Page 33 of 33 FirstFirst ... 23252627282930313233
Results 801 to 811 of 811
  1. #801
    Member
    harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    Yesterday @ 11:09 PM
    Posts
    60,594
    FFS...


    Ukrainian authorities are investigating a potential security breach at a local nuclear power plant after employees connected parts of its internal network to the internet so they could mine cryptocurrency.
    The investigation is being led by the Ukrainian Secret Service (SBU), who is looking at the incident as a potential breach of state secrets due to the classification of nuclear power plants as critical infrastructure.
    Investigators are examining if attackers might have used the mining rigs as a pivot point to enter the nuclear power plant's network and retrieve information from its systems, such as data about the plant's physical defenses and protections.

    https://www.zdnet.com/article/employees-connect-nuclear-plant-to-the-internet-so-they-can-mine-cryptocurrency/

  2. #802
    Thailand Expat
    Latindancer's Avatar
    Join Date
    Mar 2010
    Last Online
    Yesterday @ 06:01 PM
    Location
    Australia
    Posts
    11,813
    I love these juxtapositions :

    Russian launches floating nuclear reactor across Arctic

    https://www.bangkokpost.com/world/17...62iCw#cxrecs_s

  3. #803
    Member
    harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    Yesterday @ 11:09 PM
    Posts
    60,594
    Quote Originally Posted by Latindancer View Post
    I love these juxtapositions :

    Russian launches floating nuclear reactor across Arctic

    https://www.bangkokpost.com/world/17...62iCw#cxrecs_s
    Nothing to do with this thread and it's already been posted elsewhere.

    http://teakdoor.com/world-news/19303...or-across.html (Russian launches floating nuclear reactor across Arctic)

  4. #804
    Member
    harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    Yesterday @ 11:09 PM
    Posts
    60,594
    If you use Bitdefender Antivirus Free 2020, make sure you update it ASAP (and apply all Windows updates).

    https://www.bitdefender.com/support/...rus-free-2020/

  5. #805
    Member
    harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    Yesterday @ 11:09 PM
    Posts
    60,594
    Google Uncovers Massive iPhone Attack Campaign

    A group of hacked websites has been silently compromising fully patched iPhones for at least two years, Project Zero reports.

    For at least two years, a small collection of hacked websites has been attacking iPhones in a massive campaign affecting thousands of devices, researchers with Google Project Zero report.

    These sites quietly infiltrated iPhones through indiscriminate "watering hole" attacks using previously unknown vulnerabilities, Project Zero's Ian Beer reports in a disclosure published late Thursday. He estimates affected websites receive thousands of weekly visitors, underscoring the severity of a campaign that upsets long-held views on the security of Apple products.


    "There was no target discrimination; simply visiting the hacked website was enough for the exploit server to attack your device, and if it was successful, install a monitoring plant," Beer explains.


    Google's Threat Analysis Group (TAG) found five exploit chains covering nearly every operating system release from iOS 10 to the latest version of iOS 12. These chains connected security flaws so attackers could bypass several layers of protection. In total, they exploited 14 vulnerabilities: seven affecting the Safari browser, five for the kernel, and two sandbox escapes.


    When unsuspecting victims accessed these malicious websites, which had been live since 2017, the site would evaluate the device. If the iPhone was vulnerable, it would load monitoring malware. This was primarily used to steal files and upload users' live location data, Beer writes.


    The malware granted access to all of a victims' database files used by apps like WhatsApp, Telegram, and iMessage so attackers could view plaintext messages sent and received. Beer demonstrates how attackers could upload private files, copy a victim's contacts, steal photos, and track real-time location every minute. The implant also uploads the device keychain containing credentials and certificates, as well as tokens used by services like single sign-on, which people use to access several accounts.


    There is no visual indicator to tell victims the implant is running, Beer points out, and the malware requests commands from a command-and-control server every 60 seconds.


    "The implant has access to almost all of the personal information available on the device, which it is able to upload, unencrypted, to the attacker's server," he says. It does not persist on the device; if the iPhone is rebooted the implant won't run unless the device is re-exploited. Still, given the amount of data they have, the attacker may remain persistent without the malware.


    Google initially discovered this campaign in February and reported it to Apple, giving the iPhone maker one week to fix the problem. Apple patched it in iOS 12.1.4, released on February 7, 2019.


    iPhones, MacBooks, and other Apple devices are widely considered safer than their competitors. Popular belief also holds that expensive zero-day attacks are reserved for specific, high-value victims. Google's discovery dispels both of these assumptions: This attack group demonstrated how zero-days can be used to wreak havoc by hacking a larger population.

    https://www.darkreading.com/endpoint...d/d-id/1335699

  6. #806
    Member
    harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    Yesterday @ 11:09 PM
    Posts
    60,594
    Researchers say an attacker could send a rogue over-the-air provisioning message to susceptible phones and route all internet traffic through a hacker-controlled proxy.

    Over half of all Android handsets are susceptible to a clever over-the-air SMS phishing attack that could allow an adversary to route all internet traffic through a rogue proxy, as well as hijack features such as a handset’s homepage, mail server and directory servers for synchronizing contacts and calendars.
    Researchers at Check Point said Samsung, Huawei, LG and Sony handsets are “susceptible” to the phishing ploy.


    Researchers said, assuming that at least some of the recipients are gullible enough to accept a CP without challenging its authenticity, the OMA CP message allows the modification of the following settings over-the-air:

    • MMS message server
    • Proxy address
    • Browser homepage and bookmarks
    • Mail server
    • Directory servers for synchronizing contacts and calendar
    https://threatpost.com/half-of-andro...attack/147988/

  7. #807
    Thailand Expat
    Klondyke's Avatar
    Join Date
    Aug 2014
    Last Online
    Yesterday @ 10:49 PM
    Posts
    5,320
    Huawei accuses US of trying to hack its systems, recruit spies & intimidate employees

    The US has used “unscrupulous means” to attack Huawei’s business in recent months – trying to hack its servers and turn employees into spies using extortion, legal threats and coercion, the Chinese telecom giant has claimed.

    Washington “has been using every tool at its disposal – including both judicial and administrative powers, as well as a host of other unscrupulous means – to disrupt the normal business operations of Huawei and its partners,” the company said in a statement released on Tuesday, adding that the US had been “leveraging its political and diplomatic influence to lobby other governments to ban Huawei equipment” as well.

    Jealous of Huawei’s number-two position in the world smartphone market, the US government has used law enforcement to threaten, coerce, and entice current and former employees to become spies for Washington, impersonated Huawei employees for entrapment purposes, launching cyberattacks against company systems, and “obstruct[ed] normal business activities,” Huawei declared, accusing the US of interfering with shipments, denying visas, and otherwise waging lawfare against the company.

    Washington has even conspired with Huawei clients and competitors to try to get the company blackballed in the industry, the company added.

    The statement came in response to last week’s claim by the Wall Street Journal that the US Department of Justice was investigating Huawei for stealing a patented smartphone camera design.

    Patent-holder Rui Pedro Oliveira, Huawei claimed, had threatened the Chinese company with media exposure and pressure exerted through “political channels” if it did not pay “an extortionate amount of money” – even though his design bears little resemblance to Huawei’s own. Accusing Oliveira of “taking advantage of the current geopolitical situation,” Huawei also slammed the media for “encouraging” such mendacious behavior.

    The allegations may seem like a ‘man-bites-dog’ story to media that have uncritically parroted US allegations that China is the one using Huawei’s ubiquitous telecom infrastructure to spy on other countries and stealing their tech, but Huawei has always maintained it is innocent of the charges of spying leveled against it by the US, and no proof of any spying has emerged.

    “The fact remains that none of Huawei’s core technology has been the subject of any criminal case brought against the company, and none of the accusations levied by the US government have been supported with sufficient evidence,” the statement continued, concluding that “no company becomes a global leader in their field through theft.”

    https://www.rt.com/news/468058-huawe...g-intimidation

  8. #808
    Member
    harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    Yesterday @ 11:09 PM
    Posts
    60,594
    For those of you that do things like check facts, Wiki is under a significant DDOS attack.

    Wikipedia has stopped working for some users in the UK and Europe, and a number of places in the Middle East.
    The online encyclopaedia failed to load on desktops, tablets and mobile phones.
    Outages were reported shortly before 7pm, BST, according to the downdetector.com , which monitors websites.

    The UK was heavily affected, but there were reports of the site being down in a number of other European countries, including Poland, France, Germany and Italy.
    No one was immediately available for comment at the Wikimedia Foundation, which manages the site.

  9. #809
    Member
    harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    Yesterday @ 11:09 PM
    Posts
    60,594
    Couple of things to try before you use the hotel safe....


  10. #810
    Member
    harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    Yesterday @ 11:09 PM
    Posts
    60,594
    ....And....



  11. #811
    Member
    harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    Yesterday @ 11:09 PM
    Posts
    60,594
    I would imagine the more responsible vendors will have updates soon, so check. Full list of devices at the bottom of this post.

    125 New Flaws Found in Routers and NAS Devices from Popular Brands


    The world of connected consumer electronics, IoT, and
    smart devices is growing faster than ever with tens of billions of connected devices streaming and sharing data wirelessly over the Internet, but how secure is it?

    As we connect everything from coffee maker to front-door locks and cars to the Internet, we're creating more potential—and possibly more dangerous—ways for hackers to wreak havoc.

    Believe me, there are over 100 ways a hacker can ruin your life just by compromising your
    wireless router—a device that controls the traffic between your local network and the Internet, threatening the security and privacy of a wide range of wireless devices, from computers and phones to IP Cameras, smart TVs and connected appliances.


    In its latest study titled "
    SOHOpelessly Broken 2.0," Independent Security Evaluators (ISE) discovered a total of 125 different security vulnerabilities across 13 small office/home office (SOHO) routers and Network Attached Storage (NAS) devices, likely affecting millions.

    List of Affected Router Vendors


    SOHO routers and NAS devices tested by the researchers are from the following manufacturers:


    • Buffalo
    • Synology
    • TerraMaster
    • Zyxel
    • Drobo
    • ASUS and its subsidiary Asustor
    • Seagate
    • QNAP
    • Lenovo
    • Netgear
    • Xiaomi
    • Zioncom (TOTOLINK)


    These vulnerabilities range from cross-site scripting (XSS), cross-site request forgery (CSRF), buffer overflow, operating system command injection (OS CMDi), authentication bypass, SQL injection (SQLi), and file upload path traversal vulnerabilities.

    Full Control Over Devices Without Authentication


    Researchers said they successfully obtained root shells on 12 of the devices, allowing them to have complete control over the affected devices, 6 of which contained flaws that would enable attackers to gain full control over a device remotely and without authentication.


    These affected business and home routers are Asustor AS-602T, Buffalo TeraStation TS5600D1206, TerraMaster F2-420, Drobo 5N2, Netgear Nighthawk R9000, and TOTOLINK A3002RU.

    This new report, SOHOpelessly Broken 2.0, is a follow-up study,
    SOHOpelessly Broken 1.0, published by the ISE security firm in 2013, when they disclosed a total of 52 vulnerabilities in 13 SOHO routers and NAS devices from vendors including TP-Link, ASUS, and Linksys.

    Since SOHOpelessly Broken 1.0, researchers said they found a few newer IoT devices implementing some useful security mechanisms in place, like address-space layout randomization (ASLR), functionalities that hinder reverse engineering, and integrity verification mechanisms for HTTP requests.

    However, some things have not changed since SOHOpelessly Broken 1.0, like many IoT devices still lack basic web application protection features, like anti-CSRF tokens and browser security headers, which can greatly enhance the security posture of web applications and the underlying systems they interact with.

    ISE researchers responsibly reported all of the vulnerabilities they discovered to affected device manufacturers, most of which promptly responded and already took security measures to mitigate these vulnerabilities, which have already received CVE Ids.

    However, some device manufacturers, including Drobo, Buffalo Americas, and Zioncom Holdings, did not respond to the researchers' findings.

    https://thehackernews.com/2019/09/hacking-soho-routers.html?m=1


    Devices in SOHOpelessly Broken 2.0

    Device Firmware Version
    Buffalo TeraStation TS5600D1206* 3.61-0.08
    Synology DS218j 6.1.5
    TerraMaster F2-420 3.1.03
    Zyxel NSA325 v2* 4.81
    Drobo 5N2 4.0.5-13.28.96115
    Asustor AS-602T* 3.1.1
    Seagate STCR3000101 4.3.15.1
    QNAP TS-870* 4.3.4.0486
    Lenovo ix4-300d* 4.1.402.34662
    ASUS RT-AC3200 3.0.0.4.382.50010
    Netgear Nighthawk R9000 1.0.3.10
    TOTOLINK A3002RU 1.0.8
    Xiaomi Mi Router 3 2.22.15

Thread Information

Users Browsing this Thread

There are currently 2 users browsing this thread. (0 members and 2 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •