Security Alerts & News
by Tymoteusz A. Góral

History
#629 DRAM bitflipping exploits that hijack computers just got easier
New research into the "Rowhammer" bug that resides in certain types of DDR memory chips raises a troubling new prospect: attacks that use Web applications or booby-trapped videos and documents to trigger so-called bitflipping exploits that allow hackers to take control of vulnerable computers.

The scenario is based on a finding that the Rowhammer vulnerability can be triggered by what's known as non-temporal code instructions. That opens vulnerable machines to several types of exploits that haven't been discussed in previous research papers. For instance, malicious Web applications could use non-temporal code to cause code to break out of browser security sandboxes and access sensitive parts of an operating system. Another example: attackers could take advantage of media players, file readers, file compression utilities, or other apps already installed on Rowhammer-susceptible machines and cause the apps to trigger the attacks.
Read more
#632 Can Switzerland become a safe haven for the world's data?
#631 Oracle fixes 136 vulnerabilities with April critical patch update
#630 Latest TeslaCrypt targets new file extensions, invests heavily in evasion
#629 DRAM bitflipping exploits that hijack computers just got easier
#628 RansomWhere?: Generic ransomware detection comes to Apple OS X
#627 MULTIGRAIN – POS attackers make an unhealthy addition to the pantry
#626 New crypto-ransomware JIGSAW plays nasty games
#625 CryptXXX: new ransomware from the actors behind reveton, dropping via Angler
#624 Python-based PWOBot targets European organizations
#623 Netflix: VPN blockade backlash doesn’t hurt us
#622 FBI tells congress it needs hackers to keep up with tech company encryption
#621 Security firm SurfWatch Labs discovers secret plan to hack numerous websites and forums
#620 Google is partially dangerous - according to Google
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12