Security

In an era of hacker attacks on critical infrastructure, even a run-of-the-mill malware infection on an electric utility’s network is enough to raise alarm bells. But the latest collection of power grid penetrations went far deeper: Security firm Symantec is warning that a series of recent hacker attacks not only compromised energy companies in the US and Europe but also resulted in the intruders gaining hands-on access to power grid operations—enough control that they could have induced blackouts on American soil at will.

By the time President Trump signed his Cybersecurity Executive Order on May 11, it had taken on a mythic air. The administration had produced a series of drafts soon after the inauguration that leaked, circulated, provoked criticism, and motivated refinements. While the months-long wait for the final product felt Godot-like, it ultimately received bipartisan praise for its thoughtfulness. But now, more than 110 days since the clock started, eight deadlines have passed, with eight more quickly approaching.

Researchers from Positive Technologies — a provider of enterprise security solutions — have found a way to disable the Intel Management Engine (ME), a much-hated component of Intel CPUs.

Intel ME is a separate processor embedded with Intel CPUs that runs its own operating system complete with processes, threads, memory manager, hardware bus driver, file system, and many other components.

Point-of-Sale systems from SAP had a vulnerability that allowed them to be hacked using a $25 Raspberry Pi or similar device, according to research unveiled at the Hack in the Box conference in Singapore last week.

Critical vulnerabilities in SAP's POS – since resolved – created a means for hackers not only to steal customers' card data but to gain unfettered control over the server, enabling them to change prices of goods with the help of a simple device, according to ERPScan.

Adam Donenfeld, a researcher with mobile security firm Zimperium, has published today proof-of-concept code for zIVA — a kernel exploit that affects iOS 10.3.1 and previous versions.

The zIVA exploit code allows an attacker to gain arbitrary RW (Read Write) and root access. Apple has addressed the eight vulnerabilities at the heart of this exploit package in a security patch it released in May. One affects the IOSurface kernel extension and seven others affect the AppleAVE Driver kernel extension.

An obscure Apple kernel extension patched in July in iOS 10.3.3 was originally built without security measures in place, according to the researcher who privately disclosed the flaws.

Today at the Hack in the Box security conference in Singapore, Zimperium zLabs’ Adam Donenfeld was scheduled to disclose details on seven flaws he found in the AppleAVEDriver.kext, a video encoder kernel extension, as well as another critical issue in the IOSurface.kext.

The entire corpus of science fiction has trained humanity to fear the day when helpful household and industrial robots turn against it, in a Skynet-style uprising. But a much more near-term threat lurks in the age of automation: not that anthropomorphic gadgets will develop minds of their own, but that a very human hacker will take control of them.

IT systems at the Scottish Parliament have been struck by a "brute force cyber-attack" from an unknown source. Staff have been advised to change passwords as a result of the attack.

Paul Grice, Chief Executive at Holyrood, says that the attack is similar to the one Westminster suffered back in June. The hackers have attempted to crack passwords as well as trying to access parliamentary emails.

Researchers at Kaspersky Lab have found a well-hidden backdoor in NetSang's server management software.

The secret access route, dubbed Shadowpad by its discoverers, lurks in the nssock2.dll library within NetSarang's Xmanager and Xshell software suites. It pings out every eight hours to a command-and-control server with the identity of the compromised computer, its network details, and user names.

Cyber criminals are using Microsoft PowerPoint to install malware. The Windows Object Linking Embedding (OLE) interface is the technology that allows exporting part of a document with a different editing application than the original. According to a report from Trend Micro (via Neowin), users are exploiting the use with PowerPoint slideshows.