In Brief: As a result of a hack at Hacking Team, and the subsequent disclosure of nearly 400 BG of documents and tools, a new zero day targeting all versions of Adobe Flash has been reported in the wild. Last Sunday, the firm known as Hacking Team was breached. Amid the 400GB of company disclosed from the controversial Italian company were some zero days. These include two Adobe Flash and Windows kernel zero days. One of the Flash zero days is what Hacking Team described on an internal document as “the most beautiful Flash bug for the last four years.” Adobe has issued an security bulletin for CVE-2015-5119, which affects Windows, Linux, and Apple products. Successful exploitation can result in a crash and remote access to the infected machine. Adobe has said it is working on an emergency patch, which could come as early as today. Trend Micro has identified […]
Recent Posts
Opinion: The IoT’s Wild West is Your Home Network
In-brief: Jackson Shaw of Dell warns that home networks are like the Wild West frontier when it comes to threats to the Internet of Things. Your broadband router is the covered wagon.
AV-Test.org Finds Popular Fitness Trackers Lack Security
Av-Test.org, an organization known for its thorough and independent testing of antivirus products, has found the usual suspects of lack of authentication and encryption — security lapses that are all too common in IoT devices — present in popular fitness bands. Av-Test.org, an organization known for its thorough and independent testing of antivirus products, has found the usual suspects of lack of authentication and encryption—security lapses that are all too common in IoT devices—are also present in popular fitness bands such as those from Fitbit and Acer. While the Jawbone UP24, Polar Loop and Sony Smartband Talk SWR32 scored the best security of those products tested. The researchers admit that counting steps or number of calories burned may not constitute a leak of PII, but acknowledge that in the future that may be different, with manipulation and/or data theft leading to more or less serious threats to user privacy and […]
Akamai Identifies Old Protocol in New DrDoS Attacks
An old protocol found in SOHO routers may be responsible for recent DrDoS attacks, says the security steam at Akamai. Akamai, through the company’s Prolexic Security Engineering & Research Team (PLXsert), issued an alert today for an old protocol that could be used in Distributed Reflection Denial of Service attacks (DrDoS) attacks. Routing Information Protocol v1 (RPIv1) allows routers in small networks to share route information. For example a router running RIPv1 would send a request over UDP 520 when it is first powered on and other devices on the network, listening for this request, would send the new router a list of routes. In this case the list of routes would be sent instead to a designated target. It has since been replaced with RIPv2 but many older units still have RIPv1 enabled by default. “This version of the RIP protocol was first introduced in 1988 – more than […]
Whitehouse Taps Google Advanced Projects Lead for Software Safety Lab
In-brief: The Obama Whitehouse has tapped famed hacker Peiter Zatko (aka “Mudge”) to head up a new project aimed at developing an “underwriters’ lab” for cyber security.
