Positive Technologies – Page 5

Schneider Electric’s car charging stations get crucial patches

Posted on January 14, 2019 by Zaid Shoorbajee

Schneider Electric recently patched three security flaws in a popular type of electric-car charger that it manufactures, vulnerability assessment company Positive Technologies said Monday. The most serious of the vulnerabilities in the EVlink charging stations involved hard-coded credentials, meaning the units were shipped with default passwords or security keys embedded in their firmware. If hackers discover such credentials in any type of device, they can use them to gain wide access to them. Schneider and Positive Technologies labeled that flaw as “critical,” saying an intruder could halt the charging process and switch it into “reservation mode,” making a station unusable to anyone until the mode is turned off. Hackers could even control the socket locking hatch, letting them unlock and “walk away with the cable,” Positive Technologies said. A second vulnerability, rated as “high-risk,” allows for an attacker to execute arbitrary commands on the station and gain maximum privileges. And another vulnerability labeled as “medium” risk would let an attacker bypass authorization and access a […]

The post Schneider Electric’s car charging stations get crucial patches appeared first on CyberScoop.

Continue reading Schneider Electric’s car charging stations get crucial patches→

Square, PayPal POS Hardware Open to Multiple Attack Vectors

Posted on October 30, 2018 by Tara Seals

Popular card readers like Square and PayPal have various flaws that allow attacks ranging from fraud to card data theft. Continue reading Square, PayPal POS Hardware Open to Multiple Attack Vectors→

Intel Management Mode – Apple didn’t lock

Posted on October 4, 2018 by David Harley

The Intel Management Engine, CVE-2018-4251, and Apple.
The post Intel Management Mode – Apple didn’t lock appeared first on Security Boulevard.
Continue reading Intel Management Mode – Apple didn’t lock→

Vulnerabilities in mPOS devices could lead to fraud and theft

Posted on August 10, 2018 by Help Net Security

Vulnerabilities in mPOS (mobile point-of-sale) machines could allow malicious merchants to defraud customers and attackers to steal payment card data, Positive Technologies researchers have found. The use of mPOS devices has seen huge growth over the l… Continue reading Vulnerabilities in mPOS devices could lead to fraud and theft→

How the human factor puts your company at risk

Posted on April 10, 2018 by Help Net Security

Positive Technologies has released a new report with statistics on the success rates of social engineering attacks, based on the 10 largest and most illustrative pentesting projects performed for clients in 2016 and 2017. To verify the security of corp… Continue reading How the human factor puts your company at risk→

Number of Internet-accessible ICS components is increasing every year

Posted on February 5, 2018 by Help Net Security

The number of industrial control system (ICS) components – which run factories, transport, power plants and other facilities – left open to Internet access, is increasing every year. In Germany, for example, researchers from Positive Technologies… Continue reading Number of Internet-accessible ICS components is increasing every year→

Intel chips riddled with deadly flaws

Posted on November 21, 2017 by Zeljka Zorz

As we’re waiting for security researchers to detail the Intel Management Engine vulnerability that can allow attackers to run undetectable, unsigned code on machines with Intel processors, the US-based chip maker has announced the release of firm… Continue reading Intel chips riddled with deadly flaws→

Why SMS two-factor authentication puts your bitcoins at risk

Posted on September 20, 2017 by Lisa Vaas

Your name and phone number is all that’s needed to intercept SMS 2FA and raid your bitcoin wallet. Continue reading Why SMS two-factor authentication puts your bitcoins at risk→

Researchers steal bitcoin by exploiting SS7 vulnerabilities

Posted on September 18, 2017 by Patrick Howell O'Neill

Hackers have exploited a security weakness in global telecom networks to break into a GMail account, take control of a bitcoin wallet and steal over $4,000 in the cryptocurrency. Researchers from the cybersecurity firm Positive Technologies demonstrated the technique exploiting flaws in Signalling System No. 7 (SS7), a nearly 50-year-old set of protocols used to perform most of the world’s telephone calls and text messages, among other functions. SS7 has long been a target for sophisticated hackers intent on eavesdropping and attacking targets around the world. The attackers only needed a victim’s full name and phone number in order to eventually hack a wallet at the popular Bitcoin exchange Coinbase and take the virtual currency for themselves. The research focuses in on the issue of multi-factor authentication relying on text messages that can be intercepted by exploiting flaws in SS7 as demonstrated by Positive Technologies. “The inherent security vulnerabilities within the SS7 network, […]

The post Researchers steal bitcoin by exploiting SS7 vulnerabilities appeared first on Cyberscoop.

Continue reading Researchers steal bitcoin by exploiting SS7 vulnerabilities→

Critical RCE flaw in ATM security software found

Posted on May 4, 2017 by Zeljka Zorz

Researchers from Positive Technologies have unearthed a critical vulnerability (CVE-2017-6968) in Checker ATM Security by Spanish corporate group GMV Innovating Solutions. The software and the flaw Checker ATM Security is a specialized security solution aimed at keeping ATMs safe from logical attacks. It does so by enforcing application whitelisting, full hard disk encryption, providing ACL-based control of process execution and resource access, enforcing security policies, restricting attempts to connect peripheral devices, and so on. The … More → Continue reading Critical RCE flaw in ATM security software found→