Displaying items by tag: immunity

Patching of vulnerabilities is the security industry's equivalent of thoughts and prayers, a prominent American security expert has said during a debate on the topic "Patching is useless" at a recent online conference named Hack At The Harbor.

The head of security firm Kaspersky's Global Research and Analysis Team, Costin Raiu, says in 2019 more than 70 security companies were given samples of malware that was created by the CIA.

Whenever one picks up a book with an eye to writing about it, one necessarily needs to know the subject matter therein. The recent book This Is How They Tell Me The World Ends — an ungrammatical title if anything — claims to be a book about the zero-day "industry" as per the author, Nicole Perlroth, a staff reporter for the New York Times, who covers cyber security. (I dislike that word "cyber" and will use infosec right through this piece.)

A version of the CANVAS exploit platform, that can be used to test the vulnerability of computer systems or to break into remote systems using exploits that come along with it, has been leaked on the VirusTotal database and can now be accessed by all paid subscribers of the service.

A French researcher claims to have found a working exploit for the Spectre vulnerability on Linux systems on the VirusTotal database, the first such exploit to come to light since the flaw was made public by Intel back in 2018.

UPDATED 11 February: Ex-NSA hacker and former owner of security company Immunity, Dave Aitel, has launched a fresh salvo of tweets against a book published by New York Times cyber security reporter Nicole Perlroth, after securing and reading a copy of the tome which was published on Tuesday US time.

Former NSA hacker and ex-owner of security company Immunity, Dave Aitel, has once again criticised New York Times' cyber security reporter Nicole Perlroth, claiming that nearly every detail in a piece the journalist wrote to promote an upcoming book of hers is wrong.

Veteran vulnerability researcher Dave Aitel has offered his views on a major flaw in the BIG-IP range of devices, saying that the fact many people had assumed it had never been found and exploited could well be incorrect.

A row has broken out between researchers from Google after ex-NSA hacker Patrick Wardle revealed the details of two zero-day vulnerabilities in the Mac version of Zoom that could be exploited to give the attacker root access. Neither vulnerability is remotely exploitable and can only be taken advantage of by a local attacker – someone who has physical access to the machine in question.

US security firm Immunity has started selling an exploit to take advantage of a flaw in Microsoft's proprietary remote desktop protocol. The vulnerability was revealed in May.

A number of information security professionals in the US have sharply criticised The New York Times over an article it ran recently, claiming that a ransomware attack on local government offices in Baltimore, Maryland, was carried out through the use of a leaked NSA exploit known as EternalBlue.

Organisers of the security conference Infiltrate are reportedly not allowing journalists to attend this year, though it is understood that there has been no such ban in the past.

The author of a book who wrote that the security firm Mandiant had hacked into the computers of a Chinese military unit while it was investigating the activities of the group, known as APT1, appears to be standing by his claims.

The head of American security firm Immunity, Dave Aitel, appears to be backtracking on his claims, made in August, that British security researcher Marcus Hutchins had "something to do" with the WannaCry ransomware which hit Windows computers globally in May.

Security firms are continuing to use last month's WannaCry ransomware attack to shamelessly plug their wares, with McAfee the latest to do so, warning the Australian Government that cyber crime is becoming more and more sophisticated.

NSA whistleblower Edward Snowden and security expert Dave Aitel both say that a leak of advanced hacking tools, most likely belonging to the American government, is connected to the hacking and leaks of material from the US Democratic party.

Security company Ixia says its new ThreatARMOR solution adds "zero-day malware immunity", blocking mutated versions of malware that try to evade traditional security solutions.