Data Security News Headlines 17th February 2017

  1. A Simple JavaScript Exploit Bypasses ASLR Protection On 22 CPU Architectures

Security researchers have discovered a chip flaw that could nullify hacking protections for millions of devices regardless of their operating system or application running on them.  The vulnerability resides in the way the memory management unit (MMU), a component of many CPUs, works and leads to bypass the Address Space Layout Randomization (ASLR) protection. ASLR is a memory protection mechanism which randomizes the location where programs run in a device’s memory. This, in turn, makes it difficult for attackers to execute malicious payloads in specific spots in memory when exploiting buffer overflows or similar bugs. a group of researchers, known as VUSec, from the Vrije University in the Netherlands have developed an attack that can bypass ASLR protection on at least 22 processor micro-architectures from popular vendors like Intel, AMD, ARM, Allwinner, Nvidia, and others according to news published in Hacker News. Due to this vulnerability attacker can execute malicious java scripts, also attacker can read portions of the computer’s memory, which they could then use to launch more complex exploits, escalate access to the complete operating system, and hijack a computer system.

Cyber Security Tips:  To protect from such attacks enable plug-ins, such as NoScript for Firefox or ScriptSafe for Chrome, to block untrusted JavaScript code.

  1. Yahoo Hacked Again! Company Issues security alert notice to customer.

The company has discovered that between 2015 and 2016 potentially malicious activity was observed on the website. The company revealed on Wednesday that currently it has issued warning notification to the users but it is yet not been specified how many users have been affected, yet Yahoo is certain that user accounts have been compromised during the said time period. It is happened due to forged cookies. A forged cookie is the same token that is stored in a browser; however, it’s reverse engineered by the bad guys. Spokeswoman from Yahoo stated that after investigating the issue, they identified the user accounts for which the forged cookies were used. As of now, “Yahoo is in the process of notifying all potentially affected account holders. Yahoo has invalidated the forged cookies so they cannot be used again,” she added.

Cyber Security Tips: Users are strictly recommended that immediately change their password, And use strong password, keep monitoring your account.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Blog at WordPress.com.

Up ↑

%d bloggers like this: