RFC 7252, also known as the Constrained Application Protocol (CoAP), is about to become one of the most abused protocols in terms of DDoS attacks. If readers don’t recognize the name of this protocol that’s because it’s new –being formally approved only recently, in 2014, and largely unused until this year.
CoAP was designed as a lightweight machine-to-machine (M2M) protocol that can run on smart devices where memory and computing resources are scarce. CoAP is inherently susceptible to IP address spoofing and packet amplification, the two major factors that enable the amplification of a DDoS attack.
Read more about CoAP and how it may be abused in DDoS attacks on ZDNet.
Researchers have discovered a new variation of the Spectre CPU vulnerability that can be exploited via browser-based code. This new CPU vulnerability is, too, a design flaw in the microarchitecture of modern processors that can be exploited by attacking the process of “speculative execution,” an optimization technique used to improve CPU performance.
The vulnerability, which researchers codenamed SplitSpectre, is a variation of the original Spectre v1 vulnerability discovered last year. The difference in SplitSpectre is not in what parts of a CPU’s microarchitecture the flaw targets, but how the attack is carried out.
Read more about the SplitSpectre CPU attack on ZDNet.
Over the course of last week, some printers have been printing out a strange message asking people to subscribe to PewDiePie’s YouTube channel. The message appears to be the result of a simple exploit that allows printers to receive data over the internet, including print commands. A person with the online handle TheHackerGiraffe has claimed responsibility for the attack.
People around the world have been hit by the exploit. TheHackerGiraffe told Engadget that he sent the message to 50,000 printers. He found the targets on Shodan.io, which is basically a search engine for unsecured, internet-connected devices. TheHackerGiraffe said there are about 800,000 printers total that appear exploitable.
Read more about the somewhat silly prank, which highlights a much larger problem concerning printer security, on Engadget.
More than a year after patches were released to thwart powerful NSA exploits that leaked online, hundreds of thousands of computers are unpatched and vulnerable. First they were used to spread ransomware. Then it was cryptocurrency mining attacks. Now, researchers say that hackers are using the leaked tools to create an even bigger malicious proxy network.
New findings from security giant Akamai say that the previously reported UPnProxy vulnerability, which abuses the common Universal Plug and Play network protocol, can now target unpatched computers behind the router’s firewall.
Read more about the findings of the Akamai research on TechCrunch.
Researchers have discovered a vulnerability in Nuuo surveillance cameras which can be exploited to hijack these devices and tamper with footage and live feeds. Cybersecurity firm Digital Defense said that its Vulnerability Research Team (VRT) had uncovered a zero-day vulnerability in Nuuo NVRmini 2 Network Video Recorder firmware, software used by hundreds of thousands of surveillance cameras worldwide.
The vulnerability is an unauthenticated remote buffer overflow security flaw which can be exploited by attackers execute arbitrary code on the system with root privileges. Not only could threat actors harness the bug to access and modify camera feeds & recordings, but also to change the configuration and settings of cameras.
Read more about this zero-day vulnerability on ZDNet.
Researchers with software risk measurement and management company Checkmarx were able to create two mobile applications that abuse the functionality of smart bulbs for data exfiltration.
For their experiment, the researchers used the Magic Blue smart bulbs, which work with both Android and iOS, and which rely on Bluetooth 4.0 for communication. The devices are made by a Chinese company called Zengge, which claims to be a supplier for brands such as Philips and Osram.
Read more about how researchers were able to exfiltrate data from smart bulbs on SecurityWeek.
A critical vulnerability in an Ethereum token made it possible for malicious actors to force cryptocurrency exchange desks to spend extremely high fees on transactions. Even worse, the attackers could abuse the bug for profit.
The flaw, discovered by a group of cryptocurrency researchers, resides in Ethereum-based cryptocurrency GasToken. It remains unclear precisely how many exchanges are potentially vulnerable to it, but the researchers have contacted a bulk of possibly affected platforms.
Read more about the critical vulnerability in GasToken on The Next Web.
Academics from the Vrije University in Amsterdam, Holland, have published a research paper describing a new variation of the Rowhammer attack. Rowhammer is the name of a class of exploits that takes advantage of a hardware design flaw in modern memory cards.
A memory card stores temporary data inside storage units named cells, which are arranged on the physical chip in multiple rows, forming a grid. In 2014, researchers discovered that by reading data stored on one row repeatedly, they could create an electrical field that would alter data stored on nearby memory rows, causing either data corruption, or manipulating data in malicious ways. In new research, named ECCploit, academics expanded the previous Rowhammer techniques with a new variation.
Read more about the new version of the rowhammer attack on ZDNet.
U.S. Postal Service just fixed a security weakness that allowed anyone who has an account at usps.com to view account details for some 60 million other users, and in some cases to modify account details on their behalf.
KrebsOnSecurity was contacted last week by a researcher who discovered the problem, but who asked to remain anonymous. The researcher said he informed the USPS about his finding more than a year ago yet never received a response. After confirming his findings, this author contacted the USPS, which promptly addressed the issue.