Adobe has released an advisory that describes the Flash Player vulnerability, which previously prompted security researchers Jeremiah Grossman and Robert Hansen to halt the disclosure of technical details regarding clickjacking attacks. According to the advisory, by using clickjacking techniques, an attacker can gain access to a user's webcam and microphone by tricking the user into unknowingly enabling them via the Flash Player Settings Manager.Clickjacking is generic name describing various attacks that allow redirecting a user's mouse click from a legit item on a Web page to whatever the attacker desires. This means that clickj... [read more >>] Monday marked a dark day for all organizations and institutions that rely on the MIFARE Classic RFID smart cards, as two separately released research papers describe how to hack and clone such cards in a matter of minutes. These cards are used across the globe for access to transit systems and institutions, both private and governmental.The MIFARE Classic chips are produced by NXP Semiconductors and use a proprietary security protocol. NXP's official figures say that about 2 billion MIFARE Classic cards were sold, but other estimations put the number at over 3 billion world-wide. Security researchers have been warning about a serious f... [read more >>] Researchers from the Swedish security company Outpost24 have discovered a major flaw in the design of TCP stacks which could put TCP-enabled devices at risk. According to their findings, which they kept secret for three years, performing DoS attacks through this vulnerability would require little bandwidth and the attacked devices would need rebooting in order for proper functionality to be restored.The researchers discovered this vulnerability back in 2005 and they claim it affects most, if not all, TCP stack implementations out there. With every TCP-enabled device being at risk, this affects everyone on the Internet, ranging from billions... [read more >>] Researchers Jeremiah Grossman, founder of WhiteHat Security, and Robert “RSnake” Hansen, founder of SecTheory, announced that they would fully disclose their research and PoC exploits at the Hack In The Box (HITB) conference in Kuala Lumpur, 27-30 October. The researchers previously canceled the presentation of critical clickjacking vulnerabilities that affect all current browsers at the request of Adobe. Clickjacking is a type of attack that allows hijacking the mouse clicks of users on a website and redirecting them to other items. This means, for example, that while a user sees, inside the browser, that he is clicking on a le... [read more >>] The UK Ministry of Defence (MoD) has to deal with yet another sensitive information data leak incident. According to the Daily Mail, three portable storage devices containing the personal information of up to 50,000 retired and active military personnel have been stolen from the RAF Innsworth base in Gloucestershire.The hard drives were stolen from the Service Personnel and Veterans Agency offices and the information is believed to consist of appraisal records. Such records can include a person's name, service number, address, birth date, where they served, what promotions they got and why, as well as what medals they were awarded. Acc... [read more >>] Only a few days after the UnitedLayer transit provider accepted to strike a peering deal with Intercage, under certain costly conditions, the ISP decided to pull the plug. This is the second time in one week that the infamous malware hosting company finds itself no longer reachable on the Internet.We have been tracking the whole Intercage – Atrivo story for some time now, but for our readers who haven't followed up all the articles, here is some background information. Intercage, also known as Atrivo in the past, used to offer hosting solutions to the well known cybercriminal group going by the name of the Russian Business Networ... [read more >>] After the infamous hosting company Intercage (Atrivo) was dropped by all of its ISPs due to increasing pressure from security groups and researchers that were accusing the company for housing extensive criminal activity, the UnitedLayer transit provider stepped up to the challenge of providing them with uplink.As we recently wrote, Intercage has been the subject of many security reports and media articles that were connecting the company with cybercriminal groups. Due to the increasing bad publicity being generated and the risk of getting their IP ranges added to various blacklists, the three ISPs, Global Crossing, WVFiber and Bandcon, that... [read more >>] Following a collaborated effort from security researchers, anti-spam groups and online media to disclose the connection between cyber criminal groups and Intercage Inc., all its ISPs were pressured by bad publicity or their own clients to sever ties with the California based company. Their last remaining ISP, Pacific Internet Exchange, stopped routing traffic to the company and depeered them, thus leaving their servers inaccessible from anywhere on the Internet.As we previously reported, Atrivo is a name that became famous for providing hosting and domain registration services directly or through its partners to the Russian Business Network... [read more >>] It looks like the rumor that David Kernell, a 20-year-old student at the University of Tennessee in Knoxville, is the person responsible for illegally accessing Sarah Palin's e-mail account is shaping up to be true. The FBI searched an apartment at The Commons in Knoxville, a student housing complex located in the vicinity of the university's campus. A local witness reports that the apartment raided by the FBI belongs to David Kernell.A few days ago, we reported that David Kernell was pointed out by the blogosphere as being the real name behind the user calling himself rubico, who posted a confession regarding the hack of Sarah Pa... [read more >>] The owner of the proxy service used by the person who hacked Sarah Palin's e-mail was contacted by the FBI regarding the server logs and is currently working to provide them. Meanwhile, the person whose e-mail was used to sign a confession circulating on the Internet was identified as David Kernell, son of democratic Tennessee state representative Mike Kernell.The alleged hacker of Sarah Palin's Yahoo e-mail account appears to have made two major mistakes. The first was to include the browser address bar in the screen shots he released. The address bar contained an almost complete URL from the Ctunnel proxy service that was used. ... [read more >>] | 
RSS
