Tag: hacks

For Smart TVs, Malware May Hide In Broadcast Content

Researchers at Columbia University have published research showing how new technology that combines broadband and broadcast content could enable a wide range of traditional and novel cyber attacks on smart televisions and other devices: forcing them to interact with malicious web pages, harvesting credentials or carrying out denial of service attacks. The paper, published in May, explores potential attacks on combined broadcast-broadband devices that use an industry specification called Hybrid Broadcast-Broadband Television (HbbTV). According to the researchers, Yossef Oren and Angelos D. Keromytis, the HbbTV specification combines broadband technologies like HTML and broadcast features in an insecure manner. The vulnerabilities affect a wide range of smart entertainment devices, including smart televisions, in Europe and the United States. “This enables a large-scale exploitation technique with a localized geographical footprint based on radio frequency (RF) injection, which requires a minimal budget and infrastructure and is remarkably difficult to detect,” the researchers write. “The technical complexity and […]

Continue Reading

IPMI Insecurity Affects 200k Systems

It has been almost a year since security researcher Dan Farmer first warned of the danger posed by Intelligent Platform Management Interface (IPMI) – a ubiquitous protocol used to do remote management of servers. According to a new report, however, that warning went unheeded. Writing last week (PDF), Farmer said that a world-wide scan for systems using the Intelligent Platform Management Interface (IPMI) protocol identified over 230,000 Baseboard Management Controllers (BMCs) exposed to the Internet. As many as 90% of the exposed systems could be compromised by exploiting what Farmer characterized as “basic configuration and protocol weaknesses.” Even more worrying, the 230,000 systems that are Internet accessible are probably just a fraction of all the vulnerable systems that might be attacked, with many deployed on (hackable) corporate and private networks. Farmer is reiterating calls for public and private sector organizations to wake up to the dangers posed by IPMI. Hackers who are able to compromise Baseboard Management […]

Continue Reading

Gameover Not The End: Zeus Malware Still Threatens Fortune 500

Prolexic, a division of Akamai, issued an advisory to Fortune 500 firms on Monday about what it calls “a high-risk threat of continued breaches from the Zeus framework.” The company’s Security Engineering & Response Team (PLXsert) said on Monday that it has observed new payloads from the Zeus crimeware kit in the wild, and that networks of Fortune 500 companies are a prime target. Cyber crime groups are using Zeus to steal login credentials and gain access to web-based enterprise applications, as well as online banking accounts, Akamai warned. “The Zeus framework is a powerhouse crimeware kit that enterprises need to know about to better defend against it,” said Stuart Scholly, senior vice president and general manager, Security Business Unit, Akamai, in a statement. “It’s hard to detect, easy to use, and flexible – and it’s being used to breach enterprises across multiple industries.” A variant of Zeus, Gameover, was the subject […]

Continue Reading

Big GOV Shift To Secure Cloud?

For those of us covering the cyber security beat, there haven’t been many feel-good stories coming out of the federal government in – well – forever. Even before the advent of nation state sponsored hacking, the news was mostly of the federal government’s bloated and unwieldy IT infrastructure, byzantine procurement systems and the difficulty of attracting top talent away from private sector employers who could offer more pay, more autonomy and a better working environment.   Then came the gut wrenching display of offensive prowess by the U.S.’s main enemies – nations like China, Russia and Iran. Those stories started, in earnest, with news about operations like Titan Rain (in 2003) and continue to the present day. The problem has gotten so bad that the military’s preferred euphemism for Chinese hackers – “advanced persistent threat,” or “APT” has become part of the nomenclature of the IT security world far beyond […]

Continue Reading

Report: Hell is Unpatched Systems

One of the ‘subplots’ of the Internet of Things revolution concerns embedded devices. Specifically: the tendency of embedded devices to be either loosely managed or – in some cases – unmanageable.   The future holds the promise of more, not fewer of these. That’s the gist of a piece I wrote for InfoWorld, and that you can read here. In short: we’re already seeing the beginning of a shift on the threat landscape. While attacks against traditional endpoints (like Windows desktops, laptops and servers) are still the norm, there are more stories each day about cyber criminal groups and malicious actors who are compromising non-standard endpoints like home wifi routers.  In March, for example, the security consultancy Team Cymru identified a botnet consisting of some 300,000 compromised home routers and other in-home devices. The virus called “TheMoon” was also identified spreading between vulnerable home routers and other embedded devices. The […]

Continue Reading
1 63 64 65 66 67 90