will soon join its rival browsers by automatically blocking old, insecure add-ons – and it's got its eye set squarely on Java. Microsoft said on Wednesday that starting on August 12, Internet Explorer will begin alerting users when web pages try to launch ActiveX controls that are considered out-of-date and …
Neil McAllister, 07 Aug 2014

Adobe finds, patches ANOTHER exploited Flash 0day

Another exploited zero-day vulnerability has been uncovered and patched in Adobe Flash, 24 hours after a second flaw in the popular web trinket was found being used in attack kits. Adobe is examining yesterday's zero day, picked up by French researcher Kafeine who spotted it after analysing a version of the popular Angler …
Darren Pauli, 23 Jan 2015

Sucker for punishment? Join Sony's security team

Sony is seeking a steely-willed vulnerability management director in the wake of its thorough hosing by unknown attackers. The beleaguered media giant posted an online advertisement Friday seeking a security bod boasting a decade's hacking experience to, among other things, "Unify and enhance Sony’s global information security …
Darren Pauli, 23 Dec 2014
GHOST vulnerability

BOO! Grave remote-code exec flaw in GNU C Library TERRIFIES Linux

Security researchers have uncovered a critical bug in the GNU C Library (glibc), a key component of Linux and some other operating systems, which could render countless machines vulnerable to remote code execution attacks. The flaw, which was discovered by Qualys and assigned CVE-2015-0235, is known as the GHOST vulnerability …
Neil McAllister, 27 Jan 2015

Adobe Reader sandbox popped says Google researcher

The Acrobat Reader Windows sandbox contains a vulnerability that could allow attackers to break out and gain higher privileges, Google security bod James Forshaw claims. The NTFS junction attack is a "race condition" in the handling of the MoveFileEx call hook Forshaw said. While unpatched, subsequent September updates made the …
Darren Pauli, 27 Nov 2014
balaclava_thief_burglar

Cisco: Hey, IT depts. You're all malware hosts

Everybody – at least every multinational that Cisco checked out for its 2014 Annual Security Report – is hosting malware of some kind, and there aren't enough security professionals to go around. Along with its Managed Threat Defense service launched this week, Cisco also launched the latest publication (here with registration) …
Privacy image

Flaw in Google's Dropcam sees it turned into SPYCAM

Hackers could inject fake video into popular home surveillance kit Dropcam and use the system to attack networks, researchers Patrick Wardle and Colby Moore say. The wide-ranging attacks were tempered by the need for attackers to have physical access to the devices but the exploits offer the chance to inject video frames into …
Darren Pauli, 15 Jul 2014

Fancybox WordPress plugin reveals zero day affecting thousands

A WordPress plugin downloaded half a million times has been used in zero day attacks that served up malware. The plugin in question is called FancyBox and creates a lightbox-like interface with which to look at images. It's been used by unknown actors to deliver a malicious iframe through a persistent cross-site scripting …
Darren Pauli, 06 Feb 2015

Hacker publishes tech support phone scammer slammer

Security pro Matthew Weeks has released a Metasploit module that can take over computers running the Ammyy Admin remote control software popular among "Hi this is Microsoft, there's a problem with your computer" tech support scammers. Weeks' day job is director at Root9b, but he's taken time to detail a zero-day flaw in Ammyy …
Darren Pauli, 12 Sep 2014

Cisco patches three-year-old remote code-execution hole

A three-year-old dangerous remote code execution hole affecting Cisco kit has been patched. Researcher Glafkos Charalambous discovered the Telnet vulnerability (CVE-2011-4862), which was first reported by the FreeBSD Project in 2011. It was left unpatched up prior to 15 October this year in Cisco appliances. The International …
Darren Pauli, 24 Oct 2014
Old computer

Researcher sat on critical IE bugs for THREE YEARS

Security outlet VUPEN has revealed it held onto a critical Internet Explorer vulnerability for three years before disclosing it at the March Pwn2Own hacker competition. The company wrote in a disclosure last week it discovered the vulnerability (CVE-2014-2777) on 12 February 2011 which was patched by Microsoft on 17 June (MS14- …
Darren Pauli, 24 Jul 2014
Routers

Belkin flings out patch after Metasploit module turns guests to admins

Belkin has patched a vulnerability in a dual band router that allowed attackers on guest networks to gain root access using an automated tool. The flaw reported overnight targeted the Belkin N750 dual-band router – which was launched in 2011 and is still sold by the company and other commerce sites. IntegrityPT consultant Marco …
Darren Pauli, 07 Nov 2014
Scary Skeleton Samba

Samb-AAAHH! Scary remote execution vuln spotted in Windows-Linux interop code

Linux admins were sent scrambling to patch their boxes on Monday after a critical vulnerability was revealed in Samba, the open source Linux-and-Windows-compatibility software. The bug, which has been designated CVE-2015-0240, lies in the smbd file server daemon. Samba versions 3.5.0 through 4.2.0rc4 are affected, the Samba …
Neil McAllister, 24 Feb 2015
Australia China

Latest IE flaw being actively exploited

AusCERT April's Internet Explorer flaw is being exploited, with at least two listed Australian entities targeted by a sophisticated foreign hacking outfit. The organisations were targeted in a campaign that foisted the Internet Explorer exploits (MS14-021) at high end corporations three days after the dangerous flaws were exposed. …
Darren Pauli, 15 May 2014

VXers Shellshocking embedded BusyBox boxen

Malware writers have crafted new wares to attack embedded devices running BusyBox and not yet patched against the ShellShock vulnerability, researcher Rhena Inocencio says. Miscreants' tool of choice for such attacks is malware called "Bashlite" that, once executed on a victim machine, probes for devices such as routers and …
Darren Pauli, 17 Nov 2014
Apple_iPad_001_SM

iPad racketeers' high wire exploits falter

Chinese smugglers have been caught transporting a host of Apple goods over a zip-line into Hong Kong in a bid to profit from tax differences. Using a crossbow, the perpetrators fired a fishing line from a skyscraper in Shenzhen over the Sha Tau Kok river and into a small house in Hong Kong. The team then filled nylon bags full …
Caleb Cox, 08 Aug 2011

Zombie POODLE wanders in, cocks leg on TLS

Google might have taken POODLE to a distant country road, let it out and driven away fast, but according to Qualys, the vulnerability has returned, repurposed, as an attack on Transaction Layer Security (TLS). Designated CVE-2014-8730, the new attack vector exploits the same class of problem as POODLE: an error in the handling …

Shellshock over SMTP attacks mean you can now ignore your email

Yet another round of Shellshock attacks is emerging, according to the SANS Internet Storm Center – this time, botnets are tapping hosts over SMTP. At the moment, the report is sparse, with the ISC diary post stating merely that Shellshock exploit attempts are travelling over the mail protocol because “the sources so far have all …
windows 7 image

Redmond is patching Windows 8 but NOT Windows 7, say security bods

Microsoft has left Windows 7 exposed by only applying patches to its newest operating systems. Researchers found the gaps after they scanned 900 Windows libraries and uncovered a variety of security functions that were updated in Windows 8 but not in 7. They said the shortcoming could lead to the discovery of zero day …
Darren Pauli, 06 Jun 2014

Security hawker gives the bird to mid-east hack group

A team of attackers tagged by Kaspersky as the first "advanced Arab hackers" has passed around malware targeting Middle East governments, the military and others. So far 100 malware samples attributed to the group have been tagged, the hacker branding consultancy claims. Kaspersky Labs researchers revealed the attacks at the …
Darren Pauli, 18 Feb 2015

Linux 'GRINCH' vuln is AWFUL. Except, er, maybe it isn't

A dispute has arisen about the seriousness of a vulnerability in Linux, dubbed "Grinch", that supposedly creates a privilege escalation risk. The flaw resides in the Linux authorisation system, which can unintentionally allow privilege escalation, granting a user “root", or full administrative, access. “With full root access, …
John Leyden, 19 Dec 2014

NSA raided hackers' troves of stolen data: report

The NSA and its allies have raided the pockets of independent and nation-state hackers and monitored some of the security industry's foremost researchers in its bid to hoover information on targets and find better ways to break systems, Snowden documents reveal. Spooks would monitor the work of 'freelance' and rival state …
Darren Pauli, 05 Feb 2015
angler exploit kit 1

Silverlight finally becomes popular ... with crims

Silverlight has become a choice target for VXers who are foisting nasty exploit kits (EKs) on users through hacked advertising networks. Attacks targeting Silverlight have spiked since 23 April as attackers look for web platforms to target now that Java and Flash have cleaned up their acts a bit. Cisco lead threat researcher …
Darren Pauli, 20 May 2014
Rubbish bin

Webmin hole allows attackers to wipe servers clean

Holes in the Webmin Unix management tool - thankfully since patched - could allow attackers to delete data on servers, says security researcher John Gordon of the University of Texas. The remote root access server tool contained vulnerabilities in newly-created cron module environment variables that could erase data through …
Darren Pauli, 11 Sep 2014