Your NFC capable Android smartphone could be the newest weapon hackers use to steal money from the credit cards in your pocket, researchers find. In a presentation at Hat In The Box Security Conference in Amsterdam, security researchers Ricardo J. Rodriguez and Jose Vila presented a demo of a real world attack, to which all NFC capable Android phones are vulnerable. This attack, delivered through poisoned apps, exploits the NFC feature allowing unethical hackers to steal money from victims’ credit cards anytime the cards are near the victims' phone.
“Think beyond the edges, because the edges are where new things come,” urged Richard Theime in the opening keynote for Hat In The Box Haxpo in Amsterdam. The former priest gone author and futuristic technology guru is well known within the InfoSec community and considered a “father figure” of the hacking convention circuit, keynoting at events such as DefCon and BlackHat.
Enterprise resource planning systems are the unexplored continent of vulnerability research, in spite of the fact that these massive, critical business systems support the inner workings of many large corporations and IT organizations.
A recent run of bugs in SAP, and a presentation at this week’s Hack in the Box conference in Amsterdam, however, could turn the tide and open some eyes to ERP security issues.
Hacking With Pictures; New Stegosploit Tool Hides Malware Inside Internet Images For Instant Drive-by Pwning
Go online for five minutes. Visit a few webpages. How many pictures do you see?
The majority of 3G and 4G USB modems offered by mobile operators to their customers have vulnerabilities in their Web-based management interfaces that could be exploited remotely when users visit compromised websites.
The flaws could allow attackers to steal or manipulate text messages, contacts, Wi-Fi settings or the DNS (Domain Name System) configuration of affected modems, but also to execute arbitrary commands on their underlying operating systems. In some cases, the devices can be turned into malware delivery platforms, infecting any computers they're plugged into.