PrintDemon vulnerability impacts all Windows versions | ZDNet

Posted on May 15, 2020 by Robin Edgar

Two security researchers have published today details about a vulnerability in the Windows printing service that they say impacts all Windows versions going back to Windows NT 4, released in 1996. The vulnerability, which they codenamed PrintDemon, is located in Windows Print Spooler, the primary Windows component responsible for managing print operations. The service can Read more about PrintDemon vulnerability impacts all Windows versions | ZDNet[…]

Chinas Winnti group stayed under the radar for a decade by aiming for Linux servers

Posted on April 7, 2020 by Robin Edgar

A group of hackers operating as an offshoot of China’s Winnti group managed to stay undetected for more than a decade by going open source. A report from BlackBerry outlines how the group, actually a collection of five smaller crews of hackers thought to be state-sponsored, assembled in the wake of Winnti and exploited Linux Read more about Chinas Winnti group stayed under the radar for a decade by aiming for Linux servers[…]

U.S. government limits exports of artificial intelligence software – seem to have forgotten what happened when they limited cryptographic exports in the 90s

Posted on January 6, 2020 by Robin Edgar

The Trump administration will make it more difficult to export artificial intelligence software as of next week, part of a bid to keep sensitive technologies out of the hands of rival powers like China. Under a new rule that goes into effect on Monday, companies that export certain types of geospatial imagery software from the Read more about U.S. government limits exports of artificial intelligence software – seem to have forgotten what happened when they limited cryptographic exports in the 90s[…]

Chinese hacker group caught bypassing 2FA

Posted on December 23, 2019 by Robin Edgar

Security researchers say they found evidence that a Chinese government-linked hacking group has been bypassing two-factor authentication (2FA) in a recent wave of attacks. The attacks have been attributed to a group the cyber-security industry is tracking as APT20, believed to operate on the behest of the Beijing government, Dutch cyber-security firm Fox-IT said in Read more about Chinese hacker group caught bypassing 2FA[…]

Sure, we made your Wi-Fi routers phone home with telemetry, says Ubiquiti. What of it?

Posted on November 11, 2019 by Robin Edgar

Ubiquiti Networks is fending off customer complaints after emitting a firmware update that caused its UniFi wireless routers to quietly phone HQ with telemetry. It all kicked off when the US-based manufacturer confirmed that a software update released this month programmed the devices to establish secure connections back to Ubiquiti servers and report information on Read more about Sure, we made your Wi-Fi routers phone home with telemetry, says Ubiquiti. What of it?[…]

xHelper Android Malware Can Survive a Factory Reset

Posted on November 3, 2019 by Robin Edgar

Though this somewhat-new “xHelper” malware has affected a low number of Android users so far (around 45,000, estimates Symantec), the fact that nobody has any clear advice on how to remove it is a worrisome fact. While the odds are good that you won’t get hit with this malware, given its low installation rate so Read more about xHelper Android Malware Can Survive a Factory Reset[…]

OMG Cable | Hackaday

Posted on August 15, 2019 by Robin Edgar

The O.MG cable (or Offensive MG kit) from [MG] hides a backdoor inside the shell of a USB connector. Plug this cable into your computer and you’ll be the victim of remote attacks over WiFi. You might be asking what’s inside this tiny USB cable to make it susceptible to such attacks. That’s the trick: Read more about OMG Cable | Hackaday[…]

Facebook’s answer to the encryption debate: install spyware with content filters! (updated: maybe not)

Posted on July 29, 2019August 4, 2019 by Robin Edgar

The encryption debate is typically framed around the concept of an impenetrable link connecting two services whose communications the government wishes to monitor. The reality, of course, is that the security of that encryption link is entirely separate from the security of the devices it connects. The ability of encryption to shield a user’s communications Read more about Facebook’s answer to the encryption debate: install spyware with content filters! (updated: maybe not)[…]

When Myspace Was King, Employees Abused a Tool Called ‘Overlord’ to Spy on Users

Posted on June 25, 2019 by Robin Edgar

During the social network’s heyday, multiple Myspace employees abused an internal company tool to spy on users, in some cases including ex-partners, Motherboard has learned. Named ‘Overlord,’ the tool allowed employees to see users’ passwords and their messages, according to multiple former employees. While the tool was originally designed to help moderate the platform and Read more about When Myspace Was King, Employees Abused a Tool Called ‘Overlord’ to Spy on Users[…]

Germany thinks about resurrecting the Stasi, getting rid of end-to-end chat app encryption and requiring decrypted plain-text.

Posted on May 30, 2019May 30, 2019 by Robin Edgar

Government officials in Germany are reportedly mulling a law to force chat app providers to hand over end-to-end encrypted conversations in plain text on demand. According to Der Spiegel this month, the Euro nation’s Ministry of the Interior wants a new set of rules that would require operators of services like WhatsApp, Signal, Apple iMessage, Read more about Germany thinks about resurrecting the Stasi, getting rid of end-to-end chat app encryption and requiring decrypted plain-text.[…]

Toyota Security Breach Exposes Personal Info of 3.1 Million Clients, could be part of Vietnam attack

Posted on March 31, 2019 by Robin Edgar

The personal information of roughly 3.1 million Toyota customers may have been leaked following a security breach of multiple Toyota and Lexus sales subsidiaries, as detailed in a breach notification issued by the car maker today. As detailed in a press release published on Toyota’a global newsroom, unauthorized access was detected on the computing systems of Tokyo Sales Read more about Toyota Security Breach Exposes Personal Info of 3.1 Million Clients, could be part of Vietnam attack[…]

Massive Database Leak Gives Us a Window into China’s Digital Surveillance State

Posted on March 4, 2019 by Robin Edgar

Earlier this month, security researcher Victor Gevers found and disclosed an exposed database live-tracking the locations of about 2.6 million residents of Xinjiang, China, offering a window into what a digital surveillance state looks like in the 21st century. Xinjiang is China’s largest province, and home to China’s Uighurs, a Turkic minority group. Here, the Read more about Massive Database Leak Gives Us a Window into China’s Digital Surveillance State[…]

WPML WordPress plugin hacked, possibly by angry former employee

Posted on January 21, 2019 by Robin Edgar

WPML (or WP MultiLingual), the most popular WordPress plugin for translating and serving WordPress sites in multiple languages. According to its website, WPML has over 600,000 paying customers and is one of the very few WordPress plugins that is so reputable that it doesn’t need to advertise itself with a free version on the official Read more about WPML WordPress plugin hacked, possibly by angry former employee[…]

Australia now has encryption-busting laws as Labor capitulates

Posted on December 6, 2018 by Robin Edgar

Labor has backed down completely on its opposition to the Assistance and Access Bill, and in the process has been totally outfoxed by a government that can barely control the floor of Parliament. After proposing a number of amendments to the Bill, which Labor party members widely called out as inappropriate in the House of Read more about Australia now has encryption-busting laws as Labor capitulates[…]

Zero-day in popular jQuery File Upload plugin actively exploited for at least three years

Posted on October 27, 2018 by Robin Edgar

For at least three years, hackers have abused a zero-day in one of the most popular jQuery plugins to plant web shells and take over vulnerable web servers, ZDNet has learned. The vulnerability impacts the jQuery File Upload plugin authored by prodigious German developer Sebastian Tschan, most commonly known as Blueimp. The plugin is the Read more about Zero-day in popular jQuery File Upload plugin actively exploited for at least three years[…]

Researcher finds simple way of elevating user privileges on Windows PCs and nobody notices for ten months

Posted on October 19, 2018 by Robin Edgar

A security researcher from Colombia has found a way of assigning admin rights and gaining boot persistence on Windows PCs that’s simple to execute and hard to stop –all the features that hackers and malware authors are looking for from an exploitation technique. What’s more surprising, is that the technique was first detailed way back Read more about Researcher finds simple way of elevating user privileges on Windows PCs and nobody notices for ten months[…]

Data center server BMCs are terribly outdated and insecure

Posted on September 2, 2018 by Robin Edgar

BMCs can be used to remotely monitor system temperature, voltage and power consumption, operating system health, and so on, and power cycle the box if it runs into trouble, tweak configurations, and even, depending on the setup, reinstall the OS – all from the comfort of an operations center, as opposed to having to find Read more about Data center server BMCs are terribly outdated and insecure[…]

It’s either legal to port-scan someone without consent or it’s not, fumes researcher: Halifax bank port scans you when you visit the page

Posted on August 7, 2018 by Robin Edgar

Halifax Bank scans the machines of surfers that land on its login page whether or not they are customers, it has emerged. Security researcher Paul Moore has made his objection to this practice – in which the British bank is not alone – clear, even though it is done for good reasons. The researcher claimed Read more about It’s either legal to port-scan someone without consent or it’s not, fumes researcher: Halifax bank port scans you when you visit the page[…]

Chinese mobile phone cameras are not-so-secretly recording users’ activities

Posted on July 18, 2018 by Robin Edgar

It has been widely reported that software and web applications made in China are often built with a “backdoor” feature, allowing the manufacturer or the government to monitor and collect data from the user’s device. But how exactly does the backdoor feature work? Recent discussion among mobile phone users in mainland China has shed some Read more about Chinese mobile phone cameras are not-so-secretly recording users’ activities[…]

Chinese government admits collection of deleted WeChat messages

Posted on May 1, 2018 by Robin Edgar

Chinese authorities revealed over the weekend that they have the capability of retrieving deleted messages from the almost universally used WeChat app. The admission doesn’t come as a surprise to many, but it’s rare for this type of questionable data collection tactic to be acknowledged publicly.As noted by the South China Morning Post, an anti-corruption Read more about Chinese government admits collection of deleted WeChat messages[…]

Cops Around the Country Can Now Unlock iPhones, Records Show

Posted on April 16, 2018 by Robin Edgar

Police forces and federal agencies around the country have bought relatively cheap tools to unlock up-to-date iPhones and bypass their encryption, according to a Motherboard investigation based on several caches of internal agency documents, online records, and conversations with law enforcement officials. Many of the documents were obtained by Motherboard using public records requests. Read more about Cops Around the Country Can Now Unlock iPhones, Records Show[…]

Can AMD Vulnerabilities Be Used to Game the Stock Market?

Posted on March 16, 2018 by Robin Edgar

On Tuesday, a little known security company claimed to have found vulnerabilities and backdoors in some AMD processors. Within some parts of the security community, the story behind the researchers’ discovery quickly became more interesting than the discovery itself. The researchers, who work for CTS Labs, only reported the flaws to AMD shortly before publishing Read more about Can AMD Vulnerabilities Be Used to Game the Stock Market?[…]

Lenovo inherited a switch authentication bypass

Posted on January 17, 2018 by Robin Edgar

Lenovo has patched an ancient vulnerability in switches that it acquired along with IBM’s hardware businesses and which Big Blue itself acquired when it slurped parts of Nortel. The bug, which Lenovo refers to as “HP backdoor”, for reasons it has not explained, has been in present in ENOS (Enterprise network operating system) since at Read more about Lenovo inherited a switch authentication bypass[…]

All Intel laptops open to unlocking with ctrl-P and “admin”. Another fatal flaw in Intel Management Engine.

Posted on January 15, 2018 by Robin Edgar

F-Secure reports a security issue affecting most corporate laptops that allows an attacker with physical access to backdoor a device in less than 30 seconds. The issue allows the attacker to bypass the need to enter credentials, including BIOS and Bitlocker passwords and TPM pins, and to gain remote access for later exploitation. It exists Read more about All Intel laptops open to unlocking with ctrl-P and “admin”. Another fatal flaw in Intel Management Engine.[…]

OnePlus Android mobes’ clipboard app caught phoning home to China

Posted on January 12, 2018 by Robin Edgar

OnePlus has admitted that the clipboard app in a beta build of its Android OS was beaming back mystery data to a cloud service in China. Someone running the latest test version of OnePlus’s Oreo-based operating system revealed in its support forums that unusual activity from the builtin clipboard manager had been detected by a Read more about OnePlus Android mobes’ clipboard app caught phoning home to China[…]