Rowhammer Hardware Exploit Poses Threat DRAM Memory in Many Laptops, PCs

Software, from web apps, to operating systems to firmware, has been abused and exploited every which way from Sunday for decades by both researchers and attackers. Now, it is hardware’s turn in the spotlight, as researchers have published details of a new method for exploiting a problem with some...

New Technique Complicates Mutex Malware Analysis

Malware analysts have had a measure of success using static mutex values as a fingerprint for detecting and blocking malicious code. These values are used in programming to enable software to synchronize communication between multiple threads or processes, or to determine whether another instance...

Seagate Confirms NAS Zero Day, Won't Patch Until May

Seagate, over the weekend, confirmed the zero-day vulnerability in its Seagate Business Storage 2-Bay NAS boxes disclosed March 1. But in the same breath, told customers exposed to the vulnerability that a patch is still two months away. “For those customers who choose to keep their networks open...

TextSecure to Drop Support for Encrypted SMS

Open Whisper Systems is phasing out support for encrypted SMS and MMS messages in its TextSecure messaging product. The move does not spell the end for encrypted messaging for users of the Android app, as the company plans to switch to its own transport protocol to address some of the security an...

Dridex Banking Trojan Spreading Via Macros in XML Files

Not long ago, criminals pushing the Dridex banking Trojan were using Microsoft Excel documents spiked with a malicious macro as a phishing lure to entice victims to load the malware onto their machines. Even though macros are disabled by default inside most organizations, the persistent hackers a...

Dennis Fisher and Mike Mimoso on the FREAK SSL Vulnerability and CSI: Cyber

Dennis Fisher and Mike Mimoso talk about the FREAK SSL vulnerability and the glorious debut of CSI: Cyber! Download: digitalunderground190.mp3 Music by Chris Gonsalves...

Confusion Reigns Over FBI's Plans for National Security Letter Gag Orders

The way that National Security Letters are approved and used is one of the government’s more opaque processes. Now, you can add some more confusion into the mix, courtesy of some new comments from the FBI about when recipients are able to disclose the fact that they have received an NSL. More tha...

Adobe Starts Vulnerability Disclosure Program on HackerOne

Update: Adobe is the latest tech vendor to begin a vulnerability disclosure program, but it seems they’re limping in at the outset. The program launched this week on the HackerOne platform, but there are no cash incentives being offered and certain Adobe products are not in scope for researchers...

Anthem Refuses Audit Following Massive Breach

UPDATED–Anthem has refused to undergo vulnerability scans and configuration compliance tests in the aftermath of a breach that may have ultimately leaked the personal information of nearly 100 million customers and non-customers. The health insurance giant reportedly turned down an audit of its...

Microsoft Schannel Vulnerable to FREAK

Microsoft today issued an advisory warning Windows users that Secure Channel, or Schannel, the Windows implementation of SSL/TLS, is vulnerable to the FREAK attack. Disclosed this week, FREAK CVE-2015-1637 is the latest big Internet bug. It affects a number of SSL clients, including OpenSSL, and...

EFF, ACLU, Other NGOs Urging U.N. to Create Privacy Watchdog

A coalition of 63 non-governmental organizations NGOs from around the world are calling on national governments to support the establishment of a special rapporteur on the right to privacy within the United Nations. According to U.N. documents, special rapporteurs also known as special procedures...

New Analytics Tool Defines Language Used Malicious Domains

OpenDNS has gone public with a new tool that uses a blend of analytics principles found outside information security to create a threat model for detecting domains used in criminal and state-sponsored hacking campaigns. NLPRank is not ready for production, said OpenDNS director of security resear...

Mandarin Oriental Confirms Data Breach at U.S., European Hotels

The Mandarin Oriental luxury hotel chain is investigating a data breach that affects credit cards used in an “isolated number” of its hotels in the United States and Europe. Company officials said that the attack involved “undetectable” malware on some of its systems and emphasized that only cred...

CSI: Cyber: We Watched So You Didn't Have To

From the time the first commercials aired during the American pro football championship game last month, CSI: Cyber has been one of the more talked-about and least-anticipated shows in recent memory. At least in tech circles. For normal viewers, it’s one of those shows that you wake up in the...

Google Fixes 51 Bugs in Chrome 41

Google released the latest build of its browser Tuesday, Chrome 41.0.2272.76, patching 51 different bugs and paying out over $50,000 in bounties. Google paid bounties for 18 bugs ranging from medium to high severity. The bounties for all of the vulnerabilities totaled $52,000. 13 of those bugs ca...

D-Link Working on Firmware Updates for Three Critical Bugs

D-Link has pushed out a firmware update for three serious security vulnerabilities in its DIR-820L home routers, and is expected to do the same for seven other models between tomorrow and March 10. The vulnerabilities provide an attacker with remote access to the router without the need for...

Patrick Gray on the State of Security and State Security

Worlds collide as Dennis Fisher talks with Patrick Gray of the Risky Business podcast about security journalism, how much and how little has changed in the industry in the last 15 years and whether we’re making any progress in the fight against attackers. Download: digitalunderground189.mp3 Music...

Firefox 37 to Include New OneCRL Certificate Blocklist

The next version of Mozilla Firefox will include a new certificate revocation list that will speed up and streamline the process of revoking intermediate certificates trusted by the browser. The new feature, known as OneCRL, is meant as a replacement for the old OCSP online certificate status...

Domain Shadowing Latest Angler Exploit Kit Evasion Technique

The Angler Exploit Kit continues to evolve at an alarming rate, seamlessly adding not only zero-day exploits as they become available, but also a host of evasion techniques that have elevated it to the ranks of the more formidable hacker toolkits available. Researchers at Cisco’s Talos intelligen...

New POS Malware Uses Mailslots to Avoid Detection

New point-of-sale malware, LogPOS, has been using technology that evades detection by allowing the malware to inject code and act like a client while it shuttles stolen credit card numbers off to its command and control server. The technology, Microsoft Windows’ mailslots, isn’t new by any means...

New FREAK Attack Threatens Many SSL Clients

For the nth time in the last couple of years, security experts are warning about a new Internet-scale vulnerability, this time in some popular SSL clients. The flaw allows an attacker to force clients to downgrade to weakened ciphers and break their supposedly encrypted communications through a...

Change to Lollipop Encryption Policy May Not Have Much Effect, Experts Say

Google has made a subtle, but important, shift in the requirements for Android handset makers, saying now that OEMs manufacturing phones that will run Lollipop do not have to enable disk encryption by default. This is a major change from the company’s stated position from just a few months ago, b...

Government Report Critical of FAA Security Controls

The Federal Aviation Administration has been put on notice that its information security controls are not up to par and that a risk-based program must be implemented from the ground up in order to assure the safety of its networks and passengers in the sky. A scathing Government Accounting Office...

Signal 2.0 Brings Encrypted Messaging to iPhone

The sanctity of Apple iMessage end-to-end encryption has been challenged by white hats who in 2013 reverse engineered the protocol behind it, revealing that Apple controls the key infrastructure and could, in turn, be compelled to turn over messages via government order. CEO Tim Cook denied those...

D-Link Routers Haunted by Remote Command Injection Bug

Some D-Link routers contain a vulnerability that leaves them open to remote attacks that can give an attacker root access, allow DNS hijacking and other attacks. The vulnerability affects affects a number of D-Link’s home routers and the key details of the flaw have been made public by one of the...

Angler Adds Keen Team Use After Free IE Vulnerability

Attackers behind the Angler Exploit Kit have added a tweaked version of an exploit for a patched Internet Explorer use-after-free vulnerability. Microsoft patched the vulnerability MS14-056 in last October’s round of Patch Tuesday updates but that hasn’t stopped attackers from adding the...

Mozilla Pushes Hot Fix to Remove Superfish Cert From Firefox

Mozilla has issued a hot fix for Firefox that removes the Superfish root certificate from the browser’s trusted root store. The patch only removes the certificate if the Superfish software has been removed from the machine already, however. The Superfish adware performs SSL interception–essential...

Seagate Business NAS Firmware Vulnerabilities Disclosed

Firmware running on certain Seagate network-attached storage devices that are popular with small businesses and home offices, are vulnerable to remote attacks. Researchers at Beyond Binary, a security consulting firm in Australia, on Sunday went public with their disclosure after a nearly...

Uber Announces Breach of 'Partner' Information

The enormously popular alternative taxi service, Uber, admitted late Friday that an unauthorized third party gained access to the company’s database, stealing driver but not customer information in the process. In a statement, Uber claims there was a “one-time access” of its databases, spilling t...

Pharming Attack Targets Home Router DNS Settings

Pharming attacks are generally network-based intrusions where the ultimate goal is to redirect a victim’s web traffic to a hacker-controlled webserver, generally through a malicious modification of DNS settings. Some of these attacks, however, are starting to move to the web and have their...

Dennis Fisher and Mike Mimoso Discuss the Week in News: Superfish, Gemalto and NSA

Mike Mimoso and Dennis Fisher discuss the news of the last week, including the Superfish fiasco, the Gemalto SIM hack controversy and the continuing NSA drama. Download: digitalunderground187.mp3 Music by Chris Gonsalves...

Video: Vitaly Kamluk on The Equation Group APT

Kaspersky Lab’s global research and analysis team uncovered what they claim is the most sophisticated advanced persistent threat group yet known. Known as the Equation Group, researchers led by GReAT director Costin Raiu say the threat actors have been operating for 15 years or more and are known...

Twitter Changes Abuse Reporting Process to Address Doxing

Twitter has revised and simplified its rules and process for reporting abusive behavior on the service, and users now have the ability to report people who are posting their personal information. The change essentially gives Twitter users a method to combat doxing, which is the process of dumping...

Komodia Certificate Manipulation Enabled Man-In-The-Middle Attacks

The shoddy state of SSL certificate validation on the Internet again floated to the surface, this time by the Superfish mess, which continues to get worse. The Electronic Frontier Foundation on Wednesday released a report based on data scoured from the Decentralized SSL Observatory which it...

Anthem Hack May Implicate 18 Million Non-Customers

In addition to roughly 80 million Anthem customers, nearly 20 million more individuals who aren’t customers of the health insurer could ultimately wind up implicated in this month’s massive data breach. The company disclosed yesterday that between 8.8 million and 18.8 million Blue Cross Blue Shie...

DDoS Exploit Targets Open Source Rejetto HFS

Apparently no vulnerability is too small, no application too obscure, to escape a hacker’s notice. A honeypot run by Trustwave’s SpiderLabs research team recently snared an automated attack targeting users of the open source Rejetto HTTP File Server Rejetto HFS. Someone was trying to exploit a...

Firefox 36 Arrives With Patches For Three Critical Flaws

Mozilla has patched 16 security vulnerabilities in Firefox, including three critical flaws in the browser. One of the critical vulnerabilities patched with the release of Firefox 36 is a buffer overflow in the libstagefright library that can be exploitable under some circumstances. “Security...

Ransomware Looming As Major Long-Term Threat

On May 30, 2014, law enforcement officials from the FBI and Europol seized a series of servers that were being used to help operate the GameOver Zeus botnet, an especially pernicious and troublesome piece of malware. The authorities also began an international manhunt for a Russian man they said...

Facebook Bug Bounty Submissions Climb in 2014

Less than two months into the year and Facebook said it has already validated more than 100 submissions to its bug bounty, demonstrating a consistently growing interest in such programs industry wide. “Report volume is at its highest levels, and researchers are finding better bugs than ever...

WordPress Sites Vulnerable to Plugin-Related SQL Attacks

More than one million WordPress sites may be vulnerable to a critical plugin issue that could open sites up to SQL injection attacks and in turn, total takeover. The problem stems from a weak key vulnerability in WP-Slimstat, a web analytics plugin for the content management system that’s been...

Gemalto Officials Say SIM Infrastructure Not Compromised

Despite leaked documents from the NSA showing otherwise, officials at Gemalto on Wednesday said the company has found no evidence that its SIM card infrastructure was compromised several years ago by the NSA and GCHQ. The company identified a handful of what it called sophisticated attacks in the...

Ramnit Botnet Shut Down

The Ramnit botnet, a favorite among thieves dabbling in financial fraud for its frequent updates, has been shut down in a joint effort spearheaded by Europol’s European Cybercrime Centre EC3. In a statement today, EC3 said investigators from across Europe, along with Microsoft, AnubisNetworks and...

Google Pwnium Program Now Open All Year

Google is expanding its successful Pwnium vulnerability reward program–which has run at various security conferences for a couple of years now–to run continuously and offer an unlimited pool of financial rewards. Pwnium originally was established as an alternative to the Pwn2Own hacking contest a...

Attacks Against Critical Infrastructure Seek Operational Intel

In most critical industries—petroleum refineries or energy utilities, for example—there is very little in the way of proprietary information. Refining crude oil into gasoline requires science, not a secret sauce. Same goes for power generation. So why are advanced attackers using the same data...

NSA Could Be Hoping For Clipper Chip Redux

The NSA has a new director, a slew of new challenges and any number of new capabilities at its disposal. But it seems that the agency is intent on fighting the same old battles. Even as fresh revelations about the extent of the NSA’s efforts to get access to encryption keys for mobile...

CloudFlare Deploys ChaCha20-Poly1305 Encryption Across Sites

After rolling out free SSL for its users last fall, CloudFlare has deployed a new level of encryption on its service that hardens and speeds up the user experience, especially when accessing domains via mobile browsers. The form of encryption, a relatively new transport layer cipher suite known a...

Google Broadens Scope of Unwanted Software Warnings

Google yesterday announced that it would expand its browser security efforts with a new warning in Chrome about unwanted software to caution users about accessing sites that are known to encourage unsafe downloads. The Mountain View, Calif., search and browsing giant has invested serious resource...

Gemalto: 'SIM Products Are Secure'

Gemalto officials say that while they are still in the process of investigating whether the company was compromised by the NSA and GCHQ to access the encryption keys for its SIM cards, they say they believe their products and platforms are secure. In a statement issued Monday, Gemalto officials...

Kris McConkey on OpSec Failures

At last week’s Security Analyst Summit Kris McConkey, part of PricewaterhouseCoopers’ UK Cyber Threat Operations team, discusses hacker OpSec failures: How attackers are still humans and sometimes make mistakes like using personal email addresses and real names in their campaigns...

PrivDog Poses Bigger Risk Than Superfish

Update Move over Superfish. Another piece of software has been thrust into the spotlight that also breaks HTTPS connections, but is arguably worse than Superfish, which was pre-installed adware on new Lenovo laptops manufactured at the tail end of 2014. Researcher Hanno Bock yesterday reported th...