Security News

UPnP vulnerability lets attackers steal data, scan internal networks
2020-06-09 13:24

A vulnerability in Universal Plug and Play, which is implemented in billions of networked and IoT devices - personal computers, printers, mobile devices, routers, gaming consoles, Wi-Fi access points, and so on - may allow unauthenticated, remote attackers to exfiltrate data, scan internal networks or make the devices participate in DDoS attacks. About UPnP. UPnP is a set of networking protocols that allows networked devices to automatically discover and interact with each other when on the same network.

Incredible how you can steal data via Thunderbolt once you've taken the PC apart, attached a flash programmer, rewritten the firmware...
2020-05-11 23:42

It's possible to extract data from a computer via its Thunderbolt port - once you've got the case off, plugged in a flash programmer, and reprogrammed the controller's firmware to grant access. A miscreant would need to have physical access to the machine long enough to unscrew the case, attach an SPI flash programmer with an SOP8 clip to rewrite the Thunderbolt port controller's firmware to unlock access, and then attach a device to the interface to copy data via PCIe and DMA through the port, and then, if necessary, flash back the original firmware and fit the computer back together.

Rare Android Stalkerware Can Steal Data, Control Devices
2020-03-17 11:44

A recently discovered piece of Android stalkerware can install itself persistently on the system partition and steals the file containing the hash sum for the screen unlock pattern or password to allow its operators to unlock devices. Referred to as MonitorMinor, the stalkerware targets communication applications to intercept victims' conversations, including LINE, Gmail, Zalo, Instagram, Facebook, Kik, Hangouts, Viber, Hike News & Content, Skype, Snapchat, JusTalk, and BOTIM. Given that Android sandboxes applications to prevent direct communications between them - this feature is called DAC, or Discretionary Access Control - MonitorMinor requires root access to bypass the security system and perform nefarious activities.

DoppelPaymer Ransomware Used to Steal Data from Supplier to SpaceX, Tesla
2020-03-03 11:56

A company that provides custom parts to aerospace giants Lockheed Martin, SpaceX and Boeing, has been the target of an attack by an emerging type of ransomware that can both encrypt files and exfiltrate data. Attackers also tweeted in an account using the name "DoppelPaymer" that more files were on the way, alerting researchers that attackers likely used the DoppelPaymer ransomware in the attack, according to reports.

Hackers Can Steal Data From Air-Gapped Computers Via Screen Brightness
2020-02-05 18:21

Researchers have shown how hackers could silently exfiltrate sensitive information from air-gapped computers by manipulating the brightness of their screen. Researchers from Ben-Gurion University previously demonstrated how hackers could exfiltrate data from air-gapped systems via power lines, magnetic fields, infrared cameras, router LEDs, scanners, HDD activity LEDs, USB devices, the noise emitted by hard drives and fans, and heat emissions.

Plundervolt Attack Uses Voltage to Steal Data From Intel Chips
2019-12-11 21:07

A newly disclosed attack targeting Intel processors utilizes CPU voltage modifications to expose data stored using Intel's Secure Guard Extensions (SGX).  read more

Raccoon Malware Scavenges 100,000+ Devices to Steal Data
2019-10-24 18:47

A new information stealer is gaining rapid popularity with the cybercriminal community - leading to it infecting hundreds of millions of victims.

NetCAT: New Attack Lets Hackers Remotely Steal Data From Intel CPUs
2019-09-11 13:18

Unlike previous side-channel vulnerabilities disclosed in Intel CPUs, researchers have discovered a new flaw that can be exploited remotely over the network without requiring an attacker to have...

NetCAT Attack: Hackers Can Remotely Steal Data From Servers With Intel CPUs
2019-09-11 09:51

Researchers have discovered yet another side-channel attack method that can be exploited to steal potentially sensitive data from devices powered by Intel processors. read more

Flaw in Evernote Extension Allows Hackers to Steal Data
2019-06-12 14:22

A vulnerability identified by researchers in a popular Evernote extension for Chrome can be exploited by hackers to steal sensitive information from the websites accessed by a user. read more