Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

Alert

NEWS - March 10, 2015

Mar 10, 2015 6:24AM PDT
Cutting-edge hack gives super user status by exploiting DRAM weakness

""Rowhammer" attack goes where few exploits have gone before, into silicon itself."

In one of more impressive hacks in recent memory, researchers have devised an attack that exploits physical weaknesses in certain types of DDR memory chips to elevate the system rights of untrusted users of Intel-compatible PCs running Linux.

The technique, outlined in a blog post published Monday by Google's Project Zero security initiative, works by reversing individual bits of data stored in DDR3 chip modules known as DIMMs. Last year, scientists proved that such "bit flipping" could be accomplished by repeatedly accessing small regions of memory, a feat that—like a magician who transforms a horse into a rabbit—allowed them to change the value of contents stored in computer memory. The research unveiled Monday showed how to fold such bit flipping into an actual attack.

Continued : http://arstechnica.com/security/2015/03/cutting-edge-hack-gives-super-user-status-by-exploiting-dram-weakness/

Related:
"Rowhammer" Flaw in DRAM Allows Privilege Escalation: Researchers
Ouch! Google crocks capacitors and deviates DRAM to root Linux
Rowhammer Hardware Exploit Poses Threat to DRAM Memory in Many Laptops, PCs

Discussion is locked

- Collapse -
Stuxnet Flaw Finally Gets Patched After More Than 4 Years
Mar 10, 2015 6:43AM PDT

Microsoft today issued a patch for a critical vulnerability thought to have been fixed more than four years ago. The flaw had enabled the notorious Stuxnet attack back in 2010.

The Stuxnet worm was an exploit that was used against a nuclear facility in Iran back in 2010, in part by taking advantage of a vulnerability in Windows. The vulnerability that enabled Stuxnet was identified as CVE-2010-2568, which was thought to have been patched by Microsoft in October 2010. More than four years later, Hewlett-Packard's (HP) Zero Day Initiative (ZDI) has discovered that the CVE-2010-2568 fix was not, in fact, complete and the underlying vulnerability has remained exploitable the whole time.

Continued : http://www.eweek.com/security/stuxnet-flaw-finally-gets-patched-after-more-than-4-years.html

Related :
Microsoft Fixes Stuxnet Bug, Again
Patched Windows PC remained vulnerable to Stuxnet USB exploits since 2010

- Collapse -
Apple issued update for FREAK flaw in OS X and iOS
Mar 10, 2015 6:43AM PDT

Apple has released security updates for OS X and iOS which, among other things, fix the FREAK flaw that may allow an attacker to decrypt secure communications between vulnerable clients and servers.

"Secure Transport [the Mac OS X and iPhone implementation of SSL and TLS] accepted short ephemeral RSA keys, usually used only in export-strength RSA cipher suites, on connections using full-strength RSA cipher suites. This issue, also known as FREAK, only affected connections to servers which support export-strength RSA cipher suites, and was addressed by removing support for ephemeral RSA keys," the company explained in the documents accompanying the updates.

In the case of OS X, the update solves several other serious flaws, most of which can allow arbitrary code execution. The patch for Secure Transport is available for OS X Mountain Lion (v10.8.5), OS X Mavericks (v10.9.5), and OS X Yosemite (v10.10.2).

Continued : http://www.net-security.org/secworld.php?id=18063

Also See:
Apple Fixes FREAK Bug, iCloud Flaw in iOS 8.2
iOS 8.2 stops attackers being able to restart your iPhone with a malicious Flash SMS

- Collapse -
Spoofing the Boss Turns Thieves a Tidy Profit
Mar 10, 2015 6:44AM PDT

Judy came within a whisker of losing $315,000 in cash belonging to her employer, a mid-sized manufacturing company in northeast Ohio. Judy's boss had emailed her, asking her to wire the money to China to pay for some raw materials. The boss, who was traveling abroad at the time, had requested such transfers before — at even higher amounts to manufacturers in China and elsewhere — so the request didn't seem unusual or suspicious.

Until it did. After Judy sent the wire instructions on to the finance department, something about the email stuck in her head: The message was far more formal-sounding than the tone of voice her boss normally used to express himself via email.

By the time she went back to review the missive and found she'd been scammed by an imposter, it was too late — the employee in charge of initiating wires at her company had already sent it on to the bank. Luckily, Judy's employer's bank hadn't yet processed the wire, and they were able to claw back the funds.

Continued: http://krebsonsecurity.com/2015/03/spoofing-the-boss-turns-thieves-a-tidy-profit/

- Collapse -
Cryptowall Makes a Comeback Via Malicious Help Files (CHM)
Mar 10, 2015 6:44AM PDT

Bitdefender's "HOT for Security" blog:

A new spam wave has hit hundreds of mailboxes with malicious .chm attachments to spread the infamous Cryptowall ransomware, malware researchers from Bitdefender Labs found.

Interestingly, hackers have resorted to a less "fashionable," yet highly effective trick to automatically execute malware on a victim's machine and encrypt its contents - malicious .chm attachments.

Chm is an extension for the Compiled HTML file format, a type of file used to deliver user manuals along with software applications. HTML files are compressed and delivered as a binary file with the .chm extension. This format is made of compressed HTML documents, images and JavaScript files, along with a hyperlinked table of contents, an index and full text searching. [Screenshot]

Continued : http://www.hotforsecurity.com/blog/cryptowall-makes-a-comeback-via-malicious-help-files-chm-11540.html

- Collapse -
Beware of fake invites for WhatsApp's Free Voice Calling
Mar 10, 2015 6:44AM PDT
.. feature!

Fake WhatsApp invites are actively luring users to sites where they are urged to fill out surveys and download unknown applications, warns The Hacker News' Mohit Kumar.

WhatsApp quietly began to roll out the long awaited Free Voice Calling feature to some Android users in January, and it can be turned on only if you are directly invited to do so by another user. The feature is activated when a user answers a WhatsApp voice call from a friend.

Unfortunately, not many people known that, and scammers and malware peddlers are taking advantage of this situation by sending out fake invites via email, social media and WhatsApp messages from compromised accounts.

Continued : http://www.net-security.org/malware_news.php?id=2985
- Collapse -
(NT) glad all mine are AMD
Mar 10, 2015 2:19PM PDT