Security of mobile phones and applications: five popular attack scenarios and methods of protection

Modern mobile devices are multifunctional and complex, which makes them vulnerable to cyberattacks. Attackers have a number of ways into your phone—from Wi-Fi and Bluetooth to the speaker and microphone. Positive Technologies analysts have published a research on the most common scenarios of attacks against mobile devices and applications. For more details, download the research, or read on to get a short overview. Attacks on … Continue reading Security of mobile phones and applications: five popular attack scenarios and methods of protection

Watch out for cyberthreats during the “work from home” boom

Are you getting settled in your new home office? COVID-19 has changed people’s working habits drastically, but hackers are trying to take advantage, so how can organizations be prepared and why do companies need to analyze their network traffic? Due to COVID-19, almost all of the world’s major IT companies have moved most employees to work from home. These include Amazon, Apple, Facebook, Google, Instagram, … Continue reading Watch out for cyberthreats during the “work from home” boom

CVE-2019-18683: Exploiting a Linux kernel vulnerability in the V4L2 subsystem

This article discloses exploitation of CVE-2019-18683, which refers to multiple five-year-old race conditions in the V4L2 subsystem of the Linux kernel. I found and fixed them at the end of 2019. I gave a talk at OffensiveCon 2020 about it (slides). Here I’m going to describe a PoC exploit for x86_64 that gains local privilege escalation from the kernel thread context (where the userspace is not … Continue reading CVE-2019-18683: Exploiting a Linux kernel vulnerability in the V4L2 subsystem

Protecting your accounts and passwords: five useful tips

Password security is not in great shape at the moment. According to research, up to 86 percent of all hacked passwords have already been compromised. Reuse of compromised passwords is the reason behind 75 percent of attacks on corporate infrastructure. All too often, users choose easy-to-type combinations (such as “1234567” or “qwerty”). This makes things easy for attackers. Here we will provide some tips on … Continue reading Protecting your accounts and passwords: five useful tips

What We Have Learned About Intel ME Security In Recent Years: 7 Facts About The Mysterious Subsystem

Image: Unsplash Intel ME has captured the attention of researchers during the last years. There is an air of mystery about the technology. Although it has access to virtually all the data on the computer, and hackers can get total control over the machine if they manage to compromise Intel ME, there are no official documents or guides regarding its use. That is why researchers … Continue reading What We Have Learned About Intel ME Security In Recent Years: 7 Facts About The Mysterious Subsystem

How STACKLEAK improves Linux kernel security

STACKLEAK is a Linux kernel security feature initially developed by Grsecurity/PaX. I\’m working on introducing STACKLEAK into the Linux kernel mainline. This article describes the inner workings of this security feature and why the vanilla kernel needs it. In short, STACKLEAK is needed because it mitigates several types of Linux kernel vulnerabilities, by:  Reducing the information that can be revealed to an attacker by kernel … Continue reading How STACKLEAK improves Linux kernel security

Low-level Hacking NCR ATM

Image credit: Sascha Kohlmann, CC BY-SA 2.0 Many of the systems that power the modern world are supposed to be beyond the reach of mere mortals. Developers naively assume that these systems will never give up their secrets to attackers and eagle-eyed researchers. ATMs are a perfect case in point. Thefts with malware of the likes of Cutlet Maker, as well as unpublicized incidents when … Continue reading Low-level Hacking NCR ATM

Intel patches new ME vulnerabilities

In early July, Intel issued security advisories SA-00112 and SA-00118 regarding fixes for vulnerabilities in Intel Management Engine. Both advisories describe vulnerabilities with which an attacker could execute arbitrary code on the Minute IA PCH microcontroller. The vulnerabilities are similar to ones previously discovered by Positive Technologies security experts last November (SA-00086). But that was not the end of the story, as Intel has now … Continue reading Intel patches new ME vulnerabilities

Is your Mobile API under silent attack?

How well protected are your mobile apps? Pretty Secure? What about the mobile API they rely on? This could be the weakest link in \’s AppSec armor. Data from Positive Technologies’ customers suggests as much as 15% of all traffic to the average mobile API comes from illegitimate sources. ​​​​​​​Data scraping that attacks your bottom line  ​​​​​​​The more you secure your mobile apps, the more … Continue reading Is your Mobile API under silent attack?