This Code Injection Technique can Potentially Attack All Versions of Windows


atombombing-attack

Guess what? If you own a Windows PC, which is fully-patched, attackers can still hack your computer.Isn’t that scary? Well, definitely for most of you.

Security researchers have discovered a new technique that could allow attackers to inject malicious code on every version of Microsoft’s Windows operating system, even Windows 10, in a manner that no existing anti-malware tools can detect, threaten millions of PCs worldwide.

Dubbed «AtomBombing,» the technique does not exploit any vulnerability but abuses a designing weakness in Windows.

New Code Injection Attack helps Malware Bypass Security Measures

AtomBombing attack abuses the system-level Atom Tables, a feature of Windows that allows applications to store information on strings, objects, and other types of data to access on a regular basis.

And since Atom are shared tables, all sorts of applications can access or modify data inside those tables. You can read a more detailed explanation of Atom Tables on Microsoft’s blog.Read more…

Celebgate” Hacker Gets 18 Months in Prison for Hacking Celebrity Nude Photos


celebrity-hacked-photos

The hacker who stole nude photographs of female celebrities two years ago in a massive data breach — famous as «The Fappening» or «Celebgate» scandal — has finally been sentenced to 18 months in federal prison, authorities said on Thursday.36-year-old Lancaster, Pennsylvania man Ryan Collins was arrested in March and charged with hacking into «at least 50 iCloud accounts and 72 Gmail accounts,» most of which owned by Hollywood stars, including Jennifer Lawrence, Kim Kardashian, and Kate Upton.

Now, a judge in Harrisburg, Pennsylvania, on Wednesday sentenced Collins to 18 months in federal prison after violating the Computer Fraud and Abuse Act.

Here’s How Collins Stole Celebrities” Nude Photos

Federal prosecutors said Collins ran phishing scheme between November 2012 and September 2014 and hijacked more than 100 people using fake emails disguised as official notifications from Google and Apple, asking victims for their account credentials.Read more…

You Can Hijack Nearly Any Drone Mid-flight Using This Tiny Gadget


hack-drone

Now you can hijack nearly any drone mid-flight just by using a tiny gadget.Security researcher Jonathan Andersson has devised a small hardware, dubbed Icarus, that can hijack a variety of popular drones mid-flight, allowing attackers to lock the owner out and give them complete control over the device.

Andersson, who is the manager of Trend Micro’s TippingPoint DVLab division, demonstrated this new hack at this year’s PacSec security conference in Tokyo, Japan on Wednesday.

Besides Drones, the new gadget has the capability of fully hijacking a wide variety of radio-controlled devices, including helicopters, cars, boats and other remote control gears that run over the most popular wireless transmission control protocol called DSMx.DSMx is a protocol used to facilitate communication between radio controllers and devices, including drones, helicopters, and cars.Read more…

BlockChain.info Domain Hijacked; Site Goes Down; 8 Million Bitcoin Wallets Inaccessible


blockchain-website

UPDATE: The site is back and working. Blockchain team released a statement via Twitter, which has been added at the end of this article.If you are fascinated with the idea of digital currency, then you might have heard about BlockChain.Info.

It’s Down!

Yes, Blockchain.info, the world’s most popular Bitcoin wallet and Block Explorer service, has been down from last few hours, and it’s believed that a possible cyber attack has disrupted the site.

The site is down at the time of writing, and the web server reports a bad gateway error, with a message on the website that reads:

«Looks like our site is down. We’re working on it and should be back up soon.»

Read more…

12-Year-Old SSH Bug Exposes More than 2 Million IoT Devices


sshowdown-proxy-iot

Are your internet-connected devices spying on you? Perhaps.We already know that the Internet of Thing (IoT) devices are so badly insecure that hackers are adding them to their botnet network for launching Distributed Denial of Service (DDoS) attacks against target services.

But, these connected devices are not just limited to conduct DDoS attacks; they have far more potential to harm you.

New research [PDF] published by the content delivery network provider Akamai Technologies shows how unknown threat actors are using a 12-year-old vulnerability in OpenSSH to secretly gain control of millions of connected devices.

The hackers then turn, what researchers call, these «Internet of Unpatchable Things» into proxies for malicious traffic to attack internet-based targets and “internet-facing” services, along with the internal networks that host them.

Read more…


Το Parrot Security OS (ή ParrotSec) είναι μια διανομή GNU/Linux που βασίζεται στο Debian. Αναπτύχθηκε για δοκιμές διείσδυσης (ασφάλεια υπολογιστών), Αξιολόγηση τρωτότητας και μετριασμού, Computer Forensics και Anonymous Surfing. Δημιουργήθηκε από την Ιταλική Ομάδα Frozenbox.Parrot Security 3.2 Parrot Security

Το ParrotSec ή Parrot Security OS προσφέρει πολλά εργαλεία για ανάλυση περιεχόμενου στο web και συστημάτων ηλεκτρονικών υπολογιστών. Είναι ένα εργαστήριο για Forensics ψηφιακή χρήση, με νομικώς αναγνωρισμένα εργαλεία που συνεργάζονται με κρυπτογραφία, προσφέροντας πάρα πολλές δυνατότητες. Επιπλέον, σας επιτρέπει να σερφάρετε και να εργαστείτε ανώνυμα.

Read more…

Acecard το Trojan που ζητά selfie με την ταυτότητά σας


Οι ανεκπαίδευτοι και μάλλον οι αφελείς χρήστες του Android φαίνεται να είναι ο στόχος ενός Android τραπεζικού trojan (Acecard) που ζητά την αποστολή ενός selfie από τα θύματά του κρατώντας την αστυνομική τους ταυτότητα.

Το όνομα του trojan είναι Acecard και θεωρείται ένα από τα πιο επικίνδυνα και παρεμβατικά τραπεζικά Android trojans που είναι γνωστά σήμερα, σύμφωνα με μια ανάλυση της Kaspersky από τον περασμένο Φεβρουάριο.

Σε μια προηγούμενη έκδοσή του το trojan Acecard υπήρχε κρυμμένο μέσα σε ένα παιχνίδι Black Jack που διανέμονταν μέσω του επίσημου Google Play Store. Η πιο πρόσφατη έκδοση του κακόβουλου λογισμικού σύμφωνα με τους ερευνητές ασφαλείας της McAfee μπορεί να κρυφτεί μέσα σε όλα τα είδη των εφαρμογών που χρησιμοποιούν το Adobe Flash Player, σε πορνογραφικό υλικό ή σε κωδικοποιητές βίντεο.Read more…