Researchers Disclose Rooting Backdoor in Mitel IP Phones for Businesses

Researchers Disclose Rooting Backdoor in Mitel IP Phones for Businesses,

Cybersecurity researchers have disclosed details of two medium-security flaws in Mitel 6800/6900 desk phones that, if successfully exploited, could allow an attacker to gain root privileges on the devices.
Tracked as CVE-2022-29854 and CVE-2022-29855 (CVSS score: 6.8), the access control issues were discovered by German penetration testing firm SySS, following which patches were shipped in May

,

Cybersecurity researchers have disclosed details of two medium-security flaws in Mitel 6800/6900 desk phones that, if successfully exploited, could allow an attacker to gain root privileges on the devices.
Tracked as CVE-2022-29854 and CVE-2022-29855 (CVSS score: 6.8), the access control issues were discovered by German penetration testing firm SySS, following which patches were shipped in May

, ,
https://thehackernews.com/2022/06/researchers-disclose-rooting-backdoor.html

Quick and Simple: BPFDoor Explained

Quick and Simple: BPFDoor Explained,

BPFDoor isn’t new to the cyberattack game — in fact, it’s gone undetected for years — but PwC researchers discovered the piece of malware in 2021. Subsequently, the cybersecurity community is learning more about the stealthy nature of malware, how it works, and how it can be prevented.
What’s BPFDoor?
BPFDoor is a piece of malware associated with China-based threat actor Red Menshen that has hit

,

BPFDoor isn’t new to the cyberattack game — in fact, it’s gone undetected for years — but PwC researchers discovered the piece of malware in 2021. Subsequently, the cybersecurity community is learning more about the stealthy nature of malware, how it works, and how it can be prevented.
What’s BPFDoor?
BPFDoor is a piece of malware associated with China-based threat actor Red Menshen that has hit

, ,
https://thehackernews.com/2022/06/quick-and-simple-bpfdoor-explained.html

Hello XD Ransomware Installing Backdoor on Targeted Windows and Linux Systems

Hello XD Ransomware Installing Backdoor on Targeted Windows and Linux Systems,

Windows and Linux systems are being targeted by a ransomware variant called HelloXD, with the infections also involving the deployment of a backdoor to facilitate persistent remote access to infected hosts.
« Unlike other ransomware groups, this ransomware family doesn’t have an active leak site; instead it prefers to direct the impacted victim to negotiations through Tox chat and onion-based

,

Windows and Linux systems are being targeted by a ransomware variant called HelloXD, with the infections also involving the deployment of a backdoor to facilitate persistent remote access to infected hosts.
« Unlike other ransomware groups, this ransomware family doesn’t have an active leak site; instead it prefers to direct the impacted victim to negotiations through Tox chat and onion-based

, ,
https://thehackernews.com/2022/06/hello-xd-ransomware-installing-backdoor.html

Iranian Hackers Spotted Using a new DNS Hijacking Malware in Recent Attacks

Iranian Hackers Spotted Using a new DNS Hijacking Malware in Recent Attacks,

The Iranian state-sponsored threat actor tracked under the moniker Lyceum has turned to using a new custom .NET-based backdoor in recent campaigns directed against the Middle East.
« The new malware is a .NET based DNS Backdoor which is a customized version of the open source tool ‘DIG.net,' » Zscaler ThreatLabz researchers Niraj Shivtarkar and Avinash Kumar said in a report published last week.
« 

,

The Iranian state-sponsored threat actor tracked under the moniker Lyceum has turned to using a new custom .NET-based backdoor in recent campaigns directed against the Middle East.
« The new malware is a .NET based DNS Backdoor which is a customized version of the open source tool ‘DIG.net,' » Zscaler ThreatLabz researchers Niraj Shivtarkar and Avinash Kumar said in a report published last week.
« 

, ,
https://thehackernews.com/2022/06/iranian-hackers-spotted-using-new-dns.html

Ce hacker a trouvé un nouveau moyen de pirater une Tesla… et de partir avec

Ce hacker a trouvé un nouveau moyen de pirater une Tesla… et de partir avec,

,

Martin Herfurt Timer Autorization Attack

Une faille dans les dispositifs d’accès des voitures Tesla permet aux pirates de créer un double des clés numérique, à condition d’être là au bon endroit et au bon moment.

L’article Ce hacker a trouvé un nouveau moyen de pirater une Tesla… et de partir avec est à retrouver sur 01net.com.

, ,
https://www.01net.com/actualites/ce-hacker-a-trouve-un-nouveau-moyen-de-pirater-une-tesla-et-partir-avec.html

MIT Researchers Discover New Flaw in Apple M1 CPUs That Can’t Be Patched

MIT Researchers Discover New Flaw in Apple M1 CPUs That Can’t Be Patched

,

A novel hardware attack dubbed PACMAN has been demonstrated against Apple’s M1 processor chipsets, potentially arming a malicious actor with the capability to gain arbitrary code execution on macOS systems.
It leverages « speculative execution attacks to bypass an important memory protection mechanism, ARM Pointer Authentication, a security feature that is used to enforce pointer integrity, » MIT

,

A novel hardware attack dubbed PACMAN has been demonstrated against Apple’s M1 processor chipsets, potentially arming a malicious actor with the capability to gain arbitrary code execution on macOS systems.
It leverages « speculative execution attacks to bypass an important memory protection mechanism, ARM Pointer Authentication, a security feature that is used to enforce pointer integrity, » MIT

, ,
https://thehackernews.com/2022/06/mit-researchers-discover-new-flaw-in.html

Researchers Find Bluetooth Signals Can be Fingerprinted to Track Smartphones

Researchers Find Bluetooth Signals Can be Fingerprinted to Track Smartphones,

A new research undertaken by a group of academics from the University of California San Diego has revealed for the first time that Bluetooth signals can be fingerprinted to track smartphones (and therefore, individuals).
The identification, at its core, hinges on imperfections in the Bluetooth chipset hardware introduced during the manufacturing process, resulting in a « unique physical-layer

,

A new research undertaken by a group of academics from the University of California San Diego has revealed for the first time that Bluetooth signals can be fingerprinted to track smartphones (and therefore, individuals).
The identification, at its core, hinges on imperfections in the Bluetooth chipset hardware introduced during the manufacturing process, resulting in a « unique physical-layer

, ,
https://thehackernews.com/2022/06/researchers-find-bluetooth-signals-can.html

Researchers Detail How Cyber Criminals Targeting Cryptocurrency Users

Researchers Detail How Cyber Criminals Targeting Cryptocurrency Users,

Cybercriminals are impersonating popular crypto platforms such as Binance, Celo, and Trust Wallet with spoofed emails and fake login pages in an attempt to steal login details and deceptively transfer virtual funds.
« As cryptocurrency and non-fungible tokens (NFTs) become more mainstream, and capture headlines for their volatility, there is a greater likelihood of more individuals falling victim

,

Cybercriminals are impersonating popular crypto platforms such as Binance, Celo, and Trust Wallet with spoofed emails and fake login pages in an attempt to steal login details and deceptively transfer virtual funds.
« As cryptocurrency and non-fungible tokens (NFTs) become more mainstream, and capture headlines for their volatility, there is a greater likelihood of more individuals falling victim

, ,
https://thehackernews.com/2022/06/researchers-detail-how-cyber-criminals.html

Researchers Disclose Critical Flaws in Industrial Access Control System from Carrier

Researchers Disclose Critical Flaws in Industrial Access Control System from Carrier,

As many as eight zero-day vulnerabilities have been disclosed in Carrier’s LenelS2 HID Mercury access control system that’s used widely in healthcare, education, transportation, and government facilities.
« The vulnerabilities uncovered allowed us to demonstrate the ability to remotely unlock and lock doors, subvert alarms and undermine logging and notification systems, » Trellix security

,

As many as eight zero-day vulnerabilities have been disclosed in Carrier’s LenelS2 HID Mercury access control system that’s used widely in healthcare, education, transportation, and government facilities.
« The vulnerabilities uncovered allowed us to demonstrate the ability to remotely unlock and lock doors, subvert alarms and undermine logging and notification systems, » Trellix security

, ,
https://thehackernews.com/2022/06/researchers-disclose-critical-flaws-in.html

New Privacy Framework for IoT Devices Gives Users Control Over Data Sharing

New Privacy Framework for IoT Devices Gives Users Control Over Data Sharing,

A newly designed privacy-sensitive architecture aims to enable developers to create smart home apps in a manner that addresses data sharing concerns and puts users in control over their personal information. 
Dubbed Peekaboo by researchers from Carnegie Mellon University, the system « leverages an in-home hub to pre-process and minimize outgoing data in a structured and enforceable manner before

,

A newly designed privacy-sensitive architecture aims to enable developers to create smart home apps in a manner that addresses data sharing concerns and puts users in control over their personal information. 
Dubbed Peekaboo by researchers from Carnegie Mellon University, the system « leverages an in-home hub to pre-process and minimize outgoing data in a structured and enforceable manner before

, ,
https://thehackernews.com/2022/06/new-privacy-framework-for-iot-devices.html