Android Rooting Easier for Malware with DRAMMER attack

Last year security researchers had gotten access to Linux operating systems by using a design flaw in the memory storage to get higher kernel privileges on the system. Now for the first time with dynamic random access memory exploit called Rowhammer, which was already known about but not implemented on a mobile device, hackers will be able to gain “root” access to many android phones.

VUSec Lab at Vrije Universiteit Amsterdam was able to gain access for the first time using the Rowhammer exploit. The exploit works by “executing a malicious application that repeatedly accesses the same “row” of transistors on a memory chip in a tiny fraction of a second in a process called Hammering.” This can disturb a neighboring row causing energy to leak into more rows which causes a bit to flip. Bit flipping allows anyone to change the contents of memory in an operating system.

Drammer has no quick fix so it could become a very big problem for android phone users. They were able to gain access to many phones but none of the newer phones they only got up to the s5 for Samsung’s Galaxy model. The way they were able to access the phones was using something called ION in the android phones DRAM memory. Once the malicious app is downloaded within minutes it will have root access to your phone.

source: http://thehackernews.com/2016/10/root-android-phone-exploit.html

-Gavin Millikan

DDoS Attacks for Profit

vDOS  a “booter” service that has earned in excess of $600,000 over the past two years helping customers coordinate more than 150,000 so-called distributed denial-of-service (DDoS) attacks designed to knock Web sites offline — has been massively hacked, spilling secrets about tens of thousands of paying customers and their targets.

Read the rest of the article here http://krebsonsecurity.com/2016/09/israeli-online-attack-service-vdos-earned-600000-in-two-years/

 

Sophisticated spyware discovered after 5 years

          An advanced spyware has recently been discovered by researchers at Symantec and Kaspersky Lab. This spyware, called Remsec, has been active as far back as October 2011. Remsec is highly sophisticated and uses stealth techniques and encryption to avoid detection, something that it clearly does very well. Once deployed, Remsec opens a backdoor into the infected system, monitors network traffic, logs keystrokes, and has the ability to steal files. It also allows for custom modules to be deployed into the infected system.

Researchers have suggested that Remsec might be the work of a nation state due to its sophistication and have found IP addresses within the U.S. that may have a connection to it. The targets that have been discovered so far are in countries such as China, Russia, and Iran among others. According to researchers at Symantec, none of the currently known infections appear to be normal targets for APTs like this one, which brings up a lot of questions about who might be behind this, and what their goal is.

http://www.technewsworld.com/story/83811.html

http://www.computerweekly.com/news/450302128/Strider-cyber-attack-group-deploying-malware-for-espionage

-Michael Belle

Smart Watch Security Threats

As with any piece of new technology, the introduction of smart watches come with new threats to security. A recent study was conducted on these watches and to no ones surprise, many vulnerabilities were found. A few of the vulnerabilities listed include, a lack of transport encryption, lack of user authentication, privacy problems, and firmware problems. It was also found that communications were easy to interfere with and intercept. This means that as of right now, if sensitive data is being transmitted over the watches, anyone could get a hold of it.

Experts recommend to protect sensitive information with strong passwords and to make sure you are controlling your communications to avoid middle man attacks. Another suggestion they make is to manage your transport layer security settings and make sure they are in good shape for protecting you. The biggest concern however seems to be the vulnerabilities of the apps rather than the watch itself. Previously there have been attacks on apps for the iPhone and such so the experts say it wouldn’t be surprising to see attacks on the smart watch apps.

The bottom line is to approach these new smart watch products with care and to focus more on the security of the apps than the watch itself. Additionally, as time goes on, more apps for increased security will be released. Apple has already released several since the release of their Apple Watch.

-Thomas Coburn

200,000 Comcast Customers Hacked

comcast-voip_logo_2798

 

 

Comcast recently announced that 200,000 customers will have to change their passwords. They found out that 590,000 Comcast accounts are being sold online for $1000, but they say that only 200,000 accounts are active. Comcast denies they were hacked and said that their users probably downloaded viruses or they were phished and there accounts were obtained that way.

“We’re taking this seriously and we’re working to get this fixed for those customers who may have been impacted, but the vast majority of information out there was invalid,” a company spokesperson said, according to the Washington Post.

The chief technology officer for Intel Security says that data breaches have been so common lately that it’s not surprising to so much customer information for sale. They regularly monitor the dark web and see information like this for sale all the time.

Sam Chelini

article: http://time.com/4105920/comcast-customer-information/