Articles about Exploits

Gerhard Klostermeier. Image: Darren Pauli, The Register.

Hackers pop top 'secure' wireless keyboard and mouse kits, gain RCE

Ruxcon Wireless keyboard and mouse manufacturers including Microsoft, Fujitsu, and Logitech have been forced to fix borked encryption in peripherals that allow physical attackers to hijack computers. Researchers and phDs Gerhard Klostermeier and Matthias Deeg with Germany-based security firm SySS tested five devices badged as secure …
Darren Pauli, 24 Oct 2016
Wanqiao Zhang. Image: Darren Pauli, The Register.

Every LTE call, text, can be intercepted, blacked out, hacker finds

Ruxcon Hacker Wanqiao Zhang of Chinese hacking house Qihoo 360 has blown holes in 4G LTE networks by detailing how to intercept and make calls, send text messages and even force phones offline. The still-live attacks were demonstrated at the Ruxcon hacking confab in Melbourne this weekend, with the demo offering a recording of the …
Darren Pauli, 23 Oct 2016
Image: Seinfield. Credit: NBC.

Como–D'oh! Infosec duo exploits OCR flaw to nab a website's HTTPS cert

Two European security researchers exploited Comodo's crappy backend systems to obtain a HTTPS certificate for a domain they do not own. That cert could be used to impersonate the website, allowing passwords and other sensitive information to be swiped from victims in man-in-the-middle attacks. The infosec bods, Florian Heinz …
Shaun Nichols, 21 Oct 2016

Fruity hacking group juiced by Microsoft's October patch parade

Kaspersky Labs researcher Anton Ivanov says an advanced threat group was exploiting a Windows zero day vulnerability before Microsoft patched it last week. Microsoft says the graphics device interface vulnerability (CVE-2016-3393) allowed attackers to gain remote code execution and elevation of privilege powers. Ivanov's …
Darren Pauli, 21 Oct 2016

US DNC hackers blew through SIX zero-days vulns last year alone

Security researchers have shone fresh light on the allegedly Russian state-sponsored hacking crew blamed for ransacking the US Democratic National Committee's computers. Sednit – also known as APT28, Fancy Bear and Sofacy – has been operating since 2004. The cyber-mob has reportedly infiltrated machines operated by targets as …
John Leyden, 20 Oct 2016

Boffins exploit Intel CPU weakness to run rings around code defenses

US researchers have pinpointed a vulnerability in Intel chips – and possibly other processor families – that clears the way for circumventing a popular operating-system-level security control. ASLR (address space layout randomization) is widely used as a defense against attempts by hackers to exploit software vulnerabilities …
John Leyden, 20 Oct 2016

ShadowBrokers put US$6m price tag on new hoard of NSA hacks

A group thought linked to a Russian hacking outfit has moved to cash in on its cache of likely NSA exploit tooling, by offering it in exchange for 10,000 Bitcoins. The group known as "ShadowBrokers" wrote that they will release a password to a public encrypted cache of alleged NSA tools and exploits. It is the second cache …
Darren Pauli, 17 Oct 2016

IBM: Yes, it's true. We leaned on researchers to censor exploit info

IBM successfully pressured security researchers into yanking offline part of a published vulnerability advisory – even after patches had been distributed to customers. Last Friday, Italian infosec bod Maurizio Agazzini published details of an exploitable bug in the latest four builds of IBM's WebSphere middleware. He posted …
Iain Thomson, 14 Oct 2016

Adding trendy tech SIEM to a hybrid computing setup

As I write this, Security Information and Event Monitoring is considered rather hip and cool. Everyone's talking about it, and the vendors of SIEM software are promoting the life out of it. The thought process that prompts consideration of SIEM is: “No matter what I do to protect myself, an attack is possible so I need to pre- …
Dave Cartwright, 14 Oct 2016

'Pork Explosion' flaw splatters Foxconn's Android phones

Security researcher Jon Sawyer says a limited backdoor has been found in some Foxconn-manufactured Android phones, allowing attackers to root phones they have in hand. The backdoor is the result if a debugging function left over in Foxconn apps bootloader code which can be exploited by attackers wielding appropriate software …
Darren Pauli, 14 Oct 2016
Qualcomm's AllJoyn underpins the range of connectedness that the AllSeen Alliance taps into

Decade-old SSH vuln exploited by IoT botnet armies to hose servers

Hackers are exploiting a 12-year-old vulnerability in OpenSSH to funnel malicious network traffic through Internet of Things (IoT) gizmos, Akamai warns. The SSHowDowN Proxy attack [PDF] exploits a lingering weakness in many default configurations of internet-connected embedded devices. Compromised gadgets are being abused to …
John Leyden, 13 Oct 2016
Acer XR341CKA gaming monitor

Time to crack down on sales of dragon's gold - securobods

Security researchers have urged gaming companies to crack down on virtual currency auction and sales sites, reckoning criminals are cashing in to launder stolen money. The research team at Trend Micro says most black hats steal the currency using online game exploits or by using malware and phishing to compromise players, …
Darren Pauli, 13 Oct 2016

Hungarian bug-hunters spot 130,000 vulnerable Avtech vid systems on Shodan

It shouldn't surprise anyone that closed circuit television (CCTV) rigs are becoming the world's favourite botnet hosts: pretty much any time a security researcher looks at a camera, it turns out to be a buggy mess. According to this advisory, Avtech's IP cameras and video recorders offer the world the usual list of possible …

Apple iMessage URLs ship OS, device, and IP data to sites, dev says

British developer Ross McKillop says Apple's implementation of URL previews leaks users' IP address and operating system information to websites. The leakage might be a boon to spammers, who could use the operating system information and IP address data to better hone their attacks. Links subject to previews, which displays …
Team Register, 04 Oct 2016

Firefox to doctor Pepper so it can run Chrome's PDF, Flash plugins

Mozilla is investigating hooking up Google Chrome's builtin plugins to Firefox. The foundation's Project Mortar hopes to spare its developers from building and improving non-core components of Firefox by instead providing the same software interfaces that Chromium, the open-source engine of Chrome, provides. That will allow …
Shaun Nichols, 01 Oct 2016

Want to make US$1.5m this weekend? Just jailbreak iOS

Exploit broker Zerodium has tripled its bug bounty for a remote iOS 10 jailbreak vulnerability to US$1.5 million. The outfit previously offered US$500,000 for remote iOS 9 jailbreaks, which was temporarily increased last year when a US$1 million reward was paid out in November to an unnamed hacker group. The increase is …
Darren Pauli, 30 Sep 2016
Image by Lana839

Suspected Russian DNC hackers brew Mac trojan

Suspected Russian hackers fingered for hacking the United States Democratic National Committee (DNC) have brewed a trojan targeting Mac OS X machines in the aerospace sector, says Palo Alto researcher Ryan Olson. The malware relies on social engineering and exploits a well-known vulnerability in the MacKeeper security software …
Darren Pauli, 27 Sep 2016
Arnie Total Recall

Brain plague or estate agents? I know which I'd prefer in Virtual Reality

Life in a London firm is tough: it’s full of jewel heists, flying bullets and car chases. Well, this was the case during my last foray into Virtual Reality. London Heist is one of the showcase games for Sony’s PlayStation VR experience from Sony and it’s virtually perfect, making me feel like the lead in a Guy Richie gangster …
Lucy Orr, 26 Sep 2016

Report: NSA hushed up zero-day spyware tool losses for three years

Sources close to the investigation into how NSA surveillance tools and zero-day exploits ended up in the hands of hackers has found that the agency knew about the loss for three years but didn’t want anyone to know. Multiple sources told Reuters last night that the investigation into the data dump released by a group calling …
Iain Thomson, 23 Sep 2016
Keen Security Lab senior researcher Sen Nie (left) with director Samuel Lv

Hackers hijack Tesla Model S from afar, while the cars are moving

Video Chinese hackers have attacked Tesla electric cars from afar, using exploits that can activate brakes, unlock doors, and fold mirrors from up to 20 kilometres (12 miles) away while the cars are in motion. Keen Security Lab senior researchers Sen Nie, Ling Liu, and Wen Lu, along with director Samuel Lv, demonstrated the hacks …
Darren Pauli, 20 Sep 2016
PRIVATE investigator on the phone, smoking a cigar, looks around suspiciously. Photo by Shutterstock

BOFH: The case of the suspicious red icon

Episode 11 So I'm in the office by myself while the PFY is out doing... something... I guess... when one of our atypical difficult users comes in. "Just one question," he starts, interrupting the thought I started when he walked in on potential loopholes in the gun laws. "My browser has an icon which is red." "What's the icon?" I ask …
Simon Travaglia, 16 Sep 2016

Researcher says Patch Tuesday fix should have been made earlier

Security researcher Kafeine says one of this week's Microsoft patches addresses a vulnerability it knew of since last year, and may only have pulled the patching trigger after a spate of banking trojan attacks. The attacks utilised the low-level flaw (CVE-2016-3351) for cloaking purposes among an arsenal of exploits. The …
Darren Pauli, 16 Sep 2016

French hackers selling hidden .22 calibre pen guns on secret forums

French hackers are selling concealed weapons including so-called pen guns that fire .22 Long Rifle bullets on highly secretive crime forums, threat researcher Cedric Pernet says. Videos of the home-made pen guns scattered around the internet show the weapons in working use. The guns are being sold for €150 (US$169, £127, A$ …
Darren Pauli, 15 Sep 2016

$200k Android bug contest

Google has launched a new contest offering $200,000 to whoever can first find and report a remote-code execution bug in Android. Second place will get $100,000, and third at least $50,000. "The goal of this contest is to find a vulnerability or bug chain that achieves remote code execution on multiple Android devices knowing …
Chris Williams, 14 Sep 2016

US-CERT tells network operators to pay attention and harden up

The US-CERT is warning organisations to harden their networks, because resurgent malware plus the recent publication of powerful exploits proved too hot to ignore. The organisation says that threats like the a leak of Equation Group Adaptive Security Appliance (ASA) tooling are bad enough by themselves, but warns plenty of …
Darren Pauli, 09 Sep 2016
image byemo

Kaspersky to 1337 haxors: take down our power grid. We dare you

Kaspersky Labs is launching a capture-the-flag event at which hackers will have the chance to pop a simulated power station. The hacking events are popular with security types who compete to break into specially set-up systems to obtain flags and score points for feats of exploits, cracking, and pivoting. Kaspersky Labs will …
Darren Pauli, 08 Sep 2016
Africa Studio

Ten-year-old Windows Media Player hack is the new black, again

Net scum are still finding ways to take down users with a decade-old Windows Media Player attack. The vector is a reborn social engineering hatchet job not seen in years in which attackers convince users to run executable content through Windows Media Player's Digital Rights Management (DRM) functionality. Windows Media …
Darren Pauli, 08 Sep 2016
Africa Studio

Mr Chow plates up sticky ransomware

Popular Chinese food chain "Mr Chow's" has been caught plating up ransomware from its website. The fine dining restaurant chain boasts sites in London and across the US and was hacked by attackers injecting the pseudo Darkleech malicious scripts to redirect users. Victims were served a malware money bag through the Neutrino …
Darren Pauli, 07 Sep 2016
CSIRO Parkes Radio Telescope

Flash: Still exploits kits’ MVP

Adobe Flash is the software most widely abused by exploit kits. Security intelligence firm Digital Shadows found that 27 of the 76 identified vulnerabilities abused by exploit kits targeted Adobe Flash. The figures are based on an analysis of software bugs abused by the top 22 exploit kits. Exploit kits are widely used by …
John Leyden, 06 Sep 2016
editorial only image of Whitehall. Pic Daniel Gale/Shutterstock

UK Parliament's back for Snoopers' Charter. Former head of GCHQ talks to El Reg

IPBill The UK Parliament has returned from recess for a fortnight ahead of the conference season. That's just long enough to squeeze in the House of Lords’ committee stage examination of the Investigatory Powers Bill, which resumes this afternoon. The upper chamber had been waiting for the publication of a review of the bill’s bulk …

Sundown exploit kit authors champions of copy-paste hacking

Authors of the Sundown exploit kit have proven themselves masters of copy and paste, stealing exploits from rivals and borking encryption when they opt for originality. Exploit kits offer an arsenal of attacks to the unscrupulous and are popular because they offer many means to point malicious payloads at victim machines. …
Darren Pauli, 05 Sep 2016

Extra Bacon? Yes please, even though the Cisco bug of this name is bad for you

Tens of thousands of Cisco ASA firewalls are vulnerable to an authentication bypass exploit thought to have been cooked up by the United States National Security Agency (NSA). The "Extra Bacon" exploit was one of many found as part of an Equation Group cache leaked by a hacking outfit calling itself the Shadow Brokers. …
Darren Pauli, 05 Sep 2016
Image by Arak Rattanawijittakorn

Angler's obituary: Super exploit kit was the work of Russia's Lurk group

Ruslan Stoyanov was right: what could be history's most advanced financially-driven malware was the progeny of some 50 jailed hackers known as the Lurk group. It is a finding that solves the mysterious demise of the world's most capable exploit kit and one of the biggest threats to end users on the internet. Kaspersky's head …
Darren Pauli, 31 Aug 2016

Muddying the waters of infosec: Cyber upstart, investors short medical biz – then reveal bugs

Analysis A team of security researchers tipped off an investment firm about alleged software vulnerabilities in life-preserving medical equipment in order to profit from the fallout. Researchers at MedSec Holdings, a cybersecurity startup in Miami, Florida, believed they found numerous holes in pacemakers and defibrillators …
Iain Thomson, 26 Aug 2016

Update your iPhones, iPads right now – govt spy tools exploit vulns

Apple has pushed out an emergency security update for iPhones, iPads and iPods after super sophisticated spyware was found exploiting three iOS vulnerabilities. The iOS 9.3.5 upgrade plugs three holes that, according to researchers, are being used right now by the Pegasus surveillance kit – a powerful commercial malware …
Shaun Nichols, 25 Aug 2016

Major update drops for popular Pwntools penetration showbag

The third version of the Pwntools exploit showbag has been released, sporting new Android p0wnage functions and a host of additional modules. The Python development library is the brainchild of the Gallopsled CTF team, which wrote the toolset to help fellow security types build faster exploits for penetration testing and …
Darren Pauli, 24 Aug 2016
Image composite bazzier and valeo5

Equation Group exploit hits newer Cisco ASA, Juniper Netscreen

Hungary-based security consultancy SilentSignal has ported a public exploit to newer models of Cisco's Adaptive Security Appliance (ASA). The firm expanded the attack range of the ExtraBacon Cisco hack hole revealed as part of the Shadow Brokers cache of National Security Agency-linked exploits and tools. The exploit was …
Darren Pauli, 24 Aug 2016

'NSA' hack okshun woz writ by Inglish speeker trieing to hyde

The perpetrator behind the dumping of tools penned by the probably-the-NSA hacking squad called"Equation Group" appears to be a native English speaker, according to linguistic data researcher Shlomo Argamon. Earlier this month some 300 files were circulated online purporting to be stolen from the Equation Group, which is …
Darren Pauli, 23 Aug 2016

Software-defined networking is dangerously sniffable

Software-defined networking (SDN) controllers respond to network conditions by pushing new flow rules to switches. And that, say Italian researchers, creates an unexpected security problem. The researchers were able to persuade their SDN environment to leak information that sysadmins probably don't want out in public, …

Software exploits overrated - it's the humans you need to be watching

Video Weak passwords and phishing offer far easier mechanisms for breaking into most organizations than exploiting software vulnerabilities. A study by US cybersecurity firm Praetorian based on 100 penetration tests and 450 real-world attacks discovered that stolen credentials offer the best way into enterprise networks. Software …
John Leyden, 22 Aug 2016

Snowden files confirm Shadow Brokers spilled NSA's Equation Group spy tools over the web

Documents from the Edward Snowden archive prove that the malware and exploits dumped on the public internet on Monday originated from the NSA. Among the files leaked by whistleblower Snowden in 2013 is a draft NSA manual on how to redirect people's web browsers using a man-in-the-middle tool called SECONDDATE. This piece of …
Iain Thomson, 19 Aug 2016
Man drinks Beer. Photo by shutterstock

Polish developer hacks Android rewards app for free beer

A cunning Polish developer has hacked an Android food and drink rewards app to grant himself unlimited free beer. Kuba Gretzky detailed his excellent exploits in a blog post on Breakdev – though, to deter copycats, he didn't name the rewards app or the precise location within Poland where it was operating. He did, however, …
Gareth Corfield, 19 Aug 2016
Edward Snowden at Think. Image Darren Pauli / The Register

Snowden says Russia ‘probably responsible’ for NSA hack

NSA whistleblower Edward Snowden reckons Russia is the most likely suspect behind the leak of advanced hacking tools allegedly stolen from an elite NSA hacking unit. He postulates a complex motive for the leak involving gaining diplomatic leverage that wouldn’t look out of place in a modern retelling of a John le Carré novel. …
John Leyden, 18 Aug 2016
Smilin' Marv

Cisco confirms two of the Shadow Brokers' 'NSA' vulns are real

It's looking increasingly likely that the hacking tools put up for auction by the Shadow Brokers group are real – after Cisco confirmed two exploits in the leaked archive are legit. The two exploits, listed in the archive directory as EPICBANANA and EXTRABACON, can be used to achieve remote code execution on Cisco firewall …
Iain Thomson, 17 Aug 2016
image by Filip Fuxa

#Shadowbrokers hack could be Russia's DNC counter-threat to NSA

One of the most interesting hacks in recent memory is almost certain to be a compromise of infrastructure operated by an ultra-elite hacking group thought to be the United States' National Security Agency. The breach involves the public release of more than 300 files that showcase a host of exploits against companies including …
Darren Pauli, 17 Aug 2016
Image by Arak Rattanawijittakorn

Demise of Angler, the world's worst exploit kit, still shrouded in mystery

The Angler exploit kit has all-but vanished and whoever knows why isn't talking. Angler was the most powerful and sought-after exploit kit on the market boasting rapid integration of new vulnerabilities that made it able to employ zero day attacks on Flash, Java, and Silverlight. It also employed a battery of complex …
Darren Pauli, 16 Aug 2016

Shadow Broker hacking group auctions off claimed NSA online spy tools

A group calling itself the Shadow Brokers has started an online auction for top-of-the-range tools it claims were stolen from the Equation Group, a digital attack squad linked to the NSA. The Shadow Brokers posted up news of the auction saying (in broken English) that they had been monitoring the Equation Group's servers, had …
Iain Thomson, 15 Aug 2016
Boba Fett

$200,000 for a serious iOS bug? Pfft, we'll give you $500,000, says exploit broker Exodus

Last week Apple made its belated entrance into the bug bounty market, announcing a top award of $200,000 for major flaws in iOS, but Cook & Co have been comprehensively outbid. On Tuesday, exploit trading firm Exodus Intelligence said it is willing to pay $500,000 for a major flaw in iOS 9.3 and above – and the exploit to use …
Iain Thomson, 11 Aug 2016
Android patch

Google says most users 'protected' against 'Quadrooter'

The Quadrooter vulnerabilities in Qualcomm-based Android phones can grant apps total control over devices – but Google reckons malicious code exploiting the flaws should hardly ever reach users. The Chocolate Factory reckons the Verify Apps feature in its Play Store was already blocking apps that tried to take advantage of …

Latest Androids have 'god mode' hack hole, thanks to Qualcomm

Four Qualcomm vulnerabilities grant malware writers total access to modern Android smartphones. Yes, yes, nine hundred meellion "potential" users, if you're counting. Attackers can write malicious apps that, when installed, exploit the software flaws to gain extra privileges on Android Marshmallow and earlier versions of …
Darren Pauli, 08 Aug 2016