#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

hacker conference | Breaking Cybersecurity News | The Hacker News

High-Severity Firmware Security Flaws Left Unpatched in HP Enterprise Devices

High-Severity Firmware Security Flaws Left Unpatched in HP Enterprise Devices
Sep 12, 2022
A number of firmware security flaws uncovered in HP's business-oriented high-end notebooks continue to be left unpatched in some devices even months after public disclosure. Binarly, which first  revealed details  of the issues at the  Black Hat USA conference  in mid-August 2022, said the vulnerabilities "can't be detected by firmware integrity monitoring systems due to limitations of the Trusted Platform Module (TPM) measurement." Firmware flaws can have serious implications as they can be abused by an adversary to achieve long-term persistence on a device in a manner that can survive reboots and evade traditional operating system-level security protections. The high-severity weaknesses identified by Binarly affect HP EliteBook devices and concern a case of memory corruption in the System Management Mode (SMM) of the firmware, thereby enabling the execution of arbitrary code with the highest privileges - CVE-2022-23930  (CVSS score: 8.2) - Stack-based buffer

Hackers Can Remotely Hack Self-Aiming Rifles to Change Its Target

Hackers Can Remotely Hack Self-Aiming Rifles to Change Its Target
Jul 30, 2015
High-tech Sniper Rifles can be remotely hacked to shoot the wrong target – Something really scary and unpredictable. Yes, Hackers can remotely gain access to the $13,000 TrackingPoint sniper rifles that run Linux and Android operating system and have Wi-Fi connections. So then they can either disable the gun or choose a wrong target. A married pair of security researchers have proved that anything connected to the Internet can ultimately be hacked, whether computer systems, cars or… GUNS . According to the duo, the Tracking Point's self-aiming rifle sights, better known as the ShotView targeting system, is vulnerable to WiFi-based attacks that could allow your enemy to redirect bullets to new targets of their choice. Hacking $13,000 Self-aiming Rifles to Shoot wrong target Runa Sandvik and her husband Michael Auger are planning to present their findings on exploiting two of the $13,000 self-aiming rifles at the Black Hat hacking conference . In the hack, the duo demonstrates

Making Sense of Operational Technology Attacks: The Past, Present, and Future

Making Sense of Operational Technology Attacks: The Past, Present, and Future
Mar 21, 2024Operational Technology / SCADA Security
When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the historical attacks to see how those types compare.  The Types of OT Cyber-Attacks Over the past few decades, there has been a growing awareness of the need for improved cybersecurity practices in IT's lesser-known counterpart, OT. In fact, the lines of what constitutes a cyber-attack on OT have never been well defined, and if anything, they have further blurred over time. Therefore, we'd like to begin this post with a discussion around the ways in which cyber-attacks can either target or just simply impact OT, and why it might be important for us to make the distinction going forward. Figure 1 The Pu

NSA-Proof "Blackphone" Gets Rooted Within 5 Minutes

NSA-Proof "Blackphone" Gets Rooted Within 5 Minutes
Aug 11, 2014
The ultra secure NSA-Proof Blackphone titled as, " world's first Smartphone which places privacy and control directly in the hands of its users, " has been rooted within 5 minutes at the BlackHat security conference in Las Vegas this weekend. Blackphone , a joint venture between encrypted communications firm Silent Circle and Spanish Smartphone maker Geeksphone , has a fully customized version of Android known as PrivatOS and pre-installed with lots of privacy-enabled applications, which claims to offer its users a high-end security at consumer level. A security researcher with twitter handle @TeamAndIRC took only 5 minutes to achieve root access on the Blackphone without having the need to unlock the device' bootloader. The hacker even mocked Blackphone's team by saying that "It is apparent no one ran CTS [ compatibility test suite ] on this device." The so-called " secure " Android phone that was promising security given the fact that its basically a suite of secure

Automated remediation solutions are crucial for security

cyber security
websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.

Airplanes Can Be Hacked Through Wireless In-flight Entertainment System

Airplanes Can Be Hacked Through Wireless In-flight Entertainment System
Aug 05, 2014
Almost a year ago, at the ' Hack In The Box ' security summit in Amsterdam, a security researcher at N.Runs and a commercial airline pilot, Hugo Teso presented a demonstration that it's possible to take control of aircraft flight systems and communications using an Android smartphone and some specialized attack code. Quite similar to the previous one, a security researcher claims to have devised a method that can give cyber criminals access to the satellite communications equipment on passenger jets through their WiFi and in-flight entertainment systems. Cyber security expert Ruben Santamarta, a consultant with cyber security firm IOActive , will unveil his research and all the technical details this week at a major Las Vegas hacker convention, Black Hat conference, showing How commercial airliner satellite communication systems can also be compromised by hackers, along with the evidence of satellite communications system vulnerabilities that questions the standards th

Hackers stole money from European ATMs using Malware-loaded USB Device

Hackers stole money from European ATMs using Malware-loaded USB Device
Jan 02, 2014
Hacking ATM Machines is nothing new, but it seems that instead of relying on ATM skimmers now some smart hackers in Europe are reportedly targeting ATM Machines using Malware -loaded USB drives to steal money. Most of the world's ATMs are running on Windows XP operating system, which is highly vulnerable to Malware attacks. Just like your Desktop Laptops, some ATMs also have USB sockets, which is hidden behind the ATM's fascia. The German security researchers who discovered the hack detailed their findings at the Chaos Computing Congress in Hamburg, Germany recently. They said that the thieves cut holes in the fascia to access a USB port and then uploaded malware to the machines. The malware creates a backdoor that can be accessed on the front panel. " These researchers explained that the malware allowed the thieves to create a unique interface on the ATMs by typing in a 12-digit code. This interface allowed for withdrawal and also showed the criminals the amount of money and e

Firmware vulnerability allows man-in-the-middle attack using SD Memory cards

Firmware vulnerability allows man-in-the-middle attack using SD Memory cards
Jan 02, 2014
How is it possible to exploit SD Card, USB stick and other mobile devices for hacking? Another interesting hack was presented at the Chaos Computer Congress (30C3), in Hamburg, Germany. The researchers demonstrated how it is possible to hack the microcontroller inside every SD and MicroSD flash cards that allow arbitrary code execution and can be used to perform a man in the middle attack . The Hardware Hackers  Andrew " bunnie " Huang and Sean "xobs"  described the exploitation method on their blog post ," it also enables the possibility for hardware enthusiasts to gain access to a very cheap and ubiquitous source of microcontrollers. " It seems that to reduce SD cards price and increase their storage capability, engineers have to consider a form of internal entropy that could affect data integrity on every Flash drive. Almost every NAND flash memory is affected by defects and presents problems like electron leakage between adjacent cells. " Flash memory is really

First ever Malware for Firefox Mobile OS developed by Researcher

First ever Malware for Firefox Mobile OS developed by Researcher
Oct 18, 2013
Firefox OS is a mobile operating system based on Linux and Mozilla 's Gecko technology, whose environment is dedicated to apps created with just HTML, CSS, and JavaScript. After almost two years of development, a few months back Mozilla officially launched their Firefox OS devices in stores and now the first Malware for the brand new platform is available. Shantanu Gawde , 17-years-old, an Independent Security Researcher is going to demonstrate the very first known malware for Firefox OS at the upcoming Information Security Summit - The Ground Zero (G0S) 2013, to be held on November 7th - 10th, 2013 at The Ashok, New Delhi. Firefox OS is different - Every app in Firefox OS including the Camera and the Dialer is a web app, i.e. a website in the form of an app. Simple! Mozilla has developed Web APIs so that HTML5 apps can communicate with the device's hardware and Shantanu has used the same APIs intentionally to exploit the device for malicious purpose. Basically,

Android Malware uses Google Cloud Messaging Service; infected over 5 Million Devices

Android Malware uses Google Cloud Messaging Service; infected over 5 Million Devices
Aug 16, 2013
The Kaspersky Lab researchers recently have discovered a number of Android malware apps are abusing the Google Cloud Messaging Service (GCM) as Command and Control server . The GCM  service allows Android app developers to send messages using JSON Format for installed apps, but hackers exploited it for malicious Purposes. Using Google Cloud Messaging Service (GCM) as Command and Control server for Android Malware is not a new concept, as last year Security researcher and Hacker ' Mohit Kumar ' demonstrated ' Android Malware Engine ' - One of the Most Sophisticated Android malware during Malcon conference. The Kaspersky Lab researchers have detected at least five Different Android Trojans that used JSON format: 1. SMS.AndroidOS.FakeInst.a 2. SMS.AndroidOS.Agent.ao 3. SMS.AndroidOS.OpFake.a 4. Backdoor.AndroidOS.Maxit.a 5. SMS.AndroidOS.Agent.az. The authors of the malware in Every case took advantage of Google Cloud Messaging Service to Exchange messag

Hackers turn Verizon signal booster into a mobile hacking machine

Hackers turn Verizon signal booster into a mobile hacking machine
Jul 15, 2013
A group of  hackers from security firm iSEC found a way to tap right into verizon wireless cell phones using a signal-boosting devices made by Samsung for Verizon and cost about $250. They hack Verizon's signal-boosting devices, known as femtocells or network extenders, which anyone can buy online, and turned it into a cell phone tower small enough to fit inside a backpack capable of capturing and intercepting all calls, text messages and data sent by mobile devices within range. " This is not about how the NSA would attack ordinary people. This is about how ordinary people would attack ordinary people, " said Tom Ritter, a senior consultant, iSEC. They declined to disclose how they had modified the software on the device and but they plan to give more elaborate demonstrations in various hacking conferences this year. Verizon Wireless already released a Linux software update in March to fix the flaw that prevents its network extenders

Chrome, Firefox, Java, IE10 exploited at Pwn2Own competition

Chrome, Firefox, Java, IE10 exploited at Pwn2Own competition
Mar 07, 2013
During the first day of Pwn2Own competition at the CanSecWest conference in Vancouver , latest versions of all major browsers were exploited by hackers.  Chrome, Firefox and Internet Explorer 10 on Windows 8 were successfully pwned by various competitors, bringing them tens of thousands of dollars in prizes.  French vulnerability research and bug selling firm ' Vupen ' brought down IE10 running on a Windows 8 powered Surface Pro tablet by exploiting a pair of flaws. Researchers Jon Butler and Nils from MWR Labs managed to exploit Google Chrome on Windows 7 and also used a kernel bug to bypass the sandbox. " By visiting a malicious webpage, it was possible to exploit a vulnerability which allowed us to gain code execution in the context of the sandboxed renderer process. We also used a kernel vulnerability in the underlying operating system in order to gain elevated privileges and to execute arbitrary commands outside of the sandbox with system privi

ClubHack 2012 Hacking and Security Conference

ClubHack 2012 Hacking and Security Conference
Nov 12, 2012
Carrying reputation of being India's choicest and oldest hacker's conference, Team ClubHack proudly brings the 6th edition of ClubHack Hacking and Security Conference with more exciting activities. ClubHack 2012 hacker's convention will be held from Nov. 30th to Dec 3rd, 2012 in Pune, India. ClubHack in true sense is a community event and is always the most cost effective yet biggest security event of India. ClubHack 2012 is highly technical conference with 2 days of Technical Briefings and 2 days of hand-on training workshops. ClubHack2012 is loaded with more number of talks, more workshops and a special event HackNight. Event includes specialized hands-on training workshops for Network Admins, DBAs, Developers, Researchers, Architects, Managers, Govt. Agencies, Auditors and Students. For the first time ClubHack introduces a new event for hackers & developers – HackNight, a night where actual hackers spend time not to "break" into someone but to "make" something i

Hackers release Windows Phone 8 Malware - to be showcased at MalCon

Hackers release Windows Phone 8 Malware - to be showcased at MalCon
Nov 10, 2012
It's be Just hours Windows Phone 8 has been released - and hackers have already dished out a malware prototype for the platform. Windows Phone 8 is the second generation of the Windows Phone mobile operating system. Windows Phone 8 Microsoft's latest in mobile OS technology - comes in as a direct competition to rivals Apple and Google. The research firm Gartner indicates that by 2016 the increase in Windows Phone users will slightly fall below Apple`s iOS users. To be showcased at the International Malware Conference, MalCon - on 24th November in India, the prototype has been created by Shantanu Gawde, who has previously created a malware that utilized the famed Xbox Kinect. Windows Phone 8 replaces its previously Windows CE-based architecture with one based on the Windows NT kernel with many components shared with Windows 8, allowing applications to be easily ported between the two platforms. While no further details of the malware are available at this point of time, it will

Android 4.2 Jelly Bean Security Improvements overview

Android 4.2 Jelly Bean Security Improvements overview
Nov 02, 2012
Google is bringing a host of new features to its Android 4.2 Jelly Bean operating system designed to increase productivity, creativity and peace of mind and some very promising security improvements including: client side malware protection, Security Enhanced Linux, and always-on VPN . Most important Security Improvements in Android 4.2 is that it now includes a service based on Bouncer that works with all apps, not just those on Google Play. For example, it can check the apps you download on the Amazon App Store, or from 3rd Party sites. Whenever user will install any app from a different source than the official market, and will scan it for any malicious code that may prove potentially harmful for your device. Other than this, Users can now control how much data apps can access and share. This is made even more secure by something called VPN lockdown that can limit the amount of information sent over a connection that may not be secure or that is shared rather than priv

New windows malware can target smart cards for full remote access

New windows malware can target smart cards for full remote access
Oct 25, 2012
If you think that having a USB Token Smartcard is extremely secure for Digital signatures or other activities, you may be wrong! The research done by Paul Rascagneres can remotely give access to victims smartcard! What makes the attack unique is it uses a keylogger to get the PIN or password and exports the complete USB device in raw to a command and control server (C&C) and uses a device driver to let the attacker use the victims smartcard remotely! The attack also impacts the eID (Belgium identity card) and millions of USB Tokens for Digital Signatures in India by Directors, Secretaries and CA firms for filing returns and signing corporate documents! To be showcased at MalCon next month - we asked Paul a few questions: Does the malware infect the PC or the smartcard? - The malware infects the PC not the hardware. So the attacker can use the smartcard of the victim remotely? - Exactly, the attacker can remotely use a smartcard connected to an infected computer. What makes

Intercepting Traffic of widerange frequencies with HackRF Radio

Intercepting Traffic of widerange frequencies with HackRF Radio
Oct 22, 2012
At the ToorCon hacker conference in San Diego Saturday, Ossmann and his research partner Jared Boone plan to unveil a beta version of the HackRF Jawbreaker , the latest model of the wireless Swiss-army knife tools known as software-defined radios. It grants any computer programmer the ability to develop new ways to interact with radio waves. HackRF, a software radio peripheral. Software radio or Software Defined Radio (SDR) is the application of Digital Signal Processing (DSP) to radio waveforms. It is analogous to the software-based digital audio techniques that became popular a couple of decades ago. The device has the ability to transmit and receive over a wide range of frequencies, covering a huge number of commercial devices. Once can Intercepting and Reversing engineer received  frequencies. Just like a sound card in a computer digitizes audio waveforms, a software radio peripheral digitizes radio waveforms. It's like a very fast sound card with the speaker
Cybersecurity Resources