Security researchers have discovered thousands of backdoored plugins and themes for the popular content management systems (CMS) that could be used by attackers to compromise web servers on a large scale. The Netherlands based security firm Fox IT has published a whitepaper revealing a new Backdoor named “CryptoPHP”. Security researchers have uncovered malicious plugins and […]
Continue ReadingA trio of scientists have verified that results they first presented nearly 10 years ago are in fact valid, proving that they can extract a 4096-bit RSA key from a laptop using an acoustic side-channel attack that enables them to record the noise coming from the laptop during decryption, using a smartphone placed nearby. The […]
Continue ReadingIn the most recent Hacker Intelligence Initiative Report – “PHP SuperGlobals: Supersized Trouble“, Imperva analyses vulnerabilities found in the SuperGlobal parameters of the PHP platform, and finds that a multi-step attack requires a multi-layered application security solution. In addition to local and global scope variables, PHP has several predefined variables that are called SuperGlobals. These […]
Continue ReadingRSA’s SecurID 800 is one of at least five commercially available security devices susceptible to a new attack that extracts cryptographic keys used to log in to sensitive corporate and government networks. Scientists have devised an attack that takes only minutes to steal the sensitive cryptographic keys stored on a raft of hardened security devices […]
Continue ReadingSecurity expert Thomas Cannon working at viaForensics as the Director of R&D has demonstrated a custom-developed app that installs a backdoor in Android smartphones – without requiring any permissions or exploiting any security holes. Thomas built an app which requires no permissions and yet is able to give an attacker a remote shell and allow […]
Continue ReadingAn emerging malware threat identified as the Duqu trojan has received a great deal of attention because it is similar to the infamous Stuxnet worm of 2010. What is Duqu? The Duqu trojan is composed of several malicious files that work together for a malicious purpose. The first component is a Windows kernel driver that […]
Continue Reading