code

now browsing by tag

 
 

#hacking | Dismissed PHP flaw shown to pose code execution risk

Source: National Cyber Security – Produced By Gregory Evans debug_backtrace reloaded A PHP bug initially dismissed as posing no security threat could potentially enable code execution outside the sandbox in shared-server environments, a new exploit has revealed. Discovered in the popular website language nearly two years ago, the vulnerability can allow attackers to execute arbitrary […] View full post on AmIHackerProof.com

Cyber security #firm warns of #rising #QR code #scams

Source: National Cyber Security – Produced By Gregory Evans

A leading regional cyber security services provider, Quann Malaysia (formerly known as e-Cop Malaysia), has warned of scammers starting to use fake ‘quick response’ (QR) codes to steal data and money from users.

Quann Malaysia, in a statement, said the black-and-white squares were often seen on websites, restaurants, advertisements, rental bikes and retail outlets — to enable users to quickly scan to unlock, or retrieve information related to a business.

Read More….

The post Cyber security #firm warns of #rising #QR code #scams appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Hackers #Release #Huawei #Router #Exploit Code Used in #IoT #Botnet

Source: National Cyber Security – Produced By Gregory Evans

Today’s topics include the Huawei router exploit code used in the Satori IoT botnet going public; a rise in GPU sales in 2017; and LinkedIn expanding its job seeker toolkit ahead of the new year.

Researchers at NewSky Security reported Dec. 28 that code from the Satori internet of things botnet that exploits a Huawei router vulnerability has been publicly posted on the internet. The vulnerability, which internet service providers had shut down earlier this month, was discovered by security firm Check Point, which reported the issue to Huawei on Nov. 27.

“An authenticated attacker could send malicious packets to port 37215 to launch attacks. Successful exploit could lead to the remote execution of arbitrary code,” Huawei said.

Check Point reported that the root cause of the flaw is linked to Huawei’s implementation of the Universal Plug and Play protocol via the TR-064 technical report standard. Huawei implementation allowed remote attackers to inject arbitrary commands, which hackers used to build the Satori botnet.

Maya Horowitz, Threat Intelligence Group Manager at Check Point, said “[Users should] change the default password on their router,” and recommends that end users running Huawei routers behind a firewall or Intrusion Prevention System should configure those devices to block the exploit’s traffic.

Jon Peddie Research released Dec. 29 its annual review of graphics processing unit developments, and the results indicate good things for the year past and for 2018. Despite an overall slowdown in worldwide sales of PCs, PC-based GPU sales have been increasing at the same rate as mobile devices.

Sales in the console market have also increased over the year, where integrated graphics are in every console. The IT business has seen a few new GPUs showing the path for future developments and subsequent applications, and 2017 was a solid year for GPU development driven by games, eSports, artificial intelligence, cryptocurrency mining and simulations.

Autonomous vehicles started to become a reality, as did augmented reality. Mobile GPUs, exemplified by Qualcomm, ARM and Imagination Technologies, introduced some advanced devices with long battery life and screens at or approaching 4K.

Jon Peddie Research said, “2018 is going to be an even more amazing year [for GPUs], with AI being the leading applications that will permeate every sector of our lives.”

LinkedIn, Microsoft’s business-focused social network, has new features to help members land a new job or build the skills required for a career change.

This is just in time for the many people, particularly IT workers, who are considering switching jobs in 2018, according to Spiceworks’ recent 2018 IT Career Outlook survey. Nearly a third of IT workers in North America and Europe plan to look for a new job in 2018 with higher salaries and opportunities to improve their skills sets.

LinkedIn is now issuing monthly notifications alerting users to trending skills among folks with the same job title. If members already possess a given skill, they can add it to their profiles, improving the chances that interested employers will come calling. If they lack the expertise, users can click on a skill to see corresponding LinkedIn Learning courses, along with the organizations that are hiring people with that skill.

The post Hackers #Release #Huawei #Router #Exploit Code Used in #IoT #Botnet appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

NSA #hacking #code lifted from a #personal #computer in #U.S

Source: National Cyber Security – Produced By Gregory Evans

NSA #hacking #code lifted from a #personal #computer in #U.S

Moscow-based multinational cybersecurity firm Kaspersky Lab on October 25 said that it obtained suspected National Security Agency (NSA) hacking code from a personal computer in the U.S. During the review of file’s contents, a Kaspersky analyst discovered it contained the source code for a hacking tool later attributed to what it calls the Equation Group.

Kaspersky said it assumed the 2014 source code episode was connected to the NSA’s loss of files. The antivirus software-maker spokeswoman Sarah Kitsos was quoted saying as “we deleted the archive because we don’t need the source code to improve our protection technologies and because of concerns regarding the handling of classified materials”.

Another spokeswoman Yuliya Shlychkova told Reuters that removals of such uninfected material happen “extremely rarely.”

Meanwhile, Democratic Senator Jeanne Shaheen sent a letter to the Department of Homeland Security (DHS) acting Secretary Elaine Duke and Director of National Intelligence Dan Coats, urging the U.S. government to declassify information about Kaspersky products.

In October this year, the U.S. NSA contractor came under scanner, whose personal computer was equipped with Kaspersky anti-virus software and confidential details were shared with the Russian company. The unidentified NSA contractor had reportedly downloaded a cache of classified information from his workplace, even though he was aware of the consequences that moving such a classified and confidential data without approval is not only against NSA policy, but it also falls under criminal offence.

Kaspersky Lab repeatedly denied that it has any unethical ties to any government and said it would not help a government with cyber espionage or offensive cyber efforts. It also highlighted that more than 85% of its revenue comes from outside Russia. It maintains that it has no connection with Russian intelligence but it is registered with the Federal Security Service.

To restore people’s and government’s trust again, Kaspersky on October 23 allowed to have his company’s source code audited independently by internationally recognized independent authorities in the first quarter of 2018. As part of comprehensive transparency initiative, the firm plans to open three transparency centers across the U.S., Europe and Asia by 2020.

According to Wall Street Journal, it was reported earlier this month that hackers working for the Russian government appeared to have targeted an NSA worker by using Kaspersky software to identify classified files in 2015.

The New York Times reported on October 10 that Israeli officials reported the operation to the United States after they hacked into Kaspersky’s network.

Following allegations Russian hackers interfered in 2016 U.S. elections, the DHS had banned the Kaspersky Lab software in September 2017, citing concerns the company may be linked to the Kremlin and Russian spy agencies.

The post NSA #hacking #code lifted from a #personal #computer in #U.S appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Simple Registry Hacks Bypass Windows Digital Signature, Opening Gates For Malicious Code

Source: National Cyber Security – Produced By Gregory Evans

Windows Digital Signature check is a mechanism included in Microsoft Windows to make sure that the software or driver you’re trying to install is signed by a trusted entity, and the integrity of its binary file is preserved. This digital frisking is done with the help of their home-grown code-signing…

The post Simple Registry Hacks Bypass Windows Digital Signature, Opening Gates For Malicious Code appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

App lets hackers develop Android ransomware without code

more information on sonyhack from leading cyber security expertsSource: National Cyber Security – Produced By Gregory Evans Creating malware isn’t rocket science anymore. Unlike those old-school hackers, who had to write their own malicious code and run them to hack someone’s computer, all the new hackers need is an Android device. Yes, you’ve read it right. Now, there’s a new Android app that […] View full post on AmIHackerProof.com | Can You Be Hacked?

Voice Changer Software Diamond Updates Its Cyber Security with a New Code Signing from DigiCert

Voice Changer Software Diamond Updates Its Cyber Security with a New Code Signing from DigiCertSource: National Cyber Security – Produced By Gregory Evans Audio4fun, one of the leading companies in multimedia processing tools for over 17 years, announced today that its best-selling product, Voice Changer Software Diamond, has a new code signing certificate issued by DigiCert. This major update will help to better ensure the authenticity and integrity on […] View full post on AmIHackerProof.com | Can You Be Hacked?

Smart TV hack embeds attack code into broadcast signal—no access required

Source: National Cyber Security – Produced By Gregory Evans

Smart TV hack embeds attack code into broadcast signal—no access required

A new attack that uses terrestrial radio signals to hack a wide range of Smart TVs raises an unsettling prospect—the ability of hackers to take complete control of a large number of sets at once without having physical access to any of them. The proof-of-concept exploit uses a low-cost transmitter…

The post Smart TV hack embeds attack code into broadcast signal—no access required appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Hackers Make Off With Panic’s Source Code

Source: National Cyber Security – Produced By Gregory Evans

Hackers Make Off With Panic’s Source Code

Criminals have hacked into one of the computers belonging to iOS and Mac app developer Panic and have stolen a copy of the source code to a number of apps, according to blog post written by Panic’s founder Steven Frank. The theft was confirmed when one of the hackers contacted Frank by email with a sample snippet of the source …

The post Hackers Make Off With Panic’s Source Code appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures