How does this chip flaw impact on Linux? The flaw is OS independent, so the impact is far more reaching than just Linux, including Windows, MacOS, and virtual and cloud environments The flaw in the Intel chip is that the process used to ensure users do not have access to the kernel has a bug, allowing a user to execute code to read and access kernel level memory access, exposing critical information that would be stored there, like system passwords. A proof of concept has already been seen in the wild that exploits the flaw. This flaw in the Intel…
ISBuzz Team
More DDoS attacks could be on the way after hackers made public the code behind the Satori botnet. The Satori botnet exploits a zero-day vulnerability in a Huawei router model. Julian Palmer, VP of Engineering at Corero commented below. Julian Palmer, VP of Engineering at Corero: “IoTs, including IoT routers are vulnerable devices and are increasingly frequent targets for recruitment into a botnet. The publication of code to exploit a vulnerability in Huawei HG532 routers adds to the inventory of potential DDoS attack nodes, a concerning trend in the cyber security space. This vulnerability simply adds fuel to the fire…
Security researchers have discovered that hackers have publicly released the working code that exploits a zero-day vulnerability in a Huawei router model for free. The malware targets Huawei devices and has already been weaponised in botnet attacks Satori and Brickerbot. Javvad Malik, Security Advocate at AlienVault commented below. Javvad Malik, Security Advocate at AlienVault: It’s not unusual for criminals to share exploit techniques amongst each other, or even release publicly for anyone to utilise. It highlights the importance for enterprises and security researchers to do the same and share threat indicators and data amongst each other so as to be able…
News broke that as the cryptocurrency market continues to grow and coin prices rise, security researchers have warned that a virtual currency “arms race” is looming as nefarious actors look to exploit the lucrative forum. According to security firm Symantec, browser-based cryptocurrency mining activity has not only risen from the dead, but exploded in the last few months of 2017. Andy Norton, Director of Threat Intelligence at Lastline commented below. Andy Norton, Director of Threat Intelligence at Lastline: “We have seen a 700% increase in exploits that include a cryptojacking payload from August to November. cnhv.co, coinhive.com, coin-hive.com and xmrminer.com are currently the top referenced mining domains.”
Consumers acknowledge risks in the breach era but do not take important steps to protect their data and identities COLUMBIA, Md., A study conducted online by Harris Poll, on behalf of Tenable™,Inc., the Cyber Exposure company, has found that many consumers fail to practice basic security cyber hygiene. While nearly all Americans (94 percent) were aware of news stories about security breaches in the past 12 months, few have taken critical steps to protect their data or changed their online habits. The study, conducted among over 2,000 U.S. adults found 44 percent of Americans did not use a password to…
Following the news that a fundamental design flaw in Intel’s processor chips, dating back to 1995 would allow an attacker to read protected memory, IT security experts commented below. Ido Naor, Senior Security Researcher, GReAT at Kaspersky: “Two severe vulnerabilities have been discovered in Intel chips, both of which could enable attackers to seize sensitive information from apps by accessing the core memory. The first vulnerability, Meltdown can effectively remove the barrier between user applications and the sensitive parts of the operating system. The second vulnerability, Spectre, also found in AMD and ARM chips can trick vulnerable applications into leaking their memory contents. “Applications installed on a…
In response to recent think pieces on the end of passwords, an expert in passive behavioral biometrics with NuData Security, a Mastercard Company commented below. Robert W. Capps, Vice President, Business Development at NuData Security: “2018 will be the year when customers, citizens, and companies will have to be identified in new and different ways. 2017 was the year when hackers made personally identifiable information (PII) obsolete by stealing billions of records and selling them on the dark web. More than half of all adults in the U.S. have had their PII compromised. This year, companies will have to transform their authentication platforms…
The latest attacks on critical infrastructure in the Middle East with Triton and Copperfield reveal how cybercriminals and nation-states are probing critical infrastructure networks for any vulnerabilities in Industrial Control Systems (ICS) right down to targeting individual employees. These are industrial grade threats that are getting more sophisticated with each new attack. Edgard Capdevielle, CEO at Nozomi Networks commented below. Edgard Capdevielle, CEO at Nozomi Networks: “Nation-state players, organized crime, individual hackers and disgruntled employees are lining up to take their best shots at critical infrastructure in the coming year. These groups and individuals are developing malware attacks using OT…
Cryptocurrency exchange EtherDelta has suspended service following an alleged hack. Web security company High-Tech Bridge’s CEO, Ilia Kolochenko, commented below on cryptocurrencies simply not having enough skills to protect their infrastructure. Ilia Kolochenko, CEO at High-Tech Bridge: “Unfortunately, this is just a tip of the iceberg. Many crypto currency platforms and exchanges are compromised without even being noticed or publicly disclosed. Many crypto currencies and blockchain startups don’t have enough skills and other resources to protect their infrastructure from sophisticated cyberattacks. Meanwhile, cybercriminals pay more and more attention to the emerging world of blockchain fintech that can bring even more ROI to…
As we get to the end of a busy year for cybersecurity, Unit 42 threat research team at Palo Alto Networks wrap up below the key cybersecurity threats of 2017. The Rise of Unauthorised Coin Mining in the Browser (October 2017) Unit 42 released details of coin mining secretly taking place on consumer devices without the consent of the users. There is a broad spectrum of victims all across the globe, with the highest impact happening in the US and Europe. Unauthorised cryptocurrency mining means that visitors to websites end up coin mining without their knowledge. The mined value goes to the…
