Articles about Exploits

Cat from Cisco TV ad

Cisco: Whoops, hackers can commandeer your TelePresence boxes with an evil HTTP poke

Cisco has released three security patches to address flaws in its TelePresence, FirePower and Adaptive Security Appliance lines. The May bundle includes one patch classified by Cisco as "critical" and two more labeled "high" risks. In total, the updates remedy three CVE-listed security vulnerabilities: For TelePresence …
Shaun Nichols, 04 May 2016

US telly stations fling malware-tipped web ads at unsuspecting surfers

A rogue advertiser abused the Taggify self-serve ad platform to inject malware-installing code into browsers visiting the websites of two US TV stations. It was a textbook malvertising attack: to infect victims' PCs, the dodgy ads used the Angler Exploit Kit, which is a grab bag of code that exploits weaknesses in Adobe Flash …
John Leyden, 04 May 2016

Server-jacking exploits for ImageMagick are so trivial, you'll scream

Code dive Samples of booby-trapped image files that exploit ImageMagick to compromise servers and other computers are well and truly out in the open now. On Tuesday, it emerged that ImageMagick – a popular software tool used by countless websites to process selfies and other submitted photos – has a bunch of critical security bugs. …
Chris Williams, 04 May 2016
Craig Searle. Image Darren Pauli, The Regsiter

Are state-sponsored attackers poisoning the statistical well?

WAHckon Manipulation of small amounts of data among huge data sets could be an unrecognised threat to scientific organisations, security man Craig Searle says. Searle is founder of Melbourne-based security consultancy Hivint and says altering a few data points inside important databases - say those held by meteorological organisations …
Darren Pauli, 02 May 2016
Venomous snake

Stross' new Laundry list

Did you know that Bob Howard of The Laundry Files is named after the BOFH? SciFi Author Charles Stross has published a new chronology of his popular Laundry Files series, in which he details future books in the series. The Delirium Brief, due in June 2017, will open with protagonist Bob Howard “being grilled live on Newsnight …
Simon Sharwood, 27 Apr 2016
HBO: Game of Thrones

Game of P0wns: Malvertising menace strikes Pirate Bay season six downloads

Scores of Game of Thrones pirates may have had computers encrypted by ransomware after malvertisers served the dangerous malware through the Pirate Bay during the mega-series' season six première last weekend. MalwareBytes researcher Jerome Segura says the hard-working Magnitude exploit kit authors were able to target pirates …
Darren Pauli, 27 Apr 2016

Pair publishes python framework for rapid router wrecking

Polish hacker Marcin Bury and developer Mariusz Kupidura have published a capable Python-based router exploitation framework to help hackers better own bit-moving boxen. Bury says the "RouterSploit" tool is similar to the popular Metasploit framework, and sports exploit modules to help hackers own certain routers. The hacker …
Darren Pauli, 26 Apr 2016

Net scum lock ancient Androids, force users to buy iTunes gift cards

Blue Coat researcher Andrew Brandt says ancient Androids can be hijacked with persistent ads that force victims to buy US$200 worth of iTunes gift cards. Brandt considers the spam as ransomware since it traps infected Androids in a locked screen state until victims buy attackers gift cards which would presumably be later …
Darren Pauli, 26 Apr 2016

Lock-hackers crack restricted keys used to secure data centres

Bsides Canberra A group of Melbourne lock-pickers have forged a creative method for popping so-called restricted locks by 3D printing keys found on freely available designs on patent sites. The feat demonstrated at the BSides Canberra security conference last week is a combination of opportunistic ingenuity and lock-picking mastery, and will …
Darren Pauli, 21 Apr 2016

Four bugs bait hooks in Asian phishing trip

Malware writers are exploiting four RTF parser vulnerabilities, in a long-running campaign to target journalists, human rights activists, and Tibetans across Hong Kong and Taiwan. An Arbor Networks study found miscreants are exploiting since-patched vulnerabilities in Microsoft Office's handling of rich text files (CVE-2012- …
Darren Pauli, 20 Apr 2016

VXers pass stolen card data over DNS

The NewPosThings malware has spawned an offspring that exploits the DNS protocol to sneak data past firewalls. The VXers have reasoned DNS has a couple of advantages for data exfiltration. Since the enterprise network can't talk to the Internet without it, it's unlikely to be blocked; and since it's probably thought of as more …
Teacher

SamSam ransomware shifts from hospitals to schools via JBoss hole

Cisco has warned that the SamSam ransomware that has been plaguing US hospitals is now menacing schools, governments, and other organizations that have not kept their JBoss deployments up to date. According to the networking giant's Talos security team, SamSam exploits a hole in server middleware JBoss to drill its way into …
Iain Thomson, 19 Apr 2016

Oz hackers safe to drop 0day at hacker cons, Wassenaar wonk says

ACSC2016 Australian hackers are free under the Wassenaar Arrangement to bring zero day vulnerabilities overseas, demonstrate them on stage, in training sessions, and to exploit them to win cash as part of hacking competitions, according to the Defence Science and Technology Organisation (DSTG*). DSTO's Leonard Wills. Image: Darren …
Darren Pauli, 15 Apr 2016

Cutting edge security: Expensive kit won't save you

We all want to protect our customer and employee data, but as the threat landscape changes and the publicly disclosed data breaches get increasingly larger, our approach may need to change. What constitutes "state of the art" information security in 2016? It’s tempting to create a listicle of 10 shiny new security tools that …
Danny Bradbury, 13 Apr 2016

Airbus boarded by 12 nation-state, crimeware 'breaches' every year

ACSC 2016 Airbus chief security officer Stephane Lenco says the company is hit by successful state-sponsored and ransomware attacks a dozen times each year. The attacks aren't full breaches, instead representing penetration beyond simple scanning trigger a response from the aviation giant's security and computer emergency response team …
Darren Pauli, 13 Apr 2016

Popular cable modem vulnerable to remote reboot/reset flaw

Updated Security defence man David Longenecker says millions of users could have their internet connections severed thanks to a flaw in Surfboard SB6141 modems. The soon-to-be-patched cross-site request forgery flaw allows attackers to cut off users from the internet until their modem renegotiates with the ISP and reconfigures itself …
Darren Pauli, 11 Apr 2016

Dear Windows, OS X folks: Update Flash now. Or kill it. Killing it works

Adobe has published new versions of Flash to patch a vulnerability being exploited right now by hackers to hijack PCs and Macs. The APSB16-10 update addresses a total of 24 CVE-listed flaws, including one (CVE-2016-1019) that's been exploited in the wild to inject malware into Microsoft Windows and Apple OS X systems. Users …
Shaun Nichols, 08 Apr 2016

Microsoft drives an Edge between Adobe and the web: Flash ads blocked

Microsoft will disable Flash ads by default in new versions of its Edge browser. The Redmond software peddler said the upcoming Anniversary Update to Windows 10 will introduce a switched-on setting that disables some Flash content, requiring users to specifically activate Adobe's plugin. If you have the Windows Insider preview …
Shaun Nichols, 08 Apr 2016

Google to admins: We'll tell you when your network is pwned

Google software engineer Nav Jagpal says it will start sharing URLs linked to social engineering, unwanted and malicious software, to help network administrators understand the threats they face. Google is monitoring some 22,000 autonomous systems (ASNs) or about 40 percent of total active networks, and provides some 250 …
Team Register, 08 Apr 2016
James Comey

FBI Director defends iPhone 5C unlock tool that's obviously going to leak into wrong hands

FBI Director James Comey says the tool his agents bought and used to unlock the San Bernardino killer's iPhone will only work on a "narrow slice" of phones. On Wednesday, Comey gave a lecture at Ohio's Kenyon College's Center for the Study of American Democracy in which he said the exploit only works on iOS 9 iPhone 5Cs. Apple …
Iain Thomson, 07 Apr 2016
Man gesticulates furiously in front of parked car. Photo by Shutterstock

Neighbour sick of you parking in his driveway? You'd better hack-proof your car

Car security startup Karamba Security has emerged from stealth with $2.5m in funding and a plan to revamp in-car security. Karamba has developed a technology that hardens the externally-facing electronic control unit (ECU) of cars in order to defend against hack attacks. The software is designed to protect a car's externally …
John Leyden, 07 Apr 2016

Remote code execution found and fixed in Apache OpenMeetings

Recurity Labs hacker Andreas Lindh has found four vulnerabilities, including a remote code execution hole, in Apache OpenMeetings. The flaws mean attackers could hijack installations of the popular virtual meetings and shared whiteboard application. Lindh reported two critical flaws including a predictable password reset …
Darren Pauli, 07 Apr 2016

Call the doctor... no, call security. Docs' mobiles are hopelessly insecure – study

One in five doctors’ mobile devices might be at risk of leaking sensitive data due to either malware or poor password security practices, according to a new study. Mobile threat device firm Skycure reports that 14 per cent of smartmobes and tablets containing patient data likely have no passcode to protect them. And 11 per …
John Leyden, 06 Apr 2016
SHUT UP!

Surprise! Magic Kinder app could let hackers send vids to your kids

Security watchers have warned of massive privacy problems with the Magic Kinder App for children. A lack of encryption within the Magic Kinder smartphone app and other security shortcomings open the doors for all sorts of exploits, they claim. Hacktive Security alleges that a malicious user could "read the chat of the …
John Leyden, 05 Apr 2016

Top Firefox extensions can hide silent malware using easy pre-fab tool

Black Hat Asia The most popular Firefox extensions with millions of active users are open to attacks that can quietly compromise machines and pass Mozilla's automated and human security tests. The extension reuse attacks exploit weaknesses in the structure of Firefox extensions such that malicious activity can be hidden behind legitimate …
Darren Pauli, 04 Apr 2016

Unpatched stealthy iOS MDM hack spells ruin for Apple tech enterprises

Black Hat Asia Enterprises the world over are at risk from a seamless new attack that allows the latest Apple devices to be quietly compromised in what researchers say requires a total overhaul of Cupertino's enterprise provisioning architecture for mobile device management. The unpatched hack – dubbed SideStepper and crafted by Israel-based …
Darren Pauli, 31 Mar 2016

Patch out for 'ridiculous' Trend Micro command execution vuln

A bug in its software meant that Trend Micro accidentally left a remote debugging server running on customer machines. The flaw, discovered by Google’s Project Zero researcher Tavis Ormandy, opened the door to command execution of vulnerable systems (running either Trend Micro Maximum Security, Trend Micro Premium Security or …
John Leyden, 31 Mar 2016

Android's unpatched dead device jungle is good for security

Black Hat Asia Android's diverse and oft un-patched ecosystem is a strength, not a weakness. So says says Dino Dai Zovi, security lead at mobile payments outfit Square, because he feels diversity makes criminal hackers work harder. Android variants are a dime a dozen, thanks to customisations used to get the OS running on myriad phones and …
Darren Pauli, 31 Mar 2016

Mal Men men hit LiveJournal with Angler exploit kit

Malwarebytes researcher Jerome Segura says malvertisers have served the world's most dangerous exploit kit - Angler - through compromised advertisements run on LiveJournal.com and news service Likes.com. The attacks are the latest in a string of brazen and successful malvertising campaigns that are smashing the web's most …
Darren Pauli, 30 Mar 2016

Gumtree serves world's worst exploit kit to scores of Aussies

Malware expert Jerome Segura says Australia's most popular classifieds site, Gumtree.com.au, was serving the world's most capable exploit kit to some of its millions of monthly visitors. The site is Australia's twelfth-most-popular website and last month attracted some 47.8 million views. Parent site eBay Australia scored 74.6 …
Darren Pauli, 29 Mar 2016

Researchers find hole in SIP, Apple’s newest protection feature

Security researchers have discovered a vulnerability that creates a means for hackers to circumvent Apple’s newest protection feature, System Integrity Protection (SIP). SIP is designed to prevent potentially malicious software from modifying protected files and folders. The technology is designed to protect the system from …
John Leyden, 24 Mar 2016
Badlock logo

Clear April 12: Windows, Samba to splat curious 'crucial' Badlock bug

April 12 – save the date if you're a Windows or Samba file server administrator. Stefan Metzmacher, a Samba core developer, has discovered what sounds like a pretty bad security bug, and he says it will be patched on that day next month. The vulnerability already has everything it needs to make a big splash: a name, Badlock; …
Chris Williams, 22 Mar 2016

Google spews critical Android patch as millions of gadgets hit by Linux kernel bug

Google has shipped an out-of-band patch for Android shuttering a bug that is under active exploitation to root devices. The vulnerability (CVE-2015-1805) affects all Android devices running Linux kernel versions below 3.18 – we're talking millions of gadgets and handhelds, here. The vulnerability is a privilege elevation that …
Darren Pauli, 22 Mar 2016
Bear

Oracle fights Russian software policy with Postgres smear

Oracle's Russian paw has found a way to fight the nation's regulations about software purchasing for government agencies, by sending local customers a letter containing stern criticisms of PostgreSQL. As of January 1st 2016, Russia's government agencies are required to use locally-produced software whenever it is functionally …
Simon Sharwood, 21 Mar 2016

Hackers crack OS X, Windows, web browsers' security to net $460,000

Pwn2Own Researchers pulled off multiple OS X, Windows and web browser exploits at the latest Pwn2Own competition. White hat hackers earned $460,000 in prizes for finding and exploiting 21 security vulnerabilities in widely used software. Details of the flaws were privately shared with vendors so that their code that can be fixed and …
John Leyden, 18 Mar 2016

'Millions' of Android mobes vulnerable to new Stagefright exploit

A group of Israeli researchers reckon they've cracked the challenge of crafting a reliable exploit for the Stagefright vulnerability that emerged in Android last year. In a paper [PDF] that's a cookbook on how to build the exploit for yourself, they suggest millions of unpatched Android devices are vulnerable to their design, …
Mac malware

New iOS malware targets stock iPhones, spreads via App Store

Miscreants have forged a strain of iOS malware which poses a greater risk than previous nasties because it can infect non-jailbroken devices without the user’s confirmation. AceDeceiver is fundamentally different from recent iOS malware because it relies in exploiting flaws in Apple’s DRM software rather than abusing …
John Leyden, 16 Mar 2016
Bitcoin is the future of money CC 2.0 by Jonathan Waller https://www.flickr.com/photos/whitez/

Reformed LulzSec hacktivist joins payments firm

Updated A payments firm has hired reformed LulzSec hactivist Mustafa Al-Bassam (formerly known as tFlow) for a new blockchain research project. London-based payments group Secure Trading has taken on Al-Bassam to help develop a platform that applies the verification benefits of blockchain technology in order to improve the visibility …
John Leyden, 16 Mar 2016

Millions menaced as ransomware-smuggling ads pollute top websites

Top-flight US online publishers are serving up adverts that attempt to install ransomware and other malware on victims' PCs. Websites visited by millions of people daily – msn.com, nytimes.com, aol.com, nfl.com, theweathernetwork.com, thehill.com, zerohedge.com and more – are accidentally pushing out booby-trapped adverts via …
John Leyden, 15 Mar 2016

Romanian ATM hacker exploits vulnerability in FENCE, escapes jail

A Romanian carder arrested for using malware to plunder US$217,000 (£152,164, A$290,888) from ATMs has cut their way out of a Bucharest prison and escaped custody. Renato Marius Tulli, 34, escaped Police Precinct 19 with Grosy Gostel, 38, held for robbery charges, sparking a city-wide hunt, local media report. Gostel has been …
Darren Pauli, 08 Mar 2016

Hacker 'Guccifer' extradited to US

Convicted hacker Marcel Lahel, better known by his handle "Guccifer" under which he hacked celebrity and government accounts, is being extradited to the US to face computer intrusion and identity theft charges. Lahel, 42, is best known for stealing and publishing paintings by former US President George W Bush. He also hacked …
Darren Pauli, 07 Mar 2016

One-third of all HTTPS websites open to DROWN attack

Security researchers have discovered a new technique for deciphering the contents of supposedly secure communications. The DROWN attack - it has already got a name, like recent high profile crypto attacks Lucky13, BEAST, and POODLE - is a “cross-protocol attack that can decrypt passively collected TLS sessions from up-to-date …
John Leyden, 01 Mar 2016

Google Project Zero reverse-engineers Windows path hacks for better security

If you're tearing your hair out trying to make sure your Windows 8 / 8.1 /10 application isn't attackable through the filename structure, a Google security engineer has penned a long look at the API to try and help. The reason behind the long explanation is simple, from Google's point of view: “path'ological reverse engineer” …

iOS app that smuggled pirated software into China is booted out of Apple's walled garden

A dodgy application that evaded Apple's hardline code reviewers and made it into Cupertino's official App Store has been turfed out. The program – which featured a hidden smugglers' cove of software – was ejected after it was fingered by third-party security researchers. The team at Palo Alto Networks explained over the …
John Leyden, 22 Feb 2016

Bug bounty hunters score big dollars and the boom's only just begun

Feature Nathaniel Wakelam made US$250,000 last year. In his second job, finding and reporting bugs to bug bounty programs. Wakelam's a 20-year-old high school and university drop-out who has become something of a poster boy for the bug bounty boom, a movement that sees the world's biggest companies pay guys like him tens of thousands …
Darren Pauli, 22 Feb 2016
Linux map

Dan Kaminsky is an expert on DNS security – and he's saying: Patch right God damn now

Exclusive Dan Kaminsky, the man who could have broken DNS but fixed it instead, is warning that the glibc bug found by Red Hat and Google could be much worse than anyone has predicted. "I've seen a lot of bugs, but this bug was written in May 2008, right at end of my own patching effort on DNS," Kaminsky told The Register on Friday …
Iain Thomson, 20 Feb 2016
Closeup of man's hands holding credit cards and using mobile phone. Pic vis SHutterstock

Web apps? It's mobile apps biz bosses should worry about – HPE

Mobile application security is beginning to eclipse that of web apps as a significant risk to enterprises, according to a new study by Hewlett Packard Enterprise. Approximately 75 per cent of the mobile applications scanned exhibited at least one critical or high-severity security vulnerability, compared to 35 percent of non- …
John Leyden, 17 Feb 2016
Two upended shopping trolleys in an alleyway. Photo by Cyron, licensecd under CC 2.0

Idiot e-tailers falling for fake patch that exploits year-old Magento hole

Malware researcher Denis Sinegubko says attackers are compromising and stealing credit cards from online shops that run on eBay's Magento platform by masquerading as an applied patch for a nasty bug in a bid to hide from admins. The dangerous "shoplift" bug patched last year is a remote code execution hole that turns hackers …
Darren Pauli, 16 Feb 2016
shutterstock_gold

Hack VMware, score US$75K. Hack Flash, get much less

CanSecWest There's US$75,000 up for grabs to hackers who compromise VMware's hypervisor software in an upgraded Pwn2Own contest next month. The next challenge represents a significant boost to the difficulty of the hacking competition in which popular hardware and software products are publicly flayed by cyber-security gurus. The …
Darren Pauli, 12 Feb 2016
Cartoon - Private SNAFU

It's 2016 and a font file can own your computer

Updated Cisco-owned Talos has announced a bunch of font library bugs present in apps running on Windows and Linux, affecting client and-server-side machines. The problem is in the Libgraphite library, and means that applications using the library to load .TTF font files can inherit its vulnerabilities. All that's needed for a …