Robert Abel SC Media | Page 2 of 177

Robert Abel

Content Coordinator/Reporter

Most recent articles by Robert Abel

Xiaomi electric scooter vulnerability allows remote hacks

By

The Xiaomi M365, a popular electric scooter used by several ride-share companies such as BIRD as well as for personal ownership, is vulnerable to remote hacking due to improper password validation. The scooters are enabled with Bluetooth access which allows the user to interact with the scooters for multiple features including its  Anti-Theft System, Cruise-Control,…

Cisco Network Assurance Engine (NAE) contains password vulnerability

By

A default password vulnerability in Network Assurance Engine (NAE) could allow an unauthenticated, local attacker to gain unauthorized access or cause a Denial of Service (DoS) condition on the server. A flaw in NAE’s password management system can be exploited by authenticating with the default administrator password via the CLI of an affected server. Version…

PoC hides malware in Intel SGX enclave

By

Researchers developed a proof of concept attack which allows them to hide malware in Intel’s Software Guard eXtensions (SGX). Intel SGX is a feature found on all modern Intel CPUs that allows developers to isolate applications in secure “enclaves” and the attack allows researchers to hide undetectable malicious code from their security software  within these…

77 updates in Microsoft patch Tuesday

By

Microsoft released 77 updates, 20 of which were classified as critical, in this months patch Tuesday announcement. The updates included fixes for Microsoft Windows, Office, IE, Edge resolving a total of 74 unique CVEs this month including one actively exploited zero day flaw in Internet Explorer, according to its February Patch Tuesday release. The zero…

VFEmail hit with ‘Catastrophic’ attack that deleted primary and backup files

By

Milwaukee-based email provider VFEmail has suffered what it has described as a “catastrophic” attack which has resulted in the destruction of all data in the U.S. on both primary and backup systems. The attackers didn’t demand a ransom but simply went on an attack and destroy mission. Signs of the attack surfaced the morning of…

Layering EMV chip, tokenization, encryption bolsters card payment security

Chip and PIN protections may fall short as future threats materialize

By

The protections that chip and PIN payment card solutions offer may fall short as cybercriminals begin installing command-and-control malware on infected EMV device readers, a new report warns. Cybercriminals could begin repurposing ATM EMV malware to attack retail environments by infecting point-of-sale (POS) machines (possibly via malicious USB drives) and then introducing an altered EMV…

Adiantum boosts encryption for low-end Android devices

By

Google has developed a new storage encryption solution that will boost encryption capabilities for low-end Android devices that don’t have the hardware to support AES. Researchers said the new solution, called Adiantum, allows the use of the ChaCha stream cipher “in a length-preserving mode, by adapting ideas from AES-based proposals for length-preserving encryption such as HCTR and HCH,”…

Golang stealer malware gives debuggers a new look

By

A new cryptocurrency stealer written in Golang (Go) programming language has been detected as part of a new trend in cybercriminals writing malware in Go. Last year Sofacy created a new variant of Zebrocy malware that was written in Go to create a functionally similar Trojan to use in spear-phishing emails with a LNK shortcut…

Banking threat Emotet expands target list, evades two-factor auth

SS7 exploited to intercept 2FA bank confirmation codes to raid accounts

By

Cybercriminals are exploiting flaws in SS7, a protocol used by telecom companies to coordinate how they route texts and calls around the world, to empty bank accounts by intercepting messages sent for two-factor-authentication(2FA). The exploit can allow threat actors to track phones across the planet and intercept text messages and phone calls without hacking the…

Next post in Security News