Top 10 Stories

A critical flaw in recent versions of the open source file sharing component Samba could allow attacks.   According to Arstechnica, the flaw could put users on the receiving end of attacks that allow hackers on the same local network to run programs with nearly unfettered administrative privileges. The newly discovered bug can be exploited by sending specially manipulated traffic to a vulnerable system.   The remote code execution vulnerability resides in Samba's nmbd NetBIOS name...

Two more talks have been pulled from this week's Black Hat conference in Las Vegas. According to Reuters, these were on breaking into home-alarm systems, while the other was on a sophisticated Russian espionage campaign known as "Snake." The withdrawals follow the cancellation late last month of a highly anticipated talk on how to identify users of the online privacy service Tor.      Black Hat said Logan Lamb, an employee with Oakridge National Laboratory,...

After making national headlines around the world last year, “car hackers” Chris Valasek and Charlie Miller will name the most hackable cars at this year's Black Hat conference.   According to an interview the researchers had with Dark Reading, the most hackable vehicles include the 2014 Jeep Cherokee, the 2015 Cadillac Escalade and the 2014 Toyota Prius, while the most secure cars include the Dodge Viper, the Audi A8, and the Honda Accord.   The cars...

A newly-detected remote administration Trojan (RAT) receives command and control instructions through Yahoo Mail.   According to Threatpost, the RAT could be easily modified to communicate with its authors through other popular webmail providers and it has the ability to elude the notice of intrusion detection systems by operating over these domains.   Known as IcoScript, this has gone largely undetected since 2012 and this is partly because access to webmail services is rarely blocked...

Built-in vulnerabilities in a large number of smartphones could allow Government spies and sophisticated hackers to install malicious code and take control of the device.   According to Wired, the attacks would require proximity to the phones, using a rogue base station or femtocell, and a high level of skill to pull off, but it took Mathew Solnik and Marc Blanchou, two research consultants with Accuvant Labs, just a few months to discover the vulnerabilities...

Cisco has shipped a patch for its Open Shortest Path First (OSPF) routing implementation, saying it offers exploits that include traffic blackholing or interception. In an advisory it  said that the vulnerability “could allow an unauthenticated attacker to take full control of the OSPF Autonomous System (AS) domain routing table, blackhole traffic, and intercept traffic”. According to The Register, crafted OSPF packets can be sent to devices running the faulty code, and those packets would...

A separate legal system in Scotland is preventing cleared hacker Gary McKinnon from visiting his ill father. According to The Register, McKinnon's father, Charlie, is in hospital after suffering a stroke but lawyers for the London-based hacker have advised him against visiting his dad in hospital in Scotland because of the possibility he might be served extradition papers if he visits the country. UK Home Secretary Theresa May withdrew an extradition order against McKinnon, who...

Cyber criminals often launder money gained illegally by buying goods, shipping them abroad and selling them again. According to security blogger Brian Krebs, attackers are able to disguise their operations as legitimate businesses operating in the United States, and use stolen credit cards to pay for U.S. Postal Service and FedEx shipping labels — a.k.a. “black labels”. However major shipping providers appear to be getting better at blocking or intercepting packages sent with stolen credit cards, with more and more...

Instructions on how to build a honeypot from Raspberry Pi devices have been published. Saying it was chosen because of its low profile, minimal power consumption and price, University of Arizona student Nathan Yee said that these could provide corporates much needed intelligence on adversaries, reported The Register. The devices ran on the open source Modern Honey Network Threat encapsulating honeypots Dionaea, Kippo, Snort, and Conpot that sucked down a diverse set of threat intelligence...

Roughly one in ten Android apps are now fully or partially malware, according to 24.4 million sample files collected during the first six months of 2014.   Conducted by Cheetah Mobile and reported by Infosecurity, of the 24.4 million samples, 2.2 million turned out to be viruses, or roughly 9% of the total. In the first half of 2014, the number of samples that contained viruses also grew rapidly. Cheetah Mobile’s collection of 2.2 million...