Lucian Constantin – Page 66

Physical RAM attack can root Android and possibly other devices

Posted on October 24, 2016 by Lucian Constantin

Researchers have devised a new way to compromise Android devices without exploiting any software vulnerabilities and instead of taking advantage of a physical design weakness in RAM chips. The attack technique could also affect other ARM and x86-based devices and computers.

The attack stems from the push over the past decade to pack more DRAM (dynamic random-access memory) capacity onto increasingly smaller chips, which can lead to memory cells on adjacent rows leaking electric charges to one another under certain conditions.

For example, repeated and rapid accessing of physical memory locations — an action now dubbed “hammering” — can cause the bit values from adjacent locations to flip from 0 to 1 or the other way around.

To read this article in full or to leave a comment, please click here

Continue reading Physical RAM attack can root Android and possibly other devices→

Physical RAM attack can root Android and possibly other devices

Posted on October 24, 2016 by Lucian Constantin

Researchers have devised a new way to compromise Android devices without exploiting any software vulnerabilities and instead taking advantage of a physical design weakness in RAM chips. The attack technique could also affect other ARM and x86-based… Continue reading Physical RAM attack can root Android and possibly other devices→

Easy-to-exploit rooting flaw puts Linux computers at risk

Posted on October 21, 2016 by Lucian Constantin

The maintainers of Linux distributions are rushing to patch a privilege escalation vulnerability that’s already being exploited in the wild and poses a serious risk to servers, desktops and other devices that run the OS.The vulnerability, tracked as… Continue reading Easy-to-exploit rooting flaw puts Linux computers at risk→

Easy-to-exploit rooting flaw puts Linux computers at risk

Posted on October 21, 2016 by Lucian Constantin

Free tool protects PCs from master boot record attacks

Posted on October 20, 2016 by Lucian Constantin

Cisco Systems’ Talos team has developed an open-source tool that can protect the master boot record of Windows computers from modification by ransomware and other malicious attacks.The tool, called MBRFilter, functions as a signed system driver and … Continue reading Free tool protects PCs from master boot record attacks→

Free tool protects PCs from master boot record attacks

Posted on October 20, 2016 by Lucian Constantin

Flaw in Intel CPUs could help attackers defeat ASLR exploit defense

Posted on October 19, 2016 by Lucian Constantin

A feature in Intel’s Haswell CPUs can be abused to reliably defeat an anti-exploitation technology that exists in all major operating systems, researchers have found.

The technique, developed by three researchers from State University of New York at Binghamton and the University of California in Riverside, can be used to bypass address space layout randomization (ASLR) and was presented this week at the 49th annual IEEE/ACM International Symposium on Microarchitecture in Taipei.

ASLR is a security mechanism used by operating systems to randomize the memory addresses used by key areas of processes, so that attackers don’t know where to inject their exploit shellcode.

To read this article in full or to leave a comment, please click here

Continue reading Flaw in Intel CPUs could help attackers defeat ASLR exploit defense→

Flaw in Intel CPUs could help attackers defeat ASLR exploit defense

Posted on October 19, 2016 by Lucian Constantin

A feature in Intel’s Haswell CPUs can be abused to reliably defeat an anti-exploitation technology that exists in all major operating systems, researchers have found.

ASLR is a security mechanism used by operating systems to randomize the memory addresses used by key areas of processes, so that attackers don’t know where to inject their exploit shellcode.

To read this article in full or to leave a comment, please click here

Continue reading Flaw in Intel CPUs could help attackers defeat ASLR exploit defense→

Oracle fixes 100s of vulnerabilities that put enterprise data at risk

Posted on October 19, 2016 by Lucian Constantin

Oracle has released another large batch of patches, fixing many critical vulnerabilities in enterprise products that are used to store and work with critical business data.About 40 percent of the patched flaws are located in Oracle E-Business Suite,… Continue reading Oracle fixes 100s of vulnerabilities that put enterprise data at risk→

Hackers hide stolen payment card data inside website product images

Posted on October 18, 2016 by Lucian Constantin

Attacks that compromise online shops to skim payment card details are increasing and growing in sophistication. The latest technique involves hiding malicious code and stolen data inside legitimate files.A Dutch researcher reported last week that al… Continue reading Hackers hide stolen payment card data inside website product images→