Tag Archives: zero day
Microsoft patches Internet Explorer flaw being used to hijack PCs
The bogus expert and social media chicanery of DC’s top cyber think tank
iOS HomeKit bug exposed smart locks to unauthorized access
Samsung’s in-house OS is a security nightmare
Microsoft patch for Google-outed exploit is still a week away
Homeland Security urges you to uninstall QuickTime on Windows
FBI: Yes, we exploit unpatched security holes
FBI turning to private sector to hack phones, exploit unknown security holes
Thanks to the NSA PRISM revelations we've all lost our innocence about government cyber-spying, but how far down that rabbit-hole has law-enforcement gone? Revelations from the Def Con hacking conference in Las Vegas show that such tactics are old hat for another US anti-crime department: the FBI. For instance, one ex-official said that the bureau's analysts (shown above) can routinely turn on the microphones in laptops and Android devices to record conversations without a person's knowledge. On top of such in-house expertise, a private sector cottage industry has sprung up around cyber surveillance, marketing programs that can also hack handheld devices and PCs. One company even markets "zero day" bugging software that exploits unknown security holes -- meaning crime lords can't just patch their browsers to avoid detection.
[Image credit: Wikimedia Commons]
Source: WSJ
Flame malware snoops on PCs across the Middle East, makes Stuxnet look small-time
Much ado was made when security experts found Stuxnet wreaking havoc, but it's looking as though the malware was just a prelude to a much more elaborate attack that's plaguing the Middle East. Flame, a backdoor Windows trojan, doesn't just sniff and steal nearby network traffic info -- it uses your computer's hardware against you. The rogue code nabs phone data over Bluetooth, spreads over USB drives and records conversations from the PC's microphone. If that isn't enough to set even the slightly paranoid on edge, it's also so complex that it has to infect a PC in stages; Flame may have been attacking computers since 2010 without being spotted, and researchers at Kaspersky think it may be a decade before they know just how much damage the code can wreak.
No culprit has been pinpointed yet, but a link to the same printer spool vulnerability used by Stuxnet has led researchers to suspect that it may be another instance of a targeted cyberwar attack given that Iran, Syria and a handful of other countries in the region are almost exclusively marked as targets. Even if you live in a 'safe' region, we'd keep an eye out for any suspicious activity knowing that even a fully updated Windows 7 PC can be compromised.
Flame malware snoops on PCs across the Middle East, makes Stuxnet look small-time originally appeared on Engadget on Mon, 28 May 2012 17:07:00 EDT. Please see our terms for use of feeds.
Permalink | | Email this | Comments