Infosec Weekly Round-up October 22-28, 2012

Wi-Fi chips in phones, tablets, vulnerable to DoS attack

Security researchers at Core Security have identified a denial-of-service (DoS) vulnerability in the firmware for Wi-Fi chips installed in several smartphones, tablets, laptops, and even a car. The vulnerability is present in Broadcom BCM4325 and BCM4329 Wi-Fi chips, and has the potential to stop them from working, due to the firmware not validating what input is provided to it.

http://www.zdnet.com/wi-fi-chips-in-phones-tablets-vulnerable-to-dos-attack-7000006352/

Anonymous Hackers Say They Compromised 20 Million Accounts to Promote OpJubilee

Operation Jubilee is an Anonymous campaign whose main goal is to cancel all debt, eliminate poverty, redistribute land and stop wars. While the main protest is scheduled to take place in real life on November 5 in front of the Parliament building in London, the hacktivists have promoted the event mainly by hacking websites.

http://news.softpedia.com/news/Anonymous-Hackers-Say-They-Compromised-20-Million-Accounts-to-Promote-OpJubilee-302604.shtml

Symantec Examines New Malware Evasion Tactics

Symantec recently published a blog post detailing two new methods being deployed to avoid malware detection and analytics. According to research, criminals are taking a low-cost / low-tech approach and using sleep loops along with basic monitoring to avoid getting caught.

https://www.securityweek.com/symantec-examines-new-malware-evasion-tactics

Attackers Turn to Open DNS Resolvers to Amplify DDoS Attacks

Researchers associated with Host Exploit, a volunteer organization that tracks malicious activity among hosting providers, said in a new report that attackers have been making good use of the numerous poorly configured open DNS resolvers in recent months. These machines are plentiful, but it’s not just open resolvers in and of themselves that represent a problem. The issue arises when they are misconfigured, allowing attackers to take advantage of weaknesses in the open resolvers to use them as electronic megaphones for their attacks.

http://threatpost.com/en_us/blogs/attackers-turn-open-dns-resolvers-amplify-ddos-attacks-102412

Make the Scariest Pumpkin Ever

This classic project from MAKE alum Marc de Vinck is a great last minute project that will scare the candy out of any unsuspecting trick-or-treater. It’s a relatively simple build that can probably be pieced together with items you have laying in your junk pile or be picked up with a quick trip to RadioShack and the auto parts store.

http://blog.makezine.com/2012/10/26/make-the-scariest-pumpkin-ever/

That’s all for this week, if you have more information security news please to share them with our readers by sending emails or using the contact form.

Share