HITBSecConf2017 Amsterdam (April 10th - 14th)
Register Online Now!
A vulnerability in some popular Netgear routers has gone unpatched for months. Left unchecked, it leaves thousands of home networking devices exposed to full control by hackers, who can then ensnare them in havoc-wreaking botnets. While Netgear has finally released a tentative fix for some models, the delays and challenges in patching all of them help illustrate just how at risk the Internet of Things is—and how hard it is to patch up when things go wrong.
Cyber attacks targeting banks using the global transfer service SWIFT have successfully stolen funds in the months following February's Bangladesh central bank heist, according to a recently discovered letter sent to banks in November.
In the letter, sent on the 2 November to banks worldwide and uncovered today by Reuters, SWIFT warned that due to increasingly sophisticated attacks, there was an escalating threat against banks' systems. It read: "The threat is very persistent, adaptive and sophisticated - and it is here to stay."
Security researcher Andrew Fasano from MIT Lincoln Laboratory said this week that a total of 10 security flaws, if chained together, allows the execution of code remotely as a root user.
"At a first glance, Intel's McAfee VirusScan Enterprise for Linux has all the best characteristics that vulnerability researchers love: it runs as root, it claims to make your machine more secure, it's not particularly popular, and it looks like it hasn't been updated in a long time," the security advisory reads. "When I noticed all these, I decided to take a look."
Microsoft has patched a backdoor in Skype for Mac OSX that would allow an attacker to log and record Skype call audio, retrieve user contact information, read the content of incoming messages, create chat sessions, modify messages, and carry out other malicious activity.
The backdoor provided nearly complete access without authentication to Skype on OS X, and appears to have been around since at least 2010, security vendor Trustwave said in an advisory this week.
Yahoo, which was in the limelight for revealing a massive hack on its users earlier this year, has fixed a highly critical cross-site scripting (XSS) security flaw in its email system that would have allowed attackers to access any email.
The flaw was discovered and reported by Finland-based security researcher Jouko Pynnonen who earned $10,000 for the feat from Yahoo's bug bounty program. The flaw allowed an attacker to read a victim's email or create a virus infecting Yahoo Mail accounts among other things.