drammer attack | Breaking Cybersecurity News | The Hacker News

A team of security researchers has discovered a new set of techniques that could allow hackers to bypass all kind of present mitigations put in place to prevent DMA-based Rowhammer attacks against Android devices. Dubbed RAMpage , the new technique (CVE-2018-9442) could re-enable an unprivileged Android app running on the victim's device to take advantage from the previously disclosed Drammer attack , a variant of DRAM Rowhammer  hardware vulnerability for Android devices, in an attempt to gain root privileges on the target device. You might have already read a few articles about RAMpage on the Internet or even the research paper, but if you are still unable to understand— what the heck is RAMpage —we have briefed the research in language everyone can understand. Before jumping directly on the details of RAMpage, it is important for you to understand what is RowHammer vulnerability, how it can be exploited using Drammer attack to hack Android devices and what mitigations G...

Earlier last year, security researchers from Google's Project Zero outlined a way to hijack the computers running Linux by abusing a design flaw in the memory and gaining higher kernel privileges on the system. Now, the same previously found designing weakness has been exploited to gain unfettered "root" access to millions of Android smartphones, allowing potentially anyone to take control of affected devices. Researchers in the VUSec Lab at Vrije Universiteit Amsterdam have discovered a vulnerability that targets a device's dynamic random access memory (DRAM) using an attack called Rowhammer . Although we are already aware of the Rowhammer attack , this is the very first time when researchers have successfully used this attack to target mobile devices. What is DRAM Rowhammer Attack? The Rowhammer attack against mobile devices is equally dangerous because it potentially puts all critical data on millions of Android phones at risk, at least until a secu...

Vulnerability Management (VM) has long been a cornerstone of organizational cybersecurity. Nearly as old as the discipline of cybersecurity itself, it aims to help organizations identify and address potential security issues before they become serious problems. Yet, in recent years, the limitations of this approach have become increasingly evident.  At its core, Vulnerability Management processes remain essential for identifying and addressing weaknesses. But as time marches on and attack avenues evolve, this approach is beginning to show its age. In a recent report, How to Grow Vulnerability Management into Exposure Management (Gartner, How to Grow Vulnerability Management Into Exposure Management, 8 November 2024, Mitchell Schneider Et Al.), we believe Gartner® addresses this point precisely and demonstrates how organizations can – and must – shift from a vulnerability-centric strategy to a broader Exposure Management (EM) framework. We feel it's more than a worthwhile read an...