Category Archives: Qihoo 360

‘Chaos’ iPhone X Attack Alleges Remote Jailbreak

Posted on by

The attack makes use of previously disclosed critical vulnerabilities in the Apple Safari web browser and iOS. Continue reading ‘Chaos’ iPhone X Attack Alleges Remote Jailbreak

Adobe patches newly exploited Flash zero-day

Posted on by

Adobe has released an out-of-band security update for Flash Player that fixes two vulnerabilities, one of which is a zero-day (CVE-2018-15982) that has been spotted being exploited in the wild. About the vulnerability (CVE-2018-15982) CVE-2018-15982 is… Continue reading Adobe patches newly exploited Flash zero-day

Adobe releases fix for actively exploited Flash Player zero-day

Posted on by

If you’re still using Flash Player, it’s time to update it again – and quickly: Adobe has just patched a critical zero day vulnerability (CVE-2018-5002) actively exploited in the wild. The attacks are “limited, targeted attacks … Continue reading Adobe releases fix for actively exploited Flash Player zero-day

Adobe Patches Zero-Day Flash Flaw

Posted on by

Adobe has released an emergency update to address a critical security hole in its Flash Player browser plugin that is being actively exploited to deploy malicious software. If you’ve got Flash installed — and if you’re using Google Chrome or a recent version of Microsoft Windows you do — it’s time once again to make sure your copy of Flash is either patched, hobbled or removed. Continue reading Adobe Patches Zero-Day Flash Flaw

Chinese researchers warn blockchain company EOS about ‘epic’ vulnerability in soon-to-launch platform

Posted on by

The developers of one of the top-traded cryptocurrencies, EOS, say they’ve patched a critical vulnerability that reportedly could have compromised EOS’s entire forthcoming platform. Chinese security company Qihoo 360 said in a Tuesday blog post that its researchers discovered an “epic” vulnerability in the EOS platform that could allow someone to manipulate all transactions. In a technical write-up, security researchers with Qihoo 360 explained that a hacker would have been able to upload a smart contract with malicious code onto the EOS mainnet and take over a node. Smart contracts are a feature of blockchain and cryptocurrencies that allow for transactions without middlemen. Once the malicious code takes control of a relevant server, an “attacker could then pack the malicious contract into new block (sic) and further control all nodes of the EOS network.” Qihoo 360 warns that because of the distributed nature of blockchain technology, compromising one node can put the […]

The post Chinese researchers warn blockchain company EOS about ‘epic’ vulnerability in soon-to-launch platform appeared first on Cyberscoop.

Continue reading Chinese researchers warn blockchain company EOS about ‘epic’ vulnerability in soon-to-launch platform

Android devices roped into new Monero-mining botnet

Posted on by

A new Monero-mining bot sprang up a few days ago and, in just a few days, has created a botnet consisting of over 7,000 Android devices, most of which are located in China (39%) and Korea (39%). Spreading capabilities The rise of the botnet has been fl… Continue reading Android devices roped into new Monero-mining botnet

Google awards record $112,500 bug bounty for Android exploit chain

Posted on by

Google awarded a record $112,500 bug bounty to a Chinese security researcher after he submitted the first working Android remote exploit chain since the company’s Android Security Rewards program raised top payout levels in 2017. Guang Gong, a researcher who works for billion-dollar Chinese security firm Qihoo 360 Technology, submitted the bugs in August. The bugs, CVE-2017-5116 and CVE-2017-14904, were resolved in a December 2017 security update. Google announced the full payout this week. The exploit chain goes after the Pixel, Google’s own flagship mobile device. It’s widely touted as the most secure Android phone on the market. The first vulnerability allows a remote attacker to execute arbitrary code, via crafted HTML, inside the Chrome browser’s sandbox. The second is a bug that allows an escape from Chrome’s sandbox. Combined, the vulnerabilities allow attackers to remotely inject arbitrary code into the Pixel’s system_server process if the phone’s user accesses certain malicious URLs in Chrome. Gong and the Qihoo 360 team know a thing or two […]

The post Google awards record $112,500 bug bounty for Android exploit chain appeared first on Cyberscoop.

Continue reading Google awards record $112,500 bug bounty for Android exploit chain

Hacker exploits router zero-day vulnerability in efforts to build Mirai-like botnet

Posted on by

Hackers are attacking hundreds of thousands of Huawei routers with variants of Mirai malware in a bid to build a massive botnet like arsenal used in global cyberattacks in 2016, according to the Israeli cybersecurity firm Check Point. A zero-day vulnerability in the Huawei home router HG532 is being exploited to deliver a payload called Satori (or Okiru) by an amateur identified as “Nexus Zeta,” Check Point says. Mirai malware was first discovered in August 2016. By October of that year, it was behind the vast denial-of-service attacks against the Domain Name System provider Dyn. The offensive brought down a wide array of services, including Twitter, Reddit, CNN, Fox News, Visa and Slack. Earlier this month, three men pleaded guilty to their roles in creating, operating and selling access to the botnet. Beginning in November 2017, Check Point detected global attacks against Huawei HG532 devices. One day later, the Chinese security firm Qihoo 360 Netlab spotted 100,000 IP addresses in Argentina […]

The post Hacker exploits router zero-day vulnerability in efforts to build Mirai-like botnet appeared first on Cyberscoop.

Continue reading Hacker exploits router zero-day vulnerability in efforts to build Mirai-like botnet