A website in Russia has been caught exploiting a serious zero-day vulnerability in Mozilla’s Firefox browser, prompting the open-source developer to deliver an emergency update that fixes the flaw.The bug in a built-in PDF reader allowed attackers to steal sensitive files stored on the hard drives of computers that used the vulnerable Firefox version. The attack was used against both Windows and Linux users, Mozilla researcher Daniel Veditz wrote in a blog post published Thursday. The exploit code targeting Linux users uploaded cryptographically protected system passwords, bash command histories, secure shell (SSH) configurations and keys. The attacker downloaded several other files, including histories for MySQL and PgSQL and configurations for remina, Filezilla, and Psi+, text files that contained the strings “pass” and “access” in the names. Any shell scripts were also grabbed.
Garage doors may be vulnerable to being opened remotely by hackers using little more than a childrens’ toy, a security researcher has proven this week.The repurposed tool has been branded OpenSesame by its creator Samy Kamkar, who built it out of a discontinued Mattel toy called IN-ME, adding an antennae and an open-source hardware add-on. Although no longer available, Softpedia notes that the toy is a pocket computer that allows kids to chat to eachother, and can still be found on eBay for as little as $12.The proof-of-concept attack affects basic, fixed code garage door security, for which the most advanced would leave 4,096 possible combinations. Kamkar claims that it would take around 29 minutes to breach the lock by brute-force if the details of the system were known to the hacker.
Read on, source: OpenSesame: Hacked kids’ toy could open garage doors
Around 19% of IT security leaders said that budgets will significantly increase over the next two years, with an additional 31% saying budgets will increase, according to a new report by Dell SecureWorks.The study by Dell surveyed 1,825 IT security leaders and their staff, based in 42 countries including North America, Europe, Africa, Asia and the Middle East. The aim of the report was to identify the key influencers on decisions which affect security budgets and technology purchases.Of the remaining survey respondents, nearly all said that budgets will remain flat (46%), while a few (4%) said their organizations could actually decrease security spending. This is largely the same growth picture as the last two years, with the same group of experts witnessing the same increase (31%) and a similar significant increase (15%) during the period.
Read on, source: IT security budgets will continue to rise, finds Dell report
Distributed Denial of Service (DDoS) attacks are on the rise, according to cloud service provider Akamai, with more than double the number reported from this time a year ago.Not only that, but the methods are changing to ensure DDoS attacks are longer-lasting, and inflict more damage, reports ZDNet. While last year DDoS attacks were characterized by high bandwidth but short duration, so far in 2015 attacks have used less bandwidth, but been of a far longer duration. An Akamai spokesperson told SC Magazine, “An HTTP flood will not consume a lot of bandwidth, but it will generate a lot of HTTP requests.” This still overwhelms the site, but makes it harder to see a malicious attack coming.
Read on, source: DDoS attacks have doubled in a year, says Akamai