Security News

Cybersecurity researchers have disclosed a new backdoor program capable of stealing user login credentials, device information and executing arbitrary commands on Linux systems. The malware dropper has been dubbed "Facefish" by Qihoo 360 NETLAB team owing its capabilities to deliver different rootkits at different times and the use of Blowfish cipher to encrypt communications to the attacker-controlled server.

A team of security researchers from Google has demonstrated yet another variant of the Rowhammer vulnerability that targets increasingly smaller DRAM chips to bypass all current mitigations, making it a persistent threat to chip security. Dubbed "Half-Double," the new hammering technique hinges on the weak coupling between two memory rows that are not immediately adjacent to each other but one row removed in an attempt to tamper with data stored in memory and attack a system.

A team of researchers from Google has identified a new Rowhammer attack technique that works against recent generations of dynamic random-access memory chips. The new attack method disclosed this week by Google, which researchers have dubbed "Half-Double," shows that the effects of Rowhammer can extend beyond immediate neighbors, thus bypassing some of the existing defenses.

Aqua Security announced that its Team Nautilus researchers were tapped by the MITRE ATT&CK team to contribute to the development of the new Container Framework. Aqua's contributions help to create a foundation for cloud security methodologies and shape the future of container security by illuminating key cloud native security attack vectors and methods observed in the wild by Aqua's threat research team.

State-sponsored hackers affiliated with North Korea have been behind a slew of attacks on cryptocurrency exchanges over the past three years, new evidence has revealed. Attributing the attack with "Medium-high" likelihood to the Lazarus Group, researchers from Israeli cybersecurity firm ClearSky said the campaign, dubbed "CryptoCore," targeted crypto exchanges in Israel, Japan, Europe, and the U.S., resulting in the theft of millions of dollars worth of virtual currencies.

You'd think with all the recent discussion about consent, researchers would more carefully observe ethical boundaries. A group of researchers from the University of Minnesota not only crossed the line but ran across it, screaming defiantly the whole way.

Following an eight-month audit of the code in the latest infotainment system in Mercedes-Benz cars, security researchers with Tencent Security Keen Lab identified five vulnerabilities, four of which could be exploited for remote code execution. In addition to targeting the main infotainment head unit, the security researchers also analyzed Mercedes-Benz's T-Box, successfully exploited some of the identified attack scenarios, and even combined some of them to compromise the head unit even in real-world vehicles.

As more private data is stored and shared digitally, researchers are exploring new ways to protect data against attacks from bad actors. Current silicon technology exploits microscopic differences between computing components to create secure keys, but AI techniques can be used to predict these keys and gain access to data.

Security researchers have discovered a way to leverage Apple's Find My's Offline Finding network to upload data from devices, even those that do not have a Wi-Fi or mobile network connection. Using Bluetooth Low Energy, the data is being sent to nearby Apple devices that do connect to the Internet, and then sent to Apple's servers, from where it can be retrieved at a later date.

A group of election security experts said after a deep dive into Australia's electronic voting systems that they have "Serious problems" with the accuracy, integrity and privacy with elections run by the Australian Capital Territory Electoral Commission. The team of four cybersecurity professionals concluded that the ACT e-voting system errors did not impact any election outcomes, but could potentially sway future vote counts if left uncorrected.