Attacks

Home / Security / Attacks

DDoS Attack on Dyn DNS and Level3 Outages

Twitter, Reddit, Spotify, PSN, XBox, Netflix, Github, PayPal and bunch of other websites were offline earlier today. That’s because someone conducted a massive distributed denial of service (DDoS) attack on the Dyn DNS, a world renowned Domain Name Servers (DNS) service provider. You can read the most recent status messages at DynDNS. So far there [...]

By | October 21st, 2016|Categories: Attacks, Security|Tags: , , , , , |0 Comments

Attack Allows OS X Malware To Piggyback On Your Webcam

Security researcher Patrick Wardle of Synack has discovered a new potential use of malware that targets the use of the Mac OS X webcam. This new attack allows OS X malware to record video and audio whenever a victim legitimately turns on their webcam, without drawing attention to itself. As you can see in the [...]

By | October 6th, 2016|Categories: Attacks, Malware, Security|Tags: , , , , , , , , , |0 Comments

Linux Trojan Linux.Mirai Source Code Leaked

The malicious program first appeared in May 2016, detected by Doctor Web after being added to its virus database under the name Linux.DDoS.87 and Linux.DDoS.89. The Trojan can work with with the SPARC, ARM, MIPS, SH-4, M68K architectures and Intel x86 computers. It has similar features as Linux.BackDoor.Fgt, a backdoor that was found infecting Linux [...]

CVE-2016-6415 IKEv1 Information Disclosure Vulnerability in Multiple Cisco Products

On Friday, Cisco published a high level security advisory CVE-2016-6415 for an IKEv1 Information Disclosure Vulnerability that affects multiple Cisco products including: Cisco IOS, Cisco IOS XR, and Cisco IOS XE. The vulnerability is in the IKEv1 packet processing code which could allow an unauthenticated remote attacker to retrieve memory contents, which could lead to [...]

Mozilla Plans Firefox Update Tuesday For MitM Attacks

Mozilla officials have announced that they plan to push a security update for their Firefox browser on Tuesday, September 20, 2016. This patch fixes the same cross-platform, malicious code-execution vulnerability patched Friday in the Tor browser. The Attack The vulnerability allows an attacker who has a man-in-the-middle position and is able to obtain a forged [...]

By | September 16th, 2016|Categories: Attacks, Security|Tags: , , , , , , , , , |0 Comments

Attack Leverages Windows Safe Mode

Researchers at CyberArk have published a proof-of-concept attack that leverages Windows Safe Mode to expose credentials and gain further access to a PC or Windows Servers. They first discovered this attack back in February and even reported it to the Microsoft Security Response Center who said it was not a valid vulnerability. An attacker would [...]

By | September 15th, 2016|Categories: Attacks, Security|Tags: , , , |0 Comments

JAMF Could Allow For MITM Attack

JAMF Software has a number of solutions for fleet management of Apple products, including their own Apple MDM. The issue discussed in this post applies to the self-hosted JAMF Casper Suite and deploying a JSS. This suite of tools includes software that will help track inventory, manage devices, implement security policies, and deployment of software [...]

By | September 12th, 2016|Categories: Attacks, Security|Tags: , , , , , , , , , , |0 Comments

Modified USB Ethernet Adapter Can Steal Windows and Mac Credentials

A security researcher by the name of Rob Fuller has posted an article on Softpedia where he has discovered a unique attack method that can steal PC credentials from Windows and Mac computers, and possibly Linux (currently untested). He used USB ethernet adapters where he modified the firmware code so that it runs special software [...]

By | September 7th, 2016|Categories: Attacks, Security|Tags: , , , |0 Comments

Sweet32 Attacks Against Triple-DES (3DES) and Blowfish

Legacy ciphers such as triple-DES (3DES) and Blowfish are vulnerable to Sweet32 attacks, which let attackers decrypt HTTPS sessions even without the encryption key. Security researchers were able to use a Sweet32 attack and take authentication cookies from HTTPS-protected traffic using triple-DES (3DES) and Blowfish and recover login credentials to be able to access to [...]

By | August 25th, 2016|Categories: Attacks, Security|Tags: , , , , , , |0 Comments
Load More Posts