19 matches found
WiFi Flaws Allow Network Traffic Interception on Linux, iOS, and Android
By Deeba Ahmed The findings are to be presented at the Usenix Security Symposium. This is a post from HackRead.com Read the original post: WiFi Flaws Allow Network Traffic Interception on Linux, iOS, and Android...
Smart home assistants at risk from "NUIT" ultrasound attack
A new form of attack named "Near Ultrasound Inaudible Trojan" NUIT has been unveiled by researchers from the University of Texas. NUIT is designed to attack voice assistants with malicious commands remotely via the internet. Impacted assistants include Siri, Alexa, Cortana, and Google Assistant...
New Browser Attack Allows Tracking Users Online With JavaScript Disabled
Researchers have discovered a new side-channel that they say can be reliably exploited to leak information from web browsers that could then be leveraged to track users even when JavaScript is completely disabled. "This is a side-channel attack which doesn't require any JavaScript to run," the...
Malware Can Exploit New Flaw in Intel CPUs to Launch Side-Channel Attacks
A new research has yielded yet another means to pilfer sensitive data by exploiting what's the first "on-chip, cross-core" side-channel attack targeting the ring interconnect used in Intel Coffee Lake and Skylake processors. Published by a group of academics from the University of Illinois at...
Shadow Attacks Let Attackers Replace Content in Digitally Signed PDFs
Researchers have demonstrated a novel class of attacks that could allow a bad actor to potentially circumvent existing countermeasures and break the integrity protection of digitally signed PDF documents. Called "Shadow attacks" by academics from Ruhr-University Bochum, the technique uses the...
New Hack Lets Attackers Bypass MasterCard PIN by Using Them As Visa Card
Cybersecurity researchers have disclosed a novel attack that could allow criminals to trick a point of sale terminal into transacting with a victim's Mastercard contactless card while believing it to be a Visa card. The research, published by a group of academics from ETH Zurich, builds on a stud...
Unpatchable 'Starbleed' Bug in FPGA Chips Exposes Critical Devices to Hackers
A newly discovered unpatchable hardware vulnerability in Xilinx programmable logic products could allow an attacker to break bitstream encryption, and clone intellectual property, change the functionality, and even implant hardware Trojans. The details of the attacks against Xilinx 7-Series and...
HeapHopper - A Bounded Model Checking Framework For Heap-implementations
HeapHopper is a bounded model checking framework for Heap-implementations. Setup sudo apt update && sudo apt install build-essential python-dev virtualenvwrapper git clone https://github.com/angr/heaphopper.git && cd ./heaphopper mkvirtualenv -ppython2 heaphopper pip install -e . Required Package...
BlackIoT Botnet: Can Water Heaters, Washers Bring Down the Power Grid?
We live in a world where washing machines text us when a load of laundry is finished and refrigerators can email grocery lists; but for all the convenience, it turns out that these high-wattage appliances can potentially be marshaled into something very inconvenient indeed: A wide-scale attack on...
Researchers Break IPsec VPN Connections with 20-Year-Old Protocol Flaw
A new Bleichenbacher oracle cryptographic attack has been set loose on the world, using a 20-year-old protocol flaw to compromise the Internet Key Exchange IKE protocol used to secure IP communications. Specifically, the attack targets IKE’s handshake implementation used for IPsec-based VPN...
MassVet Android Malicious App Scanner
Most Android malware samples can be found clinging to some sort of knockoff to a legitimate application. Hiding in plain sight like that, sometimes they find their way into Google Play or any one of the dozens of less-patrolled Android markets. Researchers at Indiana University believe they’ve co...
How to Crack RC4 Encryption in WPA-TKIP and TLS
Security researchers have developed a more practical and feasible attack technique against the RC4 cryptographic algorithm that is still widely used to encrypt communications on the Internet. Despite being very old, RC4 Rivest Cipher 4 is still the most widely used cryptographic cipher implemente...
New RC4 Attack Dramatically Reduces Plaintext Recovery Time
Two Belgian security researchers from the University of Leuven have driven new nails into the coffin of the RC4 encryption algorithm. A published paper, expected to be delivered at the upcoming USENIX Security Symposium next month in Washington, D.C., describes new attacks against RC4 that allow ...
Android Side-Channel Hack Leads to Data Loss at USENIX
A weakness in Android, one that’s likely also found in other leading operating systems, allows an attacker to infer what’s happening on a victim’s user interface and launch an appropriate secondary attack resulting in data loss. Researchers from the University of Michigan and the University of...
New Facebook Internet Defense Prize Pays Out $50,000 Award
Large technology companies may already have bug bounty programs in place that reward researchers who attack and find holes in software or web platforms. Slowly, some are also starting to institute programs that pay for defensive measures. Facebook is the latest to do so with the implementation of...
Red Button Attack Could Compromise Smart TVs
A vulnerability in an emerging interactive television standard could expose smart TVs to untraceable drive-by hacking attacks that could steal personal information and wreak havoc on televisions and anything connected to them. The feature, HbbTV, Hybrid Broadcast Broadband Television was introduc...
Phone Hack Could Block Messages, Calls on GSM Networks
By tweaking the firmware on certain kinds of phones, a hacker could make it so other phones in the area are unable to receive incoming calls or SMS messages, according to research presented at the USENIX Security Symposium earlier this month. The hack involves modifying the baseband processor on...
Video: Researchers Knock Out a $3K First Responder's Radio With a $30 Children's Toy
During the Reagan Administration, the ‘government waste’ meme was all about $600 toilet seats and $300 hammers. Those looking for a more contemporary example of how government procurement gets it wrong might point, instead, to Project 25 P25, a decade old effort to provide first responders and...
Security Metrics Go Prime Time at Metricon 6
The metrics movement that has been slowly but surely infiltrating the security community in the last few years has had its own annual gathering–Metricon–for some time now. It’s been a small, quasi-academic conference since its inception, but now Metricon’s organizers are branching out a bit,...