Enterprise resource planning systems are the unexplored continent of vulnerability research, in spite of the fact that these massive, critical business systems support the inner workings of many large corporations and IT organizations.
A recent run of bugs in SAP, and a presentation at this week’s Hack in the Box conference in Amsterdam, however, could turn the tide and open some eyes to ERP security issues.
Go online for five minutes. Visit a few webpages. How many pictures do you see?
With the media rich nature of the web, chances are your answer is in the hundreds. It is in this space the future of malicious cyber attacks could be embedded. In a presentation at Hack In The Box in Amsterdam, Net Square security researcher Saumil Shah demonstrated an updated method of his digital steganography project, Stegosploit, which involves embedding executable JavaScript code within an image to trigger a drive by download.
The majority of 3G and 4G USB modems offered by mobile operators to their customers have vulnerabilities in their Web-based management interfaces that could be exploited remotely when users visit compromised websites.
The flaws could allow attackers to steal or manipulate text messages, contacts, Wi-Fi settings or the DNS (Domain Name System) configuration of affected modems, but also to execute arbitrary commands on their underlying operating systems. In some cases, the devices can be turned into malware delivery platforms, infecting any computers they're plugged into.
Identifying users who access Tor hidden services—websites that are only accessible inside the Tor anonymity network—is easier than de-anonymizing users who use Tor to access regular Internet websites.
Security researchers Filipo Valsorda and George Tankersley showed Friday at the Hack in the Box security conference in Amsterdam why Tor connections to hidden services are more vulnerable to traffic correlation attacks.
Respected Apple hacker Pedro Vilaça has uncovered a low-level zero day vulnerability in Mac computers that allows privileged users to more easily install EFI rootkits.
Vilaça says the attack, first thought to be an extension of previous research rather than separate zero day, took advantage of unlocked flash protections when machines go into sleep mode.
A security researcher said he found a way to game Starbucks gift cards to generate unlimited amounts of money on them. Both he and the coffee chain are grumbling after he used a fraudulent card to make a purchase, then repaid the amount and reported the vulnerability.
Security is an applied science. Security properties and secure design are only valid in the context of a particular application or environment. Similarly, hacking techniques and tools are only useful for exploiting specific types of vulnerabilities.
As companies continue to beat the Internet of Things drum, promoting a world when every device is smart, and anything electronic is network connected, we have some news that shows just what a horrible idea this really is. A security firm has found that a Linux kernel driver called NetUSB contains an amateurish error that can be exploited by hackers to remotely compromise any device running the driver. The driver is commonly found in home routers, and while some offer the ability to disable it, others do not appear to do so.
I'll be honest with you. LinkedIn scares me.
For any criminal interested in targeting senior staff in an organisation, it's a goldmine of information.
Apple released on Tuesday its first update for Watch OS, the iOS-based operating system that runs on the Apple Watch.
Watch OS 1.0.1 patches a total of 13 vulnerabilities affecting components such as the kernel, Secure Transport, FontParser, the Foundation framework, IOHIDFamily, and IOAcceleratorFamily.
The FontParser issue exists due to the way font files are processed. An attacker can exploit this vulnerability (CVE-2015-1093) to execute arbitrary code by getting a user to process a maliciously crafted font.
