Entries with tag security research.

New security research from Microsoft shows that Java attacks have increased sharply since the third quarter of 2011 making Java by far the biggest malware target. “The recently released Microsoft Security Intelligence Report said this is the case because Java is widely used across multiple platforms and has many possible vulnerabilities. The study said that attackers are focused on older, patched vulnerabilities in Java in order to take advantage of those systems that have not applied the fixes and are also trying to take advantage of vulnerabilities across multiple Java versions. The report (www.microsoft.com/security/sir/default.aspx) studied attacks between July 2012 and December 2012. (SlashDot)(ThreatPost)(Microsoft Security Intelligence Report)
 

A security researcher claims he could successfully hack aircraft flight-management systems. Hugo Teso, a security researcher for German IT consultancy n.runs, said he sent radio signals with false navigation information to a simulated aircraft that could exploit vulnerabilities in commercial flight-management software and cause the system to change, for example, aircraft direction or the pilot’s displays. He constructed a simulated aircraft from aviation equipment acquired via eBay. Teso used it to test an attack toolkit that subverts the flight management system by using the Aircraft Communications Addressing and Report System protocol, which provides planes with weather and airline-schedule data. He said both the European Aviation and Safety Agency and the US Federal Aviation Administration have contacted him about the work. EASA issued a statement in which it states that the research “did not reveal potential vulnerabilities on actual flying systems” and that there are substantial differences between flight-management systems software for training purposes and the systems actually used in flight. Teso said hackers would have trouble taking advantage of the vulnerabilities he discovered, which also would require expertise in aviation. He presented his findings at the recent Hack in the Box conference in Amsterdam. (BBC)(Forbes)

Malware researchers have released tools to detect the newly discovered Gauss banking malware. Kaspersky Lab and CrySyS (Laboratory of Cryptography and System Security) Lab devised Web-based tools that let anyone determine if they’ve been infected by Gauss, which retrieves secure information, including banking data. Detection relies on the presence of a font called Paladi Narrow found in the malware. Its significance is not yet known.  Kaspersky reported it has found about 2,500 occurrences of Gauss—which it estimates has been live since the fall of 2011—primarily in Lebanon. (The Washington Post)(Kaspersky Lab)

A French security researcher has created proof-of-concept malware that can be implanted in BIOS and create a permanent Internet-accessible backdoor into computer systems. Jonathan Brossard, security vendor Toucan System’s CEO, said users can’t uninstall or otherwise eliminate Rakshasa because hackers place it on a BIOS chip as firmware. The computer installs Rakshasa every time it boots. Brossard reportedly tested the malware against 43 different antivirus programs and none detected its firmware alteration. Rakshasa can also reportedly infect devices, including network cards or CD-ROMs. Brossard said someone in a country in which PCs are made could implant BIOS-based malware in a computer before it ships, raising the concern that countries, organizations, or individuals could use such a technique for espionage. Brossard told Forbes magazine, “Because computers go through so many hands before they’re delivered to you, there’s a serious concern that anyone could backdoor the computer without your knowledge.” Users could combat Rakshasa by reflashing a potentially infected computer’s motherboard and peripherals simultaneously, according to Brossard, who presented his work at the recent Black Hat and DefCon conferences. (PhysOrg)(Forbes)(“Hardware Backdooring is Practical,” Jonathan Broussard)