Security News
It's possible to extract data from a computer via its Thunderbolt port - once you've got the case off, plugged in a flash programmer, and reprogrammed the controller's firmware to grant access. A miscreant would need to have physical access to the machine long enough to unscrew the case, attach an SPI flash programmer with an SOP8 clip to rewrite the Thunderbolt port controller's firmware to unlock access, and then attach a device to the interface to copy data via PCIe and DMA through the port, and then, if necessary, flash back the original firmware and fit the computer back together.
A recently discovered piece of Android stalkerware can install itself persistently on the system partition and steals the file containing the hash sum for the screen unlock pattern or password to allow its operators to unlock devices. Referred to as MonitorMinor, the stalkerware targets communication applications to intercept victims' conversations, including LINE, Gmail, Zalo, Instagram, Facebook, Kik, Hangouts, Viber, Hike News & Content, Skype, Snapchat, JusTalk, and BOTIM. Given that Android sandboxes applications to prevent direct communications between them - this feature is called DAC, or Discretionary Access Control - MonitorMinor requires root access to bypass the security system and perform nefarious activities.
A company that provides custom parts to aerospace giants Lockheed Martin, SpaceX and Boeing, has been the target of an attack by an emerging type of ransomware that can both encrypt files and exfiltrate data. Attackers also tweeted in an account using the name "DoppelPaymer" that more files were on the way, alerting researchers that attackers likely used the DoppelPaymer ransomware in the attack, according to reports.
Researchers have shown how hackers could silently exfiltrate sensitive information from air-gapped computers by manipulating the brightness of their screen. Researchers from Ben-Gurion University previously demonstrated how hackers could exfiltrate data from air-gapped systems via power lines, magnetic fields, infrared cameras, router LEDs, scanners, HDD activity LEDs, USB devices, the noise emitted by hard drives and fans, and heat emissions.
A newly disclosed attack targeting Intel processors utilizes CPU voltage modifications to expose data stored using Intel's Secure Guard Extensions (SGX). read more
A new information stealer is gaining rapid popularity with the cybercriminal community - leading to it infecting hundreds of millions of victims.
Unlike previous side-channel vulnerabilities disclosed in Intel CPUs, researchers have discovered a new flaw that can be exploited remotely over the network without requiring an attacker to have...
Researchers have discovered yet another side-channel attack method that can be exploited to steal potentially sensitive data from devices powered by Intel processors. read more
A vulnerability identified by researchers in a popular Evernote extension for Chrome can be exploited by hackers to steal sensitive information from the websites accessed by a user. read more
Washington has warned that Chinese-made drones could be giving spy agencies in Beijing "unfettered access" to stolen data, according to a report in American media. The Department of Homeland...