The US Department of Homeland Security (DHS) says it has detected strange fake cellphone towers – known as IMSI catchers – in America's capital.
These devices, which can masquerade as real phone masts to track people's movements and potentially eavesdrop on calls and texts, represent a real and growing security risk, the agency said.
Intel has issued fresh "microcode revision guidance" that reveals it won’t address the Meltdown and Spectre design flaws in all of its vulnerable processors – in some cases because it's too tricky to remove the Spectre v2 class of vulnerabilities.
The new guidance, issued April 2, adds a “stopped” status to Intel’s “production status” category in its array of available Meltdown and Spectre security updates. "Stopped" indicates there will be no microcode patch to kill off Meltdown and Spectre.
One of the tools I expect to see gain in popularity in the wild is DNS rebinding. DNS rebinding is a technique that turns a victim’s browser into a proxy for attacking private networks. Attackers can change the IP associated with a domain name after it has been used to load JavaScript. Since same-origin policy (SOP) is domain-based, the JavaScript will have access to the new IP.
This blog post outlines some of what I’ve learned while preparing a DNS rebinding lab exercise for Black Hat and SecTor.
There are two general challenges we must overcome to attack network devices:
Two researchers at Black Hat Asia last month gave computers a reason to sleep with one eye open in their demo of "S3 Sleep," a new attack vector used to subvert the Intel Trusted eXecution Environment (TXT). A flaw in Intel TXT lets hackers compromise a machine as it wakes up.
In een presentatie op Hack in the Box in Amsterdam demonstreert beveiligingsonderzoekers Bernhard Mueller volgende maand hoe zijn Ethereum-codescanner Mythril in de praktijk werkt. Hij schreef de tool in Python om Etherum-code te analyseren.
A great many of us are living, staying or working in “smart” buildings, relying on automated processes to control things like heating, ventilation, air conditioning, lighting, security and other operation systems. We expect those systems to work without a glitch and withstand attacks but, unfortunately, the security of these systems is still far from perfect.
A security researcher based in Germany has identified a flaw in the way Apple's iOS 11 handles QR codes in its Camera app.
Last year, with the launch of iOS 11, Apple gave its Camera app the ability to automatically recognize QR codes.
Over the weekend, Roman Mueller found that this feature has a bug that can be used to direct people to unexpected websites.
The first step involves creating a QR code from a URL, such as this one:
https://xxx\@facebook.com:443@infosec.rm-it.de/
Researchers from the College of William and Mary, Carnegie Mellon, the University of California Riverside, and Binghamton University have described a security attack that uses the speculative execution features of modern processors to leak sensitive information and undermine the security boundaries that operating systems and software erect to protect important data.
That probably sounds familiar.
Amsterdam – 24 March 2018: The Industry Internet of Things (IIoT) is at the forefront of smart connected buildings. In the race to be the first to capture any slim openings in this competitive space, device manufacturers may compromise on security standards in order to release their products to market quicker.
L33tdawg: If you like travel hacking, you'll enjoy this talk at #HITB2018AMS next month.
Travel booking website Orbitz has been hacked, the company said.
The site, now owned by Expedia, confirmed in a statement that it "identified and remediated a data security incident affecting a legacy travel booking platform."
