News
Wormable code-execution bug found in Samba
A vulnerability was found in Samba, the Linux SMB equivalent. Better patch up. The second part of this article explains nicely how the exploit is used.
Microsoft issues out-of-band malware engine update
This one isn't as bad as the one from a few weeks back, but still plenty important for an out-of-band update to be issued. It was found yet again by Project Zero, this time through fuzzing.
Samsung Galaxy S8 iris scanner can be fooled with a printed photo
All you need is a high-res picture of the user's iris, a laser printer and a contact lens.
Shadow Brokers launches 0-day exploit subscription service for $21,000 per month
They call it the 'Wine of the Month Club'.
Target to pay $18.5 million to 47 states in security breach settlement
The settlement is for a data breach in 2013, affecting 110 million customers. On top of that Target has spent $202 million on legal fees and related costs. Ouch.
'Cloak and dagger' vulnerability on Android reported
The researchers make use of two legitimate permissions to overlay the user screen with their own window to enable click-jacking, password stealing, etc. This video shows it in action. Google responds with a "won't fix", pointing instead to Android O.
Pacemaker research finds over 8.000 security vulnerabilities
The paper looked at pacemaker programmers, devices used to set pacemaker parameters and monitor their functions. They focused especially on those using radio frequencies for remote control.
Police arrests gang that planted banking Trojan on 1 million phones
They were called the Cron gang, after the malware they used. Quite fascinating to read how to operated.
Hacker used hacked press release information to trade stocks, sentenced to 30 months
Good example of using hacking skills in an illegal way, I'm surprised this doesn't show up more. This hacker broke into a set of press companies and looked at press releases that were going out soon. He then used this information to buy or sell stocks, making roughly $30 million.
LastPass’s new cloud backup option
Lastpass has added a cloud backup option for their multifactor authentication. Sophos tries to see if that makes any sense from a security point of view.
Cybercriminals regularly battle each other on the Dark Web
Trend Micro set up four honeypots simulating cybercrime activity. They monitored attacks by competitors, of which there were many.
Unmanaged SSH keys are a serious enterprise risk
An interview with Tatu Ylonen, inventor of SSH, on how the lack of care given to SSH keys poses a huge risk in pretty much every company using servers.