NAME:WRECK, a potential IoT trainwreck

A set of vulnerabilities has been found in the way a number of popular TCP/IP stacks handle DNS requests. Potentially this could impact hundreds of millions of servers, smart devices, and industrial equipment. The researchers that discovered the vulnerabilities have named them NAME:WRECK. Plural vulnerabilities? Yes, the researchers found 9 DNS-related vulnerabilities that have the potential … [Read more...]

How bitcoin payments unmasked a man who hired a Dark Web contract killer

An Italian citizen’s apparent attempt to hire a hitman on the Dark Web has been undone by clever analysis of his Bitcoin transactions. The man, who is reported to be an IT worker employed by a major corporation, is alleged to have paid the hitman to assassinate his former girlfriend. What happened? According to a news article published by European policing entity Europol on April 7, … [Read more...]

Cryptomining containers caught coining cryptocurrency covertly

In traditional software development, programmers code an application in one computing environment before deploying it to a similar, but often slightly different environment. This leads to bugs or errors that only show up when the software is deployed—exactly when you need them least. To solve for this, modern developers often bundle their applications together with all of the configuration files, … [Read more...]

Zoom zero-day discovery makes calls safer, hackers $200,000 richer

Two Dutch white-hat security specialists entered the annual computer hacking contest Pwn2Own, managed to find a Remote Code Execution (RCE) flaw in Zoom and are $200,000 USD better off than they were before. Pwn2Own Pwn2Own is a high profile event organized by the Zero Day Initiative that challenges hackers to find serious new vulnerabilities in commonly used software and mobile devices. The … [Read more...]

Has Facebook leaked your phone number?

Unless you keep your social media at a pole’s distance, you have probably heard that an absolutely enormous dataset—containing over 500 million phone numbers—has been made public. These phone numbers have been in the hands of some cybercriminals since 2019 due to a vulnerability in Facebook that allowed personal data to be scraped from the social media platform, until it was patched it in … [Read more...]

Research claims Google Pixel phones share 20 times more data than iPhones

If you’re an Android phone user, now might be a good time to invest in a good pair of ear plugs. Fans of iPhones aren’t known for being shy when it comes to telling Android users that Apple products are superior, and things may be about to get worse, thanks to a new research paper (pdf).  Researchers of the School of Computer Science and Statistics at Trinity College Dublin, Ireland … [Read more...]

The npm netmask vulnerability explained so you can actually understand it

The popular npm netmask library recently encountered a serious problem, explained as follows: The npm netmask package incorrectly evaluates individual ipv4 octets that contain octal strings as left-stripped integers, leading to an inordinate attack surface on hundreds of thousands of projects that rely on netmask to filter or evaluate ipv4 block ranges, both inbound and outbound. Got that? … [Read more...]

5G slicing vulnerability could be used in DoS attacks

The IT security researchers at AdaptiveMobile have called out what looks like an important vulnerability in the architecture of 5G network slicing and virtualized network functions. They warn that the risks, if this fundamental vulnerability in the design of 5G standards had gone undiscovered, are significant. What is 5G? 5G is the 5th generation mobile network. It is the fifth new global … [Read more...]

When contractors attack: two years jail for vengeful IT admin

An IT contractor working for an IT consultancy company took it upon himself to perform an act of revenge against the firm he worked at, after they complained about his performance. The charge he faced was breaking into the network of a company in Carlsbad, California. And it got him two years in prison. What happened? Deepanshu Kher was helping a client to transition to a Microsoft Office … [Read more...]

How to enable Facebook’s hardware key authentication for iOS and Android

Since 2017 desktop users have had the opportunity to use physical security keys to log in to their Facebook accounts. Now iOS and Android users have the same option too. Physical security keys are a more secure option for two-factor authentication (2FA) than SMS (which is vulnerable to SIM swap attacks and phishing), and apps that generate codes or push notifications (which are also vulnerable to … [Read more...]