Tag Archives: exploit

Unpatched Exploit Lets You Clone Key Fobs and Open Subaru Cars

Subaru

Tom Wimmenhove, a Dutch electronics designer, has discovered a flaw in the key fob system used by several Subaru models, a vulnerability the vendor has not patched and could be abused to hijack cars.

The issue is that key fobs for some Subaru cars use sequential codes for locking and unlocking the vehicle, and other operations.

These codes — called rolling codes or hopping code — should be random, in order to avoid situations when an attacker discovers their sequence and uses the flaw to hijack cars.

Car thieves can create duplicate, fully-working key fobs

Wimmenhove discovered the problem by sniffing the radio signals sent out by his own car’s key fob, which is nothing more than a short-range radio transmitter.

The electronics expert quickly realized that he could “clone” the key fob and create a fully-working, unauthorized duplicate.

“By receiving a single packet from

Read more at: https://www.bleepingcomputer.com/news/security/unpatched-exploit-lets-you-clone-key-fobs-and-open-subaru-cars/

Exploit Packages Lead to Five Million Attacks in Q2

Exploit leaks from the likes of the Shadow Brokers dominated the threat landscape in the second quarter, according to new stats from Kaspersky Lab.

The Russian AV firm detected over 342 million attacks in 191 countries in the period April-June this year, a fairly significant reduction from the 479m attacks seen in Q1.

However, over five million such threats spotted by the vendor came from leaked exploits; that is, malware designed to utilize software vulnerabilities to infect victim machines.

Such attacks are particularly dangerous as they typically don’t require user interaction to deliver malicious code.

The Kremlin-linked Shadow Brokers leak was particularly damaging, making public exploits thought to have been developed by the NSA.

These led to the notable WannaCry and NotPetya outbreaks which caused chaos and destruction across the globe, even at big-name organizations including international law firm DLA Piper, Danish shipper Maersk, German drug company Merck, and

Read more at: https://www.infosecurity-magazine.com/news/exploit-packages-five-million/

Shadow Broker exploit dumps five million cyber attacks

More than five million cyber attacks originated from a series of exploit archives dumped onto the internet between April and June this year, according to Kaspersky Lab.

Its software blocked more than five million attacks based on hacking group Shadow Brokers’ exploit dumps, but the rate of attacks using these tools is growing; more than 80% were detected during the last 30 days of the quarter.


Cyber attacks are growing in sophistication and diversity. Ensure your knowledge of ransomware is up-to-date with Kaspersky Lab’s free whitepaper on trends in attacks and security.
<![CDATA[
<!–*/

*/

/*–>*/
]]>

Download now


“The

Read more at: http://www.itpro.co.uk/security/29234/shadow-broker-exploit-dumps-five-million-cyber-attacks

Hackers are now using the exploit behind WannaCry to snoop on hotel Wi-Fi

istock-hands-of-a-hacker.jpg

The APT28 hacking group is behind a string of attacks – but this is the first time it has used EternalBlue.


Image: iStock

A hacking group accused of linked meddling in the run up to the US presidential election is harnessing the Windows exploit which made WannaCry

Read more at: http://www.zdnet.com/article/hackers-are-now-using-the-exploit-behind-wannacry-to-snoop-on-hotel-wi-fi/

‘Demonetisation opens up new gates for cyber criminals to exploit …

MUMBAI: IT security and software development firm eScan said demonetisation has opened up new gates for cyber criminals to exploit the unsuspecting and uneducated masses who are increasingly using mobile and unified payment options, highlighting the need for higher levels of data security.

eScan listed out the possible avenues of cyber crime in 2017 and said the sudden switch to digital payment platforms is seeing more than 85% not knowing how to safely use this new option, coupled with a lack of legal framework and speed of investigation.

“We believe it will be a herculean task to give 75% of Indians easy access to Internet. For the government’s vision of Digital India, it would be imperative that government bodies take IT security as one of the most urgent and immediate concerns. It will be addressed by setting up easy-tounderstand legal framework for users and

Read more at: http://economictimes.indiatimes.com/tech/internet/demonetisation-opens-up-new-gates-for-cyber-criminals-to-exploit-tech-ignorant-users/articleshow/56191795.cms

Adobe Flash responsible for six of the top 10 bugs used by exploit kits in 2016

Adobe Flash responsible for six of the top 10 bugs used by exploit kits in 2016

Of the top 10 vulnerabilities incorporated by exploit kits in 2016, six of them (rather unsurprisingly) affected Adobe Flash Player.

Real-time threat intelligence provider Recorded Future arrived at those findings by analyzing thousands of sources including information security blogs and deep web forum postings.

Recorded Future then ranked each vulnerability based upon how many web references linked the bug to at least one of 141 exploit kits, malicious software packages like Neutrino and RIG which abuse security flaws to infect users with https://www.grahamcluley.com/adobe-flash-responsible-six-top-10-bugs-used-exploit-kits-2016/

Adobe Flash provides six of the top 10 bugs used by exploit kits in …

Adobe Flash responsible for six of the top 10 bugs used by exploit kits in 2016

Of the top 10 vulnerabilities incorporated by exploit kits in 2016, six of them (rather unsurprisingly) affected Adobe Flash Player.

Real-time threat intelligence provider Recorded Future arrived at those findings by analyzing thousands of sources including information security blogs and deep web forum postings.

Recorded Future then ranked each vulnerability based upon how many web references linked the bug to at least one of 141 exploit kits, malicious software packages like Neutrino and RIG which abuse security flaws to infect users with https://www.grahamcluley.com/adobe-flash-responsible-six-top-10-bugs-used-exploit-kits-2016/