Tag Archives: Dirty COW

Security Never Sleeps- High Sierra Zero-Day Issues, Dirty Cow

Nasty Password-Pilfering Hack Ruins Apple macOS High Sierra Launch

“Patches expected to be issued as soon as possible”

Apple released a new macOS operating system today, dubbed High Sierra. But already a serious weakness has been found lurking within, a security researcher has claimed, allowing a hacker to steal passwords from Apple Macs running the new OS.

Patrick Wardle, ex-NSA analyst and now head of research at security firm Synack, found the problem Monday, warning that it could allow anyone able to run malicious code on a Mac to pilfer passwords from the keychain. With his “keychainStealer” app, the researcher’s hack forced the keychain to disclose Facebook, Twitter and Bank of America passwords.

Dirty Cow vulnerability discovered in Android malware campaign for the first time

“First malware sample to contain an exploit for the flaw”

For the first time, threat actors have added the Dirty Cow Android exploit to malware designed to compromise devices running on the mobile platform. On Monday, researchers from Trend Micro said the vulnerability, traced as CVE-2016-5195, has been discovered in a malware sample of ZNIU, detected as AndroidOS_ZNIU.

Mobile stock trading apps ignore critical flaw warnings

“Billions of dollars processed per year through apps”

IOActive has discovered severe security issues with today’s most popular stock trading applications, but it appears that the developers behind the apps are not interested. On Tuesday, the security firm released the results of research into 21 popular mobile stock trading applications available on iOS and Android, which have millions of users worldwide and process billions of dollars in transactions per year.

Exploiting these vulnerabilities can not only lead to the leak of user data, but can allow threat actors to trade a user’s stocks, steal their funds, and spy on their net worth and investment strategies, which could then be used to conduct additional fraudulent trading.

Enjoy your read? Check out our other content here.

10Fold- Security Never Sleeps- 124

Personal email is becoming less personal as hackers, government eye access

“Stakes are higher than ever for data security”

Privacy expert Claire Gartland has been warning of increased risks towards user data of electronic messaging services, most recently with her appearance on CNBC’s ‘On The Money.’ Under the context of the recent United States Presidential Election season, Gartland emphasized the exponential increase in the hacking of public figure hacks and leaks of sensitive information.

Millions exposed to malvertising that hid attack code in banner pixels

“Millions exposed to potential danger”

Malicious ads attacking embed codes in banner pixels have left many mainstream website users at risk of fraud and security concerns. The script remains concealed in the alpha channel that defines the transparency of the pixels. This makes it very difficult for even experienced ad networks to detect. After the malware assesses that adequate security measures are not in use that can detect its presence, the script can redirect the browser to sites that host exploitation in the users security.

Security News This Week: A Botnet Takes Down Nearly a Million German Routers

“New variant detected”

The same botnet malware that temporarily took down several popular websites just a few weeks ago, dubbed Mirai, has returned this week with devastating results. Over 900,000 routers from customers of German ISP Deutsche Telekom were affected and cut off from access to the web. This fuels growing concerns over a new reality of cyber-attacks that may not be preventable.

Latest Android security update fixes Dirty COW, GPS vulnerabilities

“Provides attack mitigation”

Per the monthly updates Android releases, serious security concerns have been addressed for customers. The most recent of these is a privilege escalation vulnerabilities that has been exploitable for over nine years (The Dirty COW, or copy-on-write), since the creation of Linux.