Skip to main content

Security

Suspicious event hijacks Amazon traffic for 2 hours, steals cryptocurrency

posted onApril 24, 2018
by l33tdawg

Amazon lost control of a small portion of its cloud services for two hours on Tuesday morning when hackers exploited a known Internet-protocol weakness that allowed them to redirect traffic to rogue destinations. By subverting Amazon's domain-resolution service, the attackers masqueraded as cryptocurrency website MyEtherWallet.com and stole about $150,000 in digital coins from unwitting end users. They may have targeted other Amazon customers as well.

How Android Phones Hide Missed Security Updates From You

posted onApril 24, 2018
by l33tdawg

Google has long struggled with how best to get dozens of Android smartphone manufacturers—and hundreds of carriers—to regularly push out security-focused software updates. But when one German security firm looked under the hood of hundreds of Android phones, it found a troubling new wrinkle: Not only do many Android phone vendors fail to make patches available to their users, or delay their release for months; they sometimes also tell users their phone's firmware is fully up to date, even while they've secretly skipped patches.

​GoGet 'hacker' case stalled awaiting information from Amazon

posted onApril 24, 2018
by l33tdawg

Entrepreneur and self-proclaimed hacker Nikola Cubrilovic has appeared before Sydney Downing Centre Local Court after earlier this year being accused of accessing the systems of car-sharing service GoGet.

Chief Magistrate Judge G Henson heard on Tuesday that Cubrilovic intends to plead not guilty to all charges; however, no official plea has been made, as the prosecution is yet to serve the brief.

Hackers Go After X-Ray, MRI Machines for Corporate Espionage

posted onApril 24, 2018
by l33tdawg

A mysterious hacking group has been spying on the healthcare sector by going as far to infect computers that control X-ray and MRI machines with malware.

Fortunately, sabotage and patient data collection doesn't appear to be a motive behind the hacking. The attackers were probably focused on corporate espionage and studying how the medical software onboard the computers worked, the security firm Symantec said on Monday.

Drupal to Release Second Drupalgeddon2 Patch as Attacks Continue

posted onApril 24, 2018
by l33tdawg

The Drupal core updates, scheduled for April 25 between 16:00 and 18:00 UTC, will deliver a follow-up patch for the highly critical vulnerability tracked as CVE-2018-7600 and dubbed “Drupalgeddon2.”

While Drupal developers have described the upcoming security releases as a follow-up to the updates that fixed Drupalgeddon2, a separate CVE identifier, namely CVE-2018-7602, has been assigned to the new vulnerability.

The “unpatchable” exploit that makes every current Nintendo Switch hackable

posted onApril 24, 2018
by l33tdawg

A newly published "exploit chain" for Nvidia Tegra X1-based systems seems to describe an apparently unpatchable method for running arbitrary code on all currently available Nintendo Switch consoles. Hardware hacker Katherine Temkin and the hacking team at ReSwitched released an extensive outline of what they're calling the Fusée Gelée coldboot vulnerability earlier today, alongside a proof-of-concept payload that can be used on the Switch.

"Fusée Gelée isn't a perfect, 'holy grail' exploit—though in some cases it can be pretty damned close," Temkin writes in an accompanying FAQ.

RSA Conference has a leaky app… again!

posted onApril 20, 2018
by l33tdawg

You wouldn’t expect the organisers of a seminar on nuclear physics to hand out conference badges that were contaminated with dangerous levels of radioactivity.

You wouldn’t expect to attend a workplace health and safety training course in a conference centre where the fire exits had been padlocked shut.

China forces spyware onto Muslim’s Android phones, complete with security holes

posted onApril 11, 2018
by l33tdawg

If you’re a member of the Uyghur Muslim population in Xinjiang, you’re probably used to China’s high level of surveillance that many other countries would find Orwellian.

Whereas many of us are concerned that law enforcement agencies might seek to weaken or open backdoors in secure messaging products running on our smartphones, the Chinese have gone one step further demanding that some eight million Uyghurs, a Turkic ethnic group, install a spyware app known as JingWang Weishi their Android smartphones.