DecryptedTech

Tuesday05 July 2022

Displaying items by tag: Malware

Last year during DEF CON 22 we saw a demonstration of a UEFI root kit that was extremely worrying. This root kit was installed using a multipart systems to infect the UEFI BIOS in such a way as to grant the same level of access to an attacker as the CPU has (Ring 0). It was an almost unprecedented style of attack. When we reported on this many seemed to feel that it was not an issue. Now researchers are finding evidence of this same type of attack in the data lifted from the Hacking Team.

Published in News

Although it will not come as a surprise, there seems to be yet another bug in Adobe’s flash player that allows for an attacker to potentially take control of a system by forcing a crash of the application. According to TrendMicro, CVE 2015-5123 is a critical bug in the latest version of Flash player for Linux, Windows, and OSX operating systems. Adobe has already released a customer advisory stating they are already aware of this flaw being exploited in the wild.

Published in News

The Italian Security firm Hacking Team is now admitting that their spying software is potentially in the hands of bad guys. After a hack that saw roughly 400GB of company information liberated from their systems they have been monitoring what is being released online. They have now concluded that there is sufficient source code for their monitoring applications to allow someone to mount the same style surveillance that they were providing to their clients.

Published in News

On March 2 2015 CVE-2015-1187 was released. This alert indicated that a simple cross-site request forgery allowed someone (the “bad” guys) to hijack DNS settings on a wide range of routers. By doing this they were able to point people to their own DNS server and in turn direct them to malicious sites. These sites could be anything they wanted them to be from phishing sites to sites with malware intended to compromise the target system. The exploit is a pretty smart one especially when you take into account the fact that the bad guys do not need to remotely manage the target router to get this going.

Published in News

The idea of GPU accelerated applications is one that has caught the attention of many developers over the years since we first heard about it. It is a great advancement in technology that allows you to use the parallel processing and faster memory of a GPU to perform complex tasks much faster than most CPUs can. This is great for software that needs that extra boost like AI, video or photo editing and… Malware. Yes it is also possible to develop malware that uses OpenCL and Cuda (NVIDIA’s flavor of GPU programing language.

Published in News
Tagged under

There is a common belief that Linux and BSD operating systems are, by their nature, much more secure than anything Microsoft has ever released. The problem with this belief is that it is simply not true. Linux, BSD and Windows can all be made more secure than they are by default, but there is work involved and there is a tradeoff of ease of use when you start locking things down. Many web hosts running Linux or BSD do not really have the time or available man power to really lock their host systems down which leaves them vulnerable to a number of attacks.

Published in News

Over the weekend there was a lot of talk about how Windows in particular is vulnerable to a flaw that is linked to SMB. This flaw could allow someone to grab user information by forcing a redirect to a malicious server using the SMB protocol. The way it works is pretty simple; if you give someone a URL that begins with the work “file” then Windows (and some other systems) will think that you want to use SMB to connect to a file share. If the server that the link (URL) points to uses even basic authentication then you can try and tempt a user to put in their own credentials and grab them during the exchange.

Published in News

It is no secret that malware is often spread through sites that offer pirated content. No matter the type of content there is a chance that someone has put up a file that is little more than malware. This type of behavior is common and plays into human nature in many ways. It also replies on the fact that many anti-malware applications already see cracked files and key generators are malware. This makes people ignore warnings from the systems designed to protect them and end up installing more than just the game they wanted to get out of playing.

Published in News
Tuesday, 24 March 2015 11:15

PoS systems are the new compromise cash cow...

The Point of Sale (PoS) station is probably one of the most targeted devices in recent years. There are multiple reasons for this: older operating systems, the need to POS users to have admin rights, generic logons for the “windows” accounts, and more. Most PoS softare is very resistant to attempts to properly secure it including getting all sorts of bent out of shape when you try to apply restrictive security policies to them. I have even seen them stop working because the removable drive mount option is removed from USB ports using a group policy object.

Published in News
Tuesday, 24 March 2015 09:33

More hacking fun with the UEFI BIOS

Back in August of 2014 while covering DEFCON 22 we sat in on a talk about how insecure the UEFI BIOS was and how it could potentially grant a malicious person ring zero access to your system. The talk was given by Corey Kallenberg and Xeno Kovah and they showed just how easy it would be to plant non-removable malware into the UEFI BIOS as well as how easy it would be to kill the BIOS remotely by affecting only two lines of code in the BIOS.

Published in News
Page 7 of 17