Developers behind the banking Trojan Vawtrak have begun obscuring some of their servers with Tor2Web, a move that’s added another level of difficulty when it comes to uncovering their activity.
Monthly Archives: June 2015
Garage door hacked in under 10 seconds using only a child’s toy?
A famous football coach once said, “If you’re not getting better, you’re getting worse” and ironically this statement applies to your own security as well. If you’re not keeping up-to-date with the latest security, then it’s probably getting worse because the threats just keep getting better.
This simple fact has been proven again by a researcher who demonstrates how he can hack most garage doors using nothing more than a modified electronic toy. Researcher Samy Kamkar has published his findings and a video explaining how he was able to hack a number of fixed-code garage door openers in under 10 seconds.
I’ve released OpenSesame, a new vulnerability that can open fixed code garages in under 10 seconds with a Mattel toy https://t.co/0oRayWw8JV
— Samy Kamkar (@samykamkar) June 4, 2015
Not only is this a case of how old technology can be outdated by modern devices, but in this example the cause is a child’s toy that even today has already been discontinued by its manufacturer and is considered a throwaway item by some. Recycling hackers unite.
There’s no doubt that hardware-hacking gadgets are starting to become more popular such as mobile phone jammers and issues with keyless entry systems on cars.
Luckily, for those of us fortunate enough to have a garage door, Samy has chosen not to reveal the inner-workings of his research, so that criminals can’t benefit. But, let’s face it, the cat is out of the bag on this one, and the clock is now ticking.
Samy has also recorded a video explaining how to can protect yourself from attacks like these.
Video
Protecting against OpenSesame
Most of the tips involve learning about the technology in everyday objects such as garage doors. Once you know how the tech works, you can understand how it can be vulnerable to various attack types.
Until next time, stay safe out there.
IT security budgets will continue to rise, finds Dell report
Around half of IT security leaders said that budgets will significantly increase (19%) or increase (31%) over the next two years, finds a new report.
The post IT security budgets will continue to rise, finds Dell report appeared first on We Live Security.
Adobe Patches 13 Vulnerabilities in Flash Player
Adobe’s monthly patch release features just an update for Flash Player, addressing 13 security vulnerabilities that expose the software to remote attacks.
Federal Agencies to Move to HTTPS-Only Connections
Following the lead of many major Web services, the White House on Monday announced that it would move all of the federal government’s public sites and services to HTTPS-only. Tony Scott, the federal CIO, has issued a memorandum to all federal agencies and departments instructing them to move all of their publicly accessible Web sites […]
CVE-2014-7872
Comodo GeekBuddy before 4.18.121 does not restrict access to the VNC server, which allows local users to gain privileges by connecting to the server.
CVE-2015-3200
mod_auth in lighttpd before 1.4.36 allows remote attackers to inject arbitrary log entries via a basic HTTP authentication string without a colon character, as demonstrated by a string containing a NULL and new line character.
CVE-2015-3436
provider/server/ECServer.cpp in Zarafa Collaboration Platform (ZCP) before 7.1.13 and 7.2.x before 7.2.1 allows local users to write to arbitrary files via a symlink attack on /tmp/zarafa-upgrade-lock.
CVE-2015-3624
Cross-site request forgery (CSRF) vulnerability in Test/WorkArea/DmsMenu/menuActions/MenuActions.aspx in Ektron Content Management System (CMS) before 9.10 SP1 (Build 9.1.0.184.1.120) allows remote attackers to hijack the authentication of content administrators for requests that delete content via a delete action.
CVE-2015-3648
Directory traversal vulnerability in pages/setup.php in Montala Limited ResourceSpace before 7.2.6727 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the defaultlanguage parameter.