Articles about exploit

Prince philip Thames barrier old control room photo Environment Agency

Definitely not another Stuxnet, researchers claim as they demo industrial control rootkit

Black Hat EU Security researchers have come up with another way to hack Programmable Logic Controllers (PLCs) at industrial plants. Ali Abbasi, a PhD student at the University of Twente, and Majid Hashemi, a research engineer at Quarkslab, have developed an attack that involves tweaking the PIN configuration of a system chip in order to …
John Leyden, 8 Nov 2016
lychy 01 http://www.shutterstock.com/gallery-299362p1.html

Hackers hustle to hassle un-patched Joomla! sites

Attackers are already exploiting a dangerous privileged account creation hole in the Joomla! content management system attempting, with attempts made on about 30,000 sites in the days days after a patch for the flaw landed. The vulnerability, which allows anyone to create privileged accounts on Joomla! sites, was first flagged …
Darren Pauli, 2 Nov 2016

App proves Rowhammer can be exploited to root Android phones – and there's little Google can do to fully kill it

Security researchers have demonstrated how to gain root privileges from a normal Android app without relying on any software bug. The unprivileged application is able to gain full administrative permissions by exploiting the Rowhammer vulnerability present in modern RAM chips. Essentially, malicious code can change the content …
John Leyden, 24 Oct 2016

US DNC hackers blew through SIX zero-days vulns last year alone

Security researchers have shone fresh light on the allegedly Russian state-sponsored hacking crew blamed for ransacking the US Democratic National Committee's computers. Sednit – also known as APT28, Fancy Bear and Sofacy – has been operating since 2004. The cyber-mob has reportedly infiltrated machines operated by targets as …
John Leyden, 20 Oct 2016

Boffins exploit Intel CPU weakness to run rings around code defenses

US researchers have pinpointed a vulnerability in Intel chips – and possibly other processor families – that clears the way for circumventing a popular operating-system-level security control. ASLR (address space layout randomization) is widely used as a defense against attempts by hackers to exploit software vulnerabilities …
John Leyden, 20 Oct 2016
Wi-Fi

BT's Wi-Fi Extender works great – at extending your password to hackers

BT is urging folks to patch the firmware in its Wi-Fi Extender following the discovery of multiple security flaws. Security researchers at Pen Test Partners discovered vulnerabilities with the consumer-grade kit, including cross-site scripting and the ability to change a password without knowing it. Pen Test Partners found it …
John Leyden, 21 Sep 2016
virus_1_648

Your antivirus doesn't like Ammyy. And fraudsters will use that to RAT you out (again)

Crooks have once again targeted users downloading Ammyy's remote access software as a conduit for spreading malware. The tactic – which has been witnessed before, specifically in the infamous Lurk banking trojan – has been in play since early February, 2016. Ammyy Admin is a legitimate software package (used by top …
John Leyden, 19 Jul 2016
shelf filled with many sizes of pink panther dolls

Dedupe, dedupe, dedupe dedupe dedupe... Who snuck in to attack Microsoft Edge?

Security researchers have discovered a means to use previously unknown vulnerabilities found in in-memory deduplication to attack otherwise well-defended systems. The well-known standard compression technique, which is ubiquitous as a way of reducing the memory footprint across virtual machines, is also a by-default feature …
John Leyden, 27 May 2016
Cartoon man with hat and tie. Facial features replaced by question mark.

Miscreants tripled output of proof of concept exploits in 2015

Hackers collectively tripled the production of Proof-of-Concept exploits last year, according to a new study out on Thursday. Researchers and black hats develop proof-of-concept (PoC) exploits for research or demonstration purposes. These PoCs are developed for a various reasons – to demonstrate that software is vulnerable, …
John Leyden, 5 May 2016

Researchers find hole in SIP, Apple’s newest protection feature

Security researchers have discovered a vulnerability that creates a means for hackers to circumvent Apple’s newest protection feature, System Integrity Protection (SIP). SIP is designed to prevent potentially malicious software from modifying protected files and folders. The technology is designed to protect the system from …
John Leyden, 24 Mar 2016

How to evade Apple's anti-malware Gatekeeper in OS X and really ruin a fanboy's week

The myth that Macs are inherently more secure than Windows PCs has taken another hit. Patrick Wardle, a former NSA staffer who now heads up research at crowdsourced security intelligence firm Synack, has found a new route around Apple's defensive Gatekeeper technology. Apple's Gatekeeper utility is built into OS X, and is …
John Leyden, 1 Oct 2015

North Korea exploits 0-day in Seoul's favourite word processor

FireEye researchers Genwei Jiang and Josiah Kimble say attackers from North Korea exploited a zero day vulnerability in a word processor popular with the South Korea's government. The attackers went after the vulnerability (CVE-2015-6585) in the Hangul Word Processor prior to a patch issued last Monday. Accurate attribution …
Darren Pauli, 10 Sep 2015

Hacking Team Flash exploit leak revealed lightning reflexes of malware toolkit crafters

Black Hat 2015 When the Italian surveillanceware maker Hacking Team got hacked last month, the intruders unwittingly set the groundwork for a very interesting research project. Tracking the time from a vulnerability being found in some software to seeing it exploited in the wild is tricky – malware writers don't often publicize their …
Iain Thomson, 5 Aug 2015

Major web template flaw lets miscreants break out of sandboxes

Black Hat 2015 A serious fresh category of web security vulnerability creates the potential for all sorts of mischief, security researchers warn. Template engines are widely used by web applications in order to present dynamic data via web pages and emails. The technology offers a server-side sandbox. The commonplace practice of allowing …
John Leyden, 5 Aug 2015
Locutus of Borg, aka Patrick Stewart aka Jean Luc Picard

Borg patches enterprise ASR router DoS hole

Cisco has closed a hole in its ASR 1000 line of enterprise and service provider-grade routers that could trigger denial of service. Attackers can exploit the hole by crafting a series of packets that cause the routers to reload and cut net services. The Borg says it has not witnessed attacks in the wild. "A vulnerability in …
Darren Pauli, 31 Jul 2015
Venomous snake

VENOM virtual vuln proves less poisonous than first feared

Analysis A newly discovered vulnerability in many popular virtual machine platforms is serious, but nowhere near as bad as last year’s Heartbleed vulnerability, according to security experts. Dubbed VENOM (Virtualized Environment Neglected Operations Manipulation), the zero-day flaw takes advantage of the “virtual floppy disk …
John Leyden, 14 May 2015

Sysadmins, patch now: HTTP 'pings of death' are spewing across web to kill Windows servers

The SANS Institute has warned Windows IIS web server admins to get patching as miscreants are now exploiting a flaw in the software to crash websites. The security bug (CVE-2015-1635) allows attackers to knock web servers offline by sending a simple HTTP request. Microsoft fixed this denial-of-service vulnerability on Tuesday …
Iain Thomson, 16 Apr 2015
picard

Android SDK nonce flaw lets hackers fiddle with your Dropbox privates

IBM's security team has found an unsettling flaw that can leave the Dropbox accounts of mobile users wide open to snooping by attackers. The researchers spotted some sloppy coding in Dropbox's SDK Version 1.5.4 for Android. Applications that link to Dropbox accounts using the SDK may be vulnerable, owing to a flaw that can …
Iain Thomson, 11 Mar 2015

Create a news alert about exploit, or find more stories about exploit.

Biting the hand that feeds IT © 1998–2018