Security News

Researchers at Digital Shadows, a San Francisco-based provider of digital risk protection solutions, have analyzed the traffic statistics of several popular cybercrime forums and they have shared some interesting observations. After seeing Altenen's post, researchers at Digital Shadows decided to look at the traffic statistics of several popular cybercriminal forums, and compared the findings to their own perception of these websites.

The hackers used a personalized URL, tailored to the victim's email address, to trick them into accessing the malicious link, and also attempted to send a malicious ZIP file to the victim. "Clearsky alerted 'Deutsche Welle' about the impersonation and the watering hole in their website. A 'Deutsche Welle' representative confirmed that the reporter which Charming Kitten impersonated, did not send any emails to the victim nor any other academic researcher in Israel in the past few weeks," the security firm says.

Researchers have once again demonstrated that many printers can be hacked remotely, by hijacking 28,000 devices and instructing them to print out a printer security guide. The researchers said the document was printed by nearly 28,000 of those devices, which suggests that 56% of exposed printers can be hijacked.

Avast security researchers have identified vulnerabilities in DVB-T2 devices that could allow attackers to ensnare them in botnets. Many such set-top boxes are primitive, consisting of a TV tuner and an output device, some packing Internet support, and many are highly insecure, Avast's security researchers reveal.

Researchers at Ben-Gurion University of the Negev have developed a new AI technique that will protect medical devices from malicious operating instructions in a cyberattack as well as other human and system errors. Complex medical devices such as CT, MRI and ultrasound machines are controlled by instructions sent from a host PC. Abnormal or anomalous instructions introduce many potentially harmful threats to patients, such as radiation overexposure, manipulation of device components or functional manipulation of medical images.

A hacker crew targeted a luxury estate agency involved in multimillion-pound property deals by deploying malicious plugins for 3D design software Autodesk 3ds Max as part of a potential hacks-for-hire operation. "The Bitdefender investigation revealed the cybercriminal group infiltrated the company using a tainted and specially crafted plugin for Autodesk 3ds Max," the company said in a statement.

Three Purdue University researchers and their teammates at the University of California, Santa Barbara and Swiss Federal Institute of Technology Lausanne have received a DARPA grant to fund research that will improve the process of patching code in vulnerable embedded systems. "Many embedded systems, like computer systems running in trucks, airplanes and medical devices, run old code for which the source code and the original compilation toolchain are unavailable," Antonio Bianchi, assistant professor of computer science at Purdue University said.

Apache recently fixed multiple vulnerabilities in its web server software that could have potentially led to the execution of arbitrary code and, in specific scenarios, even could allow attackers to cause a crash and denial of service. The first of the three issues involve a possible remote code execution vulnerability due to a buffer overflow with the "Mod uwsgi" module, potentially allowing an adversary to view, change, or delete sensitive data depending on the privileges associated with an application running on the server.

Apache recently fixed multiple vulnerabilities in its web server software that could have potentially led to the execution of arbitrary code and, in specific scenarios, even could allow attackers to cause a crash and denial of service. The first of the three issues involve a possible remote code execution vulnerability due to a buffer overflow with the "Mod uwsgi" module, potentially allowing an adversary to view, change, or delete sensitive data depending on the privileges associated with an application running on the server.

A computer science professor at The University of Texas at Arlington is working with researchers to develop a process by which data points in multiple graph layers of massive datasets can be connected in a way that is both highly scalable and will allow analysts to look at it in greater depth. The analysis results preserve semantics and structure and make it easy to create visualizations of the data and results, enabling analysts to picture how the layers of data fit together with greater ease.