Blog

Archive for the ‘cybercrime/malcode’ category: Page 119

Jun 22, 2021

Bugs in NVIDIA’s Jetson Chipset Opens Door to DoS Attacks, Data Theft

Posted by in categories: cybercrime/malcode, drones, information science, internet, robotics/AI

Chipmaker patches nine high-severity bugs in its Jetson SoC framework tied to the way it handles low-level cryptographic algorithms.

Flaws impacting millions of internet of things (IoT) devices running NVIDIA’s Jetson chips open the door for a variety of hacks, including denial-of-service (DoS) attacks or the siphoning of data.

NVIDIA released patches addressing nine high-severity vulnerabilities including eight additional bugs of less severity. The patches fix a wide swath of NVIDIA’s chipsets typically used for embedded computing systems, machine-learning applications and autonomous devices such as robots and drones.
Impacted products include Jetson chipset series; AGX Xavier, Xavier NX/TX1, Jetson TX2 (including Jetson TX2 NX), and Jetson Nano devices (including Jetson Nano 2GB) found in the NVIDIA JetPack software developers kit. The patches were delivered as part of NVIDIA’s June security bulletin, released Friday.

Jun 21, 2021

Microsoft Would Like You to Stop Downloading Leaked Windows 11

Posted by in categories: cybercrime/malcode, futurism

At some point in the next few months, Microsoft will start encouraging people to upgrade to Windows 11. If we’re lucky, the company will have learned from its “Get Windows 10” debacle and will not launch a glorified malware application. Regardless of how the company approaches the topic, however, you can bet we’re all going to get blitzed with advertising one way or another.

But that lovely event/hostage-taking is still in the future. For now, Microsoft would appreciate it if everyone stopped downloading the leaked version of Windows 11 that popped up last week. In the process, the OS developer has confirmed what everybody already knew — Windows 11 is, in fact, an official thing that’s happening.

Jun 21, 2021

Binance Smart Chain DeFi Project Impossible Finance Hacked

Posted by in categories: cybercrime/malcode, finance

Another DeFi project on the Binance Smart Chain has been exploited. This time, attackers nabbed $500000 from Impossible Finance.

Jun 19, 2021

Microsofts new security tool will discover firmware vulnerabilities, and more, in PCs and IoT devices

Posted by in categories: cybercrime/malcode, futurism

In the future, Weston would like to see ReFirm become part of the certification. “To not only make sure that you’re shipping the device secure, but that it’s being scanned regularly by this ReFirm firmware technology and you’re keeping the firmware up to date.”

Despite the name, ReFirm might not stay restricted to firmware. Microsoft has static and dynamic analysis tools it can add to the product, which Weston compared to VirusTotal’s frequent updates with new analysis options. “I can keep putting layers of tools in that analysis pipeline. I think this has the opportunity to be a VirusTotal-like product that, rather than looking for malware, is looking for vulnerabilities in an arbitrary object. We’re focused on firmware because that seems like the right application, but it could be VM snapshots or many, many other things.”

There’s good news for fans of the open-source Binwalk tool, too. Microsoft will be investing heavily in that, because it’s already widely used by multiple teams across the company who have feature requests, says Weston: “I think we probably have a few years’ worth of backlog ideas already!”

Jun 17, 2021

Threat Actors Use Google Docs to Host Phishing Attacks

Posted by in categories: cybercrime/malcode, internet

Exploit in the widely used document service leveraged to send malicious links that appear legitimate but actually steal victims credentials.

Threat actors are exploiting Google Docs by hosting their attacks within the web-based document service in a new phishing campaign that delivers malicious links aimed at stealing victims’ credentials.

Researchers at email and collaboration security firm Avanan discovered the campaign, which is the first time they said they’ve seen attackers use this type of exploit in Google’s hosted document service, according to a report published Thursday by Jeremy Fuchs, marketing content manager for Avanan.

Jun 17, 2021

Researchers Uncover Process Ghosting — A New Malware Evasion Technique

Posted by in category: cybercrime/malcode

A new malware evasion technique has been discovered by researchers — ‘Process Ghosting’

Jun 16, 2021

Millions of Connected Cameras Open to Eavesdropping

Posted by in categories: cybercrime/malcode, habitats, robotics/AI

A supply-chain component lays open camera feeds to remote attackers thanks to a critical security vulnerability.

Millions of connected security and home cameras contain a critical software vulnerability that can allow remote attackers to tap into video feeds, according to a warning from the Cybersecurity and Infrastructure Security Agency (CISA).

The bug (CVE-2021–32934, with a CVSS v3 base score of 9.1) has been introduced via a supply-chain component from ThroughTek that’s used by several original equipment manufacturers (OEMs) of security cameras – along with makers of IoT devices like baby-and pet-monitoring cameras, and robotic and battery devices.

Jun 16, 2021

Facebook awards $30,000 bounty for exploit exposing private Instagram content

Posted by in category: cybercrime/malcode

According to a Medium blog post penned by bug bounty hunter Mayur Fartade on Tuesday, a set of vulnerable endpoints in the Instagram app could have allowed attackers to view private media on the platform without following a target account.

This included private and archived posts, stories, and reels.

If an attacker obtains a target user’s Media ID, via brute-force or through other means, they could then send a POST request to Instagram’s GraphQL endpoint, which exposed display URLs and image URLs, alongside records including like and save counts.

Jun 14, 2021

Amazon Sidewalk could raise your Wifi bill cybersecurity, expert says

Posted by in categories: cybercrime/malcode, habitats, internet

LYNCHBURG, Va (WSET) — Strangers may soon be able to use your Wi-Fi — It’s all through Amazon Sidewalk.

It’s an internet-sharing network for Amazon Echo, Ring and Tile devices. Officials say it’s a way to use WiFi from neighboring homes that also have Amazon products.

Randy Marchany a cybersecurity expert with Virginia Tech feels this is another way to collect information. He says it’s specifically picking up on user habits and whereabouts.

Jun 13, 2021

Google Issues Warning For 2 Billion Chrome Users

Posted by in categories: cybercrime/malcode, futurism

This is the sixth zero day vulnerability to be found in Chrome since the turn of the year and the latest version of Chrome also contains a total of 10 security patches, seven of which are listed as ‘High’ threat with another described as ‘Critical’. To its credit, Google has been consistently quick to release fixes for these flaws with the current fix taking under a week.

If you have been holding off updating your browser, now is the time to put that right. Speaking to BleepingComputer, cyber security vendor Kaspersky warned that a new group of hackers calling themselves ‘PuzzleMaker’ have been successful in hacking both Chrome and Windows this month with Microsoft also issuing an urgent upgrade warning to Windows users.

Kaspersky advises that further undisclosed zero-day hacks in the near future could not be ruled out, so stay alert and make sure both your browser and operating system security are kept up to date.