Security News
Some 3D printers can be flashed with firmware updates downloaded directly from the internet - and an infosec research firm says it has discovered a way to spoof those updates and potentially make the printer catch fire. Research from the appropriately named Coalfire biz claimed printers from Chinese company Flashforge could be abused through crafted updates that bypass safety features built into the devices' firmware.
Critical vulnerabilities in several industrial VPN implementations for remotely accessing operational technology networks could allow attackers to overwrite data, execute malicious code or commands, cause a DoS condition, and more. "Exploiting these vulnerabilities can give an attacker direct access to the field devices and cause some physical damage," Claroty researchers noted.
Researchers have disclosed details of a recently patched, high-severity Dell PowerEdge server flaw, which if exploited could allow an attacker to fully take over and control server operations. The web vulnerability was found in the Dell EMC iDRAC remote access controller, technology embedded within the latest versions of Dell PowerEdge servers.
Cybersecurity researchers on Thursday revealed security issues in the Android app developed by Chinese drone-maker Da Jiang Innovations that comes with an auto-update mechanism that bypasses Google Play Store and could be used to install malicious applications and transmit sensitive personal information to DJI's servers. "Given the wide permissions required by DJI GO 4 - contacts, microphone, camera, location, storage, change network connectivity - the DJI or Weibo Chinese servers have almost full control over the user's phone."
Cybersecurity researchers on Thursday revealed security issues in the Android app developed by Chinese drone-maker Da Jiang Innovations that comes with an auto-update mechanism that bypasses Google Play Store and could be used to install malicious applications and transmit sensitive personal information to DJI's servers. "Given the wide permissions required by DJI GO 4 - contacts, microphone, camera, location, storage, change network connectivity - the DJI or Weibo Chinese servers have almost full control over the user's phone."
The privacy issues were discovered in the DJI GO 4 application, which is the complementary app used to control DJI drones. Researchers with Synacktiv found several concerning privacy issues,, which were then independently confirmed by researchers with GRIMM. "The DJI GO 4 application contains several suspicious features as well as a number of anti-analysis techniques, not found in other applications using the same SDKs," according to researchers with GRIMM, in a Thursday post.
Apple this week kicked off another initiative meant to improve the security of iPhones, by offering hackable phones to security researchers. Specifically designed for security researchers, these devices feature unique code execution and containment policies and are offered as part of the company's Security Research Device program, which was initially announced in December last year.
A team of researchers from the Ruhr University Bochum in Germany has disclosed a series of new attack methods against signed PDF files. Dubbed Shadow Attacks, the new techniques allow a hacker to hide and replace content in a signed PDF document without invalidating its signature.
A working group led by two computer scientists Wolfgang Maass and Robert Legenstein of TU Graz has adopted this principle in the development of the new machine learning algorithm e-prop. Learning is a particular challenge for such less active networks, since it takes longer observations to determine which neuron connections improve network performance.
DDoS attacks have become a global risk, and as attacks continue to increase in complexity, further spurred by the pandemic, ISPs will have to strengthen their security measures. While DDoS attacks disrupt service for large companies and individuals alike, ISPs face increasing challenges to curb undetectable and abnormal traffic patterns before they evolve into uncontrollable reflection attacks.