A new study by the Ponemon Institute has revealed anxiety at the security of new payment systems, pressured by consumer demand, reports SC Magazine.
The post Study shows fear of weakened security on new payment technology appeared first on We Live Security.
A rootkit PoC for Linux systems that runs on the processors and RAM of the graphics cards, Jellyfish is able to access the computer’s memory without having to route through the computer’s CPU. As CPUs are slower than GPUs for making calculations, GPUs are already used partially by some cryptocurrency-mining malware (e.g. to steal Bitcoins). But Jellyfish is the first malware to run entirely via the GPU, and works with Nvidia, AMD, and even Intel, if the latter is “supported through the AMD APP SDK, a software development kit that allows GPUs to be used for accelerating applications,” says Constantin.
As graphics-card-only malware has never been an exploitable area before, security software developers like Avira would need to engineer security efforts in yet another new direction. Although early reports indicate that Jellyfish is in a beta stage, unfinished, with some bugs, and currently requires OpenCL drivers installed on the targeted system in order to work, it could inspire future variants by those looking to exploit such vulnerabilities for personal gain (AKA cybercriminals).
After a 2013 research paper (pdf) titled “You Can Type, but You Can’t Hide: A Stealthy GPU-based Keylogger,” the same research team behind Jellyfish has also developed a keylogger called ‘Demon’, which also works via the GPU.
Security firms may definitely have our hands full in coming months, it seems.
The post New Linux Rootkit Exploits Graphics Cards appeared first on Avira Blog.
The world is moving online and so too now is politics. But as online, electronic voting (e-voting) increasingly becomes reality, are we opening ourselves up to vote rigging by power-hungry politicians or fame-seeking hackers?
The post Is online voting a security risk? appeared first on We Live Security.
Millions of WordPress sites are vulnerable to a scripting flaw found in two popular plugins, one of which can be found in the default installation of the blogging platform.
The post Millions of WordPress sites left vulnerable by plugin flaw appeared first on We Live Security.
Is a hacker really to blame for unflattering comments posted on a wedding photographer’s Facebook page?
The post Hackers blamed for Bridezilla post on photographer’s Facebook page appeared first on We Live Security.
The news of a security incident involving public institutions is always treated with high importance, taking into consideration the volume of sensitive information stored by these entities. The recent White House data breach didn’t involve any classified information but hacking into the West Wing computer network might have been just enough to provide the attackers with important data: correspondence with certain diplomats or details about White House visitors.
Although it’s not been officially confirmed if the authorities are up against professional cyber thieves or foreign spies, personal information of American citizens can now be used by the attackers however this may serve their purposes.
An urgent letter signed by the U.S. Senate Commerce Committee was addressed to President Barack Obama raising several concerns about the White House data breach.
Committee chairman John Thune released a statement last night expressing his concern over the hacking episode.
‘Just like any entity that handles personally-identifiable information, the White House has a responsibility to notify Americans if the recent, or any future breach, results in a compromise. If such information has been lost, the White House still has a responsibility to victims even if it believes the hack was perpetrated by foreign spies and not cyber thieves.’ said Committee chairman John Thune.
The letter mentions that the White House computer system contained not only personal data of the White House visitors but also sensitive information such as schedules, policy discussions and emails, including exchanges with diplomats. Do you think this type of information ending up in the hands of the attackers can do more harm than everybody initially thought?
Read more on the topic: http://www.dailymail.co.uk/news/article-3066787/U-S-Senate-panel-raises-privacy-concerns-White-House-hacking-incident.html#ixzz3ZBDTuy8h
The post White House data breach: what are the risks? appeared first on Avira Blog.
“The bug resembles an integer overflow and was discovered in laboratory testing. It is located in an electrical system which generates power, and is triggered when a generator has been running non-stop for just over eight months. After such a period of continuous operation, all four of the plane’s main generator control units will fail at the same time – which could be catastrophic should it occur during a flight”
The software bug was reported by Boeing itself and is currently under investigation by the US aviation authority, a temporary solution being already discovered. In order to avoid becoming a victim of the vulnerability that exists in their software, planes have to be rebooted every 248 days so that the generators don’t reach eight continuous months of operation.
The FAA now requires Boeing to reboot the 787s every 120 days while waiting for an official fix to address the software vulnerability by the end of the year.
The recently discovered bug shows one again how many software vulnerabilities can cause irreparable damage, especially when they might also be exploited by criminals. How safe would you want globally used software to be, when your life depended on it?
Read more about the security vulnerability in Boeing 787: http://www.itnews.com.au/News/403500,critical-software-bug-could-down-boeing-787s-mid-flight.aspx#ixzz3ZANjtbvE
The post Software Vulnerability in Boeing’s 787 Dreamliner appeared first on Avira Blog.
The adoption of smart technology to power city services could leave urban areas “wide open” to being hacked on a mass scale, says a cybersecurity expert.
The post Smart technology could give hackers key to the city appeared first on We Live Security.
This vulnerability is affecting all previous versions and can be leveraged via the comment section of a website running WordPress, by hiding malicious code that is executed on the server.
An attacker exploiting the flaw can execute arbitrary code on the server, create new administrator accounts, or make changes with the same privileges as the currently logged-in admin.
The bug is very similar to the one patched in 4.1.2.
The problem with this bug resides in the way WordPress stores the large comments (more than 64k): such comments are truncated when stored in the database, resulting in malformed HTML being generated.
Now one might ask why someone would allow a 64K comment in the first place. But, since it is allowed to comment in HTML, the full HTML is stored in the database.
If you add some formatting to the comment, the 64K can be consumed rather quickly.
By setting up special attributes of the supported HTML tags, the attacker can hide a short malicious JavaScript code in the comment and execute it without any visible sign when the administrator viewed it in the Dashboard before approving it.
As an immediate reaction to this exploit, WordPress 4.2.1 has begun to roll out as an automatic background update, for sites that support those.
You can also download WordPress 4.2.1 manually or update over to Dashboard → Updates and simply click “Update Now”.
For more information, see the release notes.
The post WordPress 4.2.1 Patches Zero-Day exploit appeared first on Avira Blog.
Biohacking or wetware hacking is the practice of engaging biology with the hacker ethic. It encompasses a wide spectrum of practices and movements one of which are the “grinders” who design and install do-it-yourself body-enhancements such as magnetic implants.
It sounds rather “out there”, right? But it apparently isn’t, as Wahle decided to demonstrate. You only need a good stomach. In order to show that an implanted NFC chip can be sneaked passed scanners at the airport and other high-security locations, he had to not only acquire a chip designed to normally be injected into cattle but also needed to use a needle that was rather big and made him want to vomit.
Said chip has a NFC (Near Field Communications) antenna which pings Android phones that are in close vicinity and then asks them to open a link. If followed, the link will lead to a malicious file which, once installed, will establish a connection to a remote computer from which the owner can carry out further exploits. With the right amount of social engineering this could become a real danger.
“In Miami, Wahle and Soto are planning to detail the steps hackers will need to go through to add implants to their arsenal, including how to acquire the hardware and program the chip. Could this be the beginnings of the democratisation of malevolent biohacking?” writes the Forbes magazine in its article. And security consultant Rod Soto adds: “This is just the tip of the iceberg … anyone can do this.”
The post Hackers Could Exploit Phones With an Implanted NFC Chip appeared first on Avira Blog.