Linux Hacks & Cracks - Page 27
We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
Imagine this: A terrorist hacks into a commercial airplane from the ground, takes over the controls from the pilots and flies the plane into the ground. It sounds like the plot of some "Die Hard" reboot, but it's actually one of the possible scenarios outlined in a new Government Accountability Office report on security vulnerabilities in modern airplanes.
Experts with the SANS Institute convened at RSA Conference for their annual threats panel, this time dishing on the six most dangerous new attack techniques. Led by SANS Director John Pescatore, the panel featured Ed Skoudis, SANS faculty fellow and CEO of CounterHack Challenges, Johannes Ullrich, dean of research for SANS, and Michael Assante, SANS project lead for Industrial Control System (ICS) and Supervisory Control and Data Acquisition (SCADA) security.
Common knowledge has it that users are the weakest link in the IT risk management world
Cyber-spy groups, whose numbers are growing with little constraint, have begun hacking each other. Hellsing, a small and technically unremarkable cyber-espionage group, was subjected to a spear-phishing attack by another threat actor last year, before deciding to strike back with its own malware-infected emails.
Russian hackers behind the damaging cyber intrusion of the State Department in recent months used that perch to penetrate sensitive parts of the White House computer system, according to U.S. officials briefed on the investigation.
Europol, in collaboration with Dutch authorities, the U.S. FBI and private security companies, have seized the domain names used to control a botnet called Beebone.
A team of security researchers have found malware in a popular Chrome extension which may have sent the browsing data of over 1.2m users to a single IP address. ScrapeSentry credits its researchers with uncovering "a sinister side-effect to a free app [...] which potentially leaks [users'] personal information back to a single IP address in the USA".
The operator of an underground marketplace hosted within the Tor network has reported a flaw in Tor that he claims is being used for an ongoing denial of service attack on the site.
According to a new report from Menlo Security, one out of three of the top million websites are either vulnerable to hacking or already hacked. For example, attackers used the Forbes.com website last month for a quick watering hole attack.
Nearly six months have passed since a major Drupal SQL injection vulnerability was disclosed, and yet attackers are continuing to try, sometimes successfully, to exploit websites that have failed to update their systems.
There's more bad news surrounding the HTTPS-crippling FREAK vulnerability that came to light two weeks ago. A recently completed scan of the Internet revealed 10 percent of servers that support the underlying transport layer security protocol remain susceptible.
Gamers may soon be feeling the pain of crypto-ransomware. A variant of CryptoLocker is in the wild that goes after data files associated with 20 different online games, locking downloadable content in an attempt to target younger computer users.
Not long ago, criminals pushing the Dridex banking Trojan were using Microsoft Excel documents spiked with a malicious macro as a phishing lure to entice victims to load the malware onto their machines.
A self-described security "amateur" discovered hundreds of Internet-connected devices ranging from cameras to industrial control systems that were connected to the Internet without even basic password protection -- meaning they could be easily turned on and off or otherwise manipulated with a single click of a mouse.
Some D-Link routers contain a vulnerability that leaves them open to remote attacks that can give an attacker root access, allow DNS hijacking and other attacks.
British hacker Stephen Tomkinson has found two Blu-Ray-borne attacks. His first exploit relies on a poor Java implementation in a product called PowerDVD from CyberLink. PowerDVD plays DVDs on PCs and creates menus using Java, but the way Oracle's code has been used allows naughty folk to circumvent Windows security controls.