Cybersecurity researchers have taken the wraps off a previously undocumented and stealthy custom malware called SockDetour that targeted U.S.-based defense contractors with the goal of being used as a secondary implant on compromised Windows hosts. “SockDetour is a backdoor that is designed to remain stealthily on compromised Windows servers so that it can serve as […]
“Chaos” gives attackers, and follow-on attackers, full control over infected boxes. A stealthy backdoor undetected by antimalware providers is giving unknown attackers complete control over at least 100 Linux servers that appear to be used in business production environments, warn researchers. In a blog post published Wednesday, Montreal-based GoSecure claimed that a piece of malware dubbed “Chaos” […]
Lately I’ve been spending some time fuzzing network-related Linux kernel interfaces with syzkaller. Besides the recently discovered vulnerability in DCCP sockets, I also found another one, this time in packet sockets. This post describes how the bug was discovered and how we can exploit it to escalate privileges. The bug itself (CVE-2017-7308) is a signedness […]
The smart plug can act as a conduit not just for electricity — but for cyberattacks. Researchers have discovered critical security flaws in connected smart plugs which can give attackers access to a full home network — as well as your email account. Bitdefender researchers Dragos Gavrilut, Radu Basaraba and George Cabau said on Thursday that […]