At PacSec 2015, researchers demonstrated attacks using poisoned barcodes scanned by numerous keyboard wedge barcode scanners to open a shell on a machine and virtually type control commands.
Browsing Category: Uncategorized
Two weeks after authorities announced they had taken down the botnet behind the banking malware Dridex, new research suggests the threat is alive and well.
The Xen Project has patched a serious vulnerability that could allow an attacker in a guest virtual machine to escape and gain the ability to run arbitrary code on the host machine. The vulnerability is in the QEMU open source machine emulator that ships as part of the Xen hypervisor. The problem is related to the[…]
Facebook today released Security Checkup, an online tool that alerts users when unfamiliar devices try to access an account.
The maintainers of BIND have patched a critical remotely exploitable vulnerability in the DNS software that can be used in a denial-of-service attack. The vulnerability affects all versions of BIND from 9.1.0 through 9.9.7. The vulnerability is in the way that BIND handles certain queries related to transaction key records. The bug is fixed in[…]
The accumulation of automation and Internet-connected devices in many homes these days has led observers to coin the term smart homes. But as researchers take a closer look at the security of these devices, they’re finding that what these homes really are is naive. The latest batch vulnerabilities to hit home automation equipment are in the Tuxedo Touch[…]
The latest car hacking research from Charlie Miller and Chris Valasek has elicited a broad spectrum of reactions: admiration for the skill; outrage at the danger the demo may have put drivers; and even a patch from an automaker. And the EFF is hoping it might also help produce a new exemption to the Digital Millennium[…]
A prominent member of the EU parliament, who has been outspoken on security and privacy issues, on Tuesday submitted a written list of questions to the European Commission about the actions of Hacking Team and whether the company had violated EU sanctions regarding sales to specific countries. Marietje Schaake, a Dutch member of the European[…]
Amazon’s home grown TLS implementation called s2n (signal to noise) was released to open source. s2n is a mere 6,000 lines of code and will be integrated into a number of Amazon Web Services.
The Angler Exploit Kit has added a new Flash exploit to its arsenal, and is dropping Cryptowall 3.0 ransomware.