There's some bad news if you own a computer driven by an Intel processor. Recently, a dangerous, catastrophic security flaw has been discovered in Intel's X86-64 architecture that allows hackers to access the kernel, which sits at the heart of your OS. By accessing the kernel, a hacker can gain access to virtually everything on the targeted machine. This is accomplished by way of a little-known feature called "speculative execution" which allows the processor to perform operations before … Read more
Corporate Attacks On The Rise Through Vulnerable Printers
Few things are more ubiquitous in an office environment than printers. Of course, these days, most printers are much more than simply that. They can also scan, copy and even send emails. As such, they've become an increasingly attractive option to hack, according to the latest data released by Barracuda Networks. The reason is simple. Most printers aren't as well protected as PCs and other devices on your network. They're the weak point in your company's defensive armor. The upsurge in … Read more
Windows 10 Third Party Password Manager Could Have Security Issue
Do you use "Keeper?" If you're not sure what it is, then you probably don't. It's a password manager that Microsoft has been bundling with some of its Windows 10 releases. Either way, there's a serious flaw in its design that you should be aware of. Earlier in the year, Tavis Ormandy, a researcher on Google's Project Zero team, discovered a bug that saw Keeper injecting privileged user information into web pages, exposing all manner of private data unnecessarily to website owners. The … Read more
Researchers Find Malware Targeting Industrial Systems
In the malware ecosystem, few strains are more terrifying than those that target industrial control systems. Think Stuxnet, Industroyer and IronGate. Recently, security researchers from FireEye have identified a new threat in this class of malware. Alternately called "Triton" or "TRISIS," this new code targets Triconex Safety Instrumented Systems (SIS) controllers, which are manufactured by Schneider Electric. These control systems are found in a wide range of industrial equipment. They are, in … Read more
DirecTV Genie DVR May Have A Major Vulnerability
If you have a Genie DVR system, you should be aware of a major security flaw in the firmware that could allow a hacker to take complete control over the device. At issue is the equipment offered by AT&T as part of their free DireTV WVB Kit. Researchers of the ZDI initiative and Trend Micro discovered a zero-day vulnerability in one of the core components of the system, Linksys WVBR0-25, which is a Linux-powered wireless video bridge. It is this bridge that allows customers to connect up … Read more
Data On 123 Million US Households Leaked Online
Security researchers at UpGuard recently made a terrifying discovery in finding an unprotected Amazon S3 server containing several databases belonging to a data analytics provider called Alteryx. While the server contained a variety of databases, the two that are of biggest concern belonged to Alteryx's business partners, Experian and the US Census Bureau. Of these, far and away the most damaging database was the one belonging to Experian. As a credit reporting agency, Experian has access … Read more
Files Containing Nearly 1.5 Billion Passwords Leaked On The Internet
Researchers from the security firm 4iQ have made a disturbing discovery on the dark web. A massive repository has been discovered that contains a staggering 1.4 billion usernames and passwords in plain text. The repository is well organized, with each letter of the alphabet having its own directory to facilitate rapid search, and 4iQ has tested a subset of the data it contains and found an alarming percentage of the usernames and passwords to be viable. It should be noted that this data … Read more
New “MailSploit” Allows Email Spoofing
Phishing attacks just got a whole lot easier. A German security researcher named Sabri Haddouche has recently discovered a set of email vulnerabilities that have been collectively dubbed "Mailsploit." At the root, these vulnerabilities stem from the way most email systems interpret addresses encoded with a 1992 standard called RFC-1342. The standard is that all information in an email header must be an ASCII character. If a non-ASCII character is encountered, it gets converted. … Read more
Some Websites Can Force Your Computer To Mine Cryptocurrency
Researchers at Malwarebytes have discovered a new exploit that allows malicious website owners to use your PC to mine various forms of cryptocurrency, even if you exit the browser window the malicious site was displayed on. The exploit relies on a smart pop-under trick. A code on the website determines your monitor's resolution and places a ghost browser session sitting behind the clock on the MS Windows task bar, where it continues to mine cryptocurrency, utilizing a portion of your CPU's … Read more
Ransomware Attackers Are Increasing Their Attacks On Businesses
The ransomware ecosystem is maturing. Strains are divided into "families" and the number of new families that have been discovered in 2017 is half what it was in 2016. Even so, the total number of attacks targeting businesses have risen by 26 percent over last year's totals, according to the latest statistics released by Kaspersky Lab. Rather than inventing wholly new software strains, hackers around the world seem content to modify existing strains, with the number of modifications growing … Read more
