Iranian Hackers Spotted Using a new DNS Hijacking Malware in Recent Attacks

Iranian Hackers Spotted Using a new DNS Hijacking Malware in Recent Attacks,

The Iranian state-sponsored threat actor tracked under the moniker Lyceum has turned to using a new custom .NET-based backdoor in recent campaigns directed against the Middle East.
« The new malware is a .NET based DNS Backdoor which is a customized version of the open source tool ‘DIG.net,' » Zscaler ThreatLabz researchers Niraj Shivtarkar and Avinash Kumar said in a report published last week.
« 

,

The Iranian state-sponsored threat actor tracked under the moniker Lyceum has turned to using a new custom .NET-based backdoor in recent campaigns directed against the Middle East.
« The new malware is a .NET based DNS Backdoor which is a customized version of the open source tool ‘DIG.net,' » Zscaler ThreatLabz researchers Niraj Shivtarkar and Avinash Kumar said in a report published last week.
« 

, ,
https://thehackernews.com/2022/06/iranian-hackers-spotted-using-new-dns.html

Ce hacker a trouvé un nouveau moyen de pirater une Tesla… et de partir avec

Ce hacker a trouvé un nouveau moyen de pirater une Tesla… et de partir avec,

,

Martin Herfurt Timer Autorization Attack

Une faille dans les dispositifs d’accès des voitures Tesla permet aux pirates de créer un double des clés numérique, à condition d’être là au bon endroit et au bon moment.

L’article Ce hacker a trouvé un nouveau moyen de pirater une Tesla… et de partir avec est à retrouver sur 01net.com.

, ,
https://www.01net.com/actualites/ce-hacker-a-trouve-un-nouveau-moyen-de-pirater-une-tesla-et-partir-avec.html

MIT Researchers Discover New Flaw in Apple M1 CPUs That Can’t Be Patched

MIT Researchers Discover New Flaw in Apple M1 CPUs That Can’t Be Patched

,

A novel hardware attack dubbed PACMAN has been demonstrated against Apple’s M1 processor chipsets, potentially arming a malicious actor with the capability to gain arbitrary code execution on macOS systems.
It leverages « speculative execution attacks to bypass an important memory protection mechanism, ARM Pointer Authentication, a security feature that is used to enforce pointer integrity, » MIT

,

A novel hardware attack dubbed PACMAN has been demonstrated against Apple’s M1 processor chipsets, potentially arming a malicious actor with the capability to gain arbitrary code execution on macOS systems.
It leverages « speculative execution attacks to bypass an important memory protection mechanism, ARM Pointer Authentication, a security feature that is used to enforce pointer integrity, » MIT

, ,
https://thehackernews.com/2022/06/mit-researchers-discover-new-flaw-in.html

Researchers Find Bluetooth Signals Can be Fingerprinted to Track Smartphones

Researchers Find Bluetooth Signals Can be Fingerprinted to Track Smartphones,

A new research undertaken by a group of academics from the University of California San Diego has revealed for the first time that Bluetooth signals can be fingerprinted to track smartphones (and therefore, individuals).
The identification, at its core, hinges on imperfections in the Bluetooth chipset hardware introduced during the manufacturing process, resulting in a « unique physical-layer

,

A new research undertaken by a group of academics from the University of California San Diego has revealed for the first time that Bluetooth signals can be fingerprinted to track smartphones (and therefore, individuals).
The identification, at its core, hinges on imperfections in the Bluetooth chipset hardware introduced during the manufacturing process, resulting in a « unique physical-layer

, ,
https://thehackernews.com/2022/06/researchers-find-bluetooth-signals-can.html

Researchers Detail How Cyber Criminals Targeting Cryptocurrency Users

Researchers Detail How Cyber Criminals Targeting Cryptocurrency Users,

Cybercriminals are impersonating popular crypto platforms such as Binance, Celo, and Trust Wallet with spoofed emails and fake login pages in an attempt to steal login details and deceptively transfer virtual funds.
« As cryptocurrency and non-fungible tokens (NFTs) become more mainstream, and capture headlines for their volatility, there is a greater likelihood of more individuals falling victim

,

Cybercriminals are impersonating popular crypto platforms such as Binance, Celo, and Trust Wallet with spoofed emails and fake login pages in an attempt to steal login details and deceptively transfer virtual funds.
« As cryptocurrency and non-fungible tokens (NFTs) become more mainstream, and capture headlines for their volatility, there is a greater likelihood of more individuals falling victim

, ,
https://thehackernews.com/2022/06/researchers-detail-how-cyber-criminals.html

Researchers Disclose Critical Flaws in Industrial Access Control System from Carrier

Researchers Disclose Critical Flaws in Industrial Access Control System from Carrier,

As many as eight zero-day vulnerabilities have been disclosed in Carrier’s LenelS2 HID Mercury access control system that’s used widely in healthcare, education, transportation, and government facilities.
« The vulnerabilities uncovered allowed us to demonstrate the ability to remotely unlock and lock doors, subvert alarms and undermine logging and notification systems, » Trellix security

,

As many as eight zero-day vulnerabilities have been disclosed in Carrier’s LenelS2 HID Mercury access control system that’s used widely in healthcare, education, transportation, and government facilities.
« The vulnerabilities uncovered allowed us to demonstrate the ability to remotely unlock and lock doors, subvert alarms and undermine logging and notification systems, » Trellix security

, ,
https://thehackernews.com/2022/06/researchers-disclose-critical-flaws-in.html

New Privacy Framework for IoT Devices Gives Users Control Over Data Sharing

New Privacy Framework for IoT Devices Gives Users Control Over Data Sharing,

A newly designed privacy-sensitive architecture aims to enable developers to create smart home apps in a manner that addresses data sharing concerns and puts users in control over their personal information. 
Dubbed Peekaboo by researchers from Carnegie Mellon University, the system « leverages an in-home hub to pre-process and minimize outgoing data in a structured and enforceable manner before

,

A newly designed privacy-sensitive architecture aims to enable developers to create smart home apps in a manner that addresses data sharing concerns and puts users in control over their personal information. 
Dubbed Peekaboo by researchers from Carnegie Mellon University, the system « leverages an in-home hub to pre-process and minimize outgoing data in a structured and enforceable manner before

, ,
https://thehackernews.com/2022/06/new-privacy-framework-for-iot-devices.html

Symbiote: A Stealthy Linux Malware Targeting Latin American Financial Sector

Symbiote: A Stealthy Linux Malware Targeting Latin American Financial Sector,

Cybersecurity researchers have taken the wraps off what they call a « nearly-impossible-to-detect » Linux malware that could be weaponized to backdoor infected systems.
Dubbed Symbiote by threat intelligence firms BlackBerry and Intezer, the stealthy malware is so named for its ability to conceal itself within running processes and network traffic and drain a victim’s resources like a parasite.

,

Cybersecurity researchers have taken the wraps off what they call a « nearly-impossible-to-detect » Linux malware that could be weaponized to backdoor infected systems.
Dubbed Symbiote by threat intelligence firms BlackBerry and Intezer, the stealthy malware is so named for its ability to conceal itself within running processes and network traffic and drain a victim’s resources like a parasite.

, ,
https://thehackernews.com/2022/06/symbiote-stealthy-linux-malware.html

Even the Most Advanced Threats Rely on Unpatched Systems

Even the Most Advanced Threats Rely on Unpatched Systems,

Common cybercriminals are a menace, there’s no doubt about it – from bedroom hackers through to ransomware groups, cybercriminals are causing a lot of damage. But both the tools used and the threat posed by common cybercriminals pale in comparison to the tools used by more professional groups such as the famous hacking groups and state-sponsored groups.
In fact, these tools can prove almost

,

Common cybercriminals are a menace, there’s no doubt about it – from bedroom hackers through to ransomware groups, cybercriminals are causing a lot of damage. But both the tools used and the threat posed by common cybercriminals pale in comparison to the tools used by more professional groups such as the famous hacking groups and state-sponsored groups.
In fact, these tools can prove almost

, ,
https://thehackernews.com/2022/06/even-most-advanced-threats-rely-on.html

Comment les hackers chinois asservissent les réseaux des opérateurs télécoms

Comment les hackers chinois asservissent les réseaux des opérateurs télécoms,

,

Hacking pirate code

Les pirates de l’Empire du Milieu exploitent des failles non patchées sur les routeurs pour se frayer un chemin dans les réseaux et mettre ces infrastructures à leur merci. C’est méthodique… et effrayant.

The post Comment les hackers chinois asservissent les réseaux des opérateurs télécoms appeared first on 01net.com.

, ,
https://www.01net.com/actualites/comment-les-hackers-chinois-asservissent-les-reseaux-des-operateurs-telecoms.html