Carte des cybermenaces en temps réel. DNS cache poisoning, the Internet attack from 2008, is back from the dead. In 2008, researcher Dan Kaminsky revealed one of the more severe Internet security threats ever: a weakness in the domain name system that made it possible for attackers to send users en masse to imposter sites instead of the real ones belonging to Google, Bank of America, or anyone else.
With industrywide coordination, thousands of DNS providers around the world installed a fix that averted this doomsday scenario. Now, Kaminsky’s DNS cache poisoning attack is back. Researchers on Wednesday presented a new technique that can once again cause DNS resolvers to return maliciously spoofed IP addresses instead of the site that rightfully corresponds to a domain name. “This is a pretty big advancement that is similar to Kaminsky’s attack for some resolvers, depending on how [they’re] actually run,” said Nick Sullivan, head of research at Cloudflare, a content-delivery network that operates the 1.1.1.1 DNS service.
DNS primer DNS cache poisoning: A recap Cache poisoning redux “How do we know?” Ubuntu fixes bugs that standard users could use to become root. Ubuntu developers have fixed a series of vulnerabilities that made it easy for standard users to gain coveted root privileges.
“This blog post is about an astonishingly straightforward way to escalate privileges on Ubuntu,” Kevin Backhouse, a researcher at GitHub, wrote in a post published on Tuesday. “With a few simple commands in the terminal, and a few mouse clicks, a standard user can create an administrator account for themselves.” The first series of commands triggered a denial-of-service bug in a daemon called accountsservice, which as its name suggests is used to manage user accounts on the computer.
To do this, Backhouse created a Symlink that linked a file named .pam_environment to /dev/zero, changed the regional language setting, and sent accountsservice a SIGSTOP. With the help of a few extra commands, Backhouse was able to set a timer that gave him just enough time to log out of the account before accountsservice crashed. iPhone zero-click Wi-Fi exploit is one of the most breathtaking hacks ever.
Earlier this year, Apple patched one of the most breathtaking iPhone vulnerabilities ever: a memory corruption bug in the iOS kernel that gave attackers remote access to the entire device—over Wi-Fi, with no user interaction required at all.
Oh, and exploits were wormable—meaning radio-proximity exploits could spread from one nearby device to another, once again, with no user interaction needed. This Wi-Fi packet of death exploit was devised by Ian Beer, a researcher at Project Zero, Google’s vulnerability research arm. In a 30,000-word post published on Tuesday afternoon, Beer described the vulnerability and the proof-of-concept exploit he spent six months developing single-handedly. Almost immediately, fellow security researchers took notice. “This is a fantastic piece of work,” Chris Evans, a semi-retired security researcher and executive and the founder of Project Zero, said in an interview.
“Imagine the sense of power an attacker with such a capability must feel,” Beer wrote. TrickBot inquiète car il peut altérer le firmware de votre BIOS. Les chercheurs en sécurité sont inquiets car une nouvelle fonctionnalité du malware TrickBot pourrait altérer le firmware du BIOS de votre machine.
Autrement dit, même après une réinstallation du système d'exploitation, le logiciel malveillant serait toujours présent sur votre machine. TrickBot n'est pas nouveau, il est notamment impliqué dans la chaîne de diffusion du ransomware Ryuk. Ce qui est nouveau, c'est un module qu'il intègre et qui a été découvert pour la première fois fin octobre. Cette information est remontée par les sociétés Advanced Intelligence et Eclypsium dans un rapport publié jeudi dernier, où l'on apprend que TrickBot a la capacité d'être persistant. L’ANSSI publie un rapport au sujet du Ransomware Ryuk. Le nouveau rapport publié par l'ANSSI s'intéresse au ranswomare Ryuk.
Son nom ne vous dit peut-être rien, mais il faut savoir qu'il est impliqué dans l'attaque qui a visé la société Sopra Steria en France, très récemment. Ce ransomware n'est pas nouveau, il n'est pas non plus une copie de ses concurrents. Il se démarque réellement, et c'est pour cela qu'il s'avère particulièrement redoutable (et rentable). En effet, il circule depuis 2018 et d'après le FBI, il était d'ailleurs le ransomware le plus rentable de l'année 2018 avec 61 millions de dollars de rançons récoltés sur une période d'un an et demi.