October 17, 2019

Pen testers find mystery black box connected to ship’s engines

By John E Dunn

If an attacker wanted to sneak a monitoring device into a target network, how might they go about it?

As Naked Security reported last week, they could try soldering a tiny chip on to the circuit board of something like a firewall on the assumption that it will never be noticed.

But there might be a much simpler approach – hide the device in plain sight, safe in the knowledge that its very conspicuousness means its legitimacy will probably never be questioned.

This was the initial suspicion of a team from UK-based outfit Pen Test Partners when they noticed an unlabeled, “potentially toxic box” connected to the onboard LAN of a ship that the team was performing a security assessment on.

Ship networks feature a lot of specialized equipment, of course, but every box should have a purpose. And yet, after enquiring about its origins, the message came back:

Fleet management told us that shoreside had no invoice, record, or inventory listing for it. They were blissfully unaware of its existence.

It had an Ethernet connection to the ship LAN but was also connected to a Windows console on the bridge which was so bright at night that the crew covered it up. The assumption had been that it was meant to be there.

Read more at https://nakedsecurity.sophos.com/2019/10/17/pen-testers-find-mystery-black-box-connected-to-ships-engines/

Robotic hand solves Rubik’s Cube by learning how to learn about it

By Lisa Vaas

Can you solve a Rubik’s Cube? How about with one hand?

That’s what artificial intelligence (AI) research company OpenAI has taught a robot to do: using neural networks but leaving it up to the system to figure out how to overcome hurdles, it’s taught a human-like, robotic hand to solve the puzzle single-handedly.

This isn’t the first time that a robot has solved the Rubik’s Cube. In June 2019, an MIT robot – fast as greased pistons, but not at all human-hand-like – did it in the record-shattering time of .38 seconds. (Compare that with the fastest record for a human, which is held by Australian Feliks Zemdegs, who solved it in 4.22 seconds in 2018.)

The company said on Tuesday that it’s been trying to train a human-like, robotic hand to solve the puzzle since May 2017. The company chose the task of training such a hand to solve a Rubik’s Cube because it’s a complex manipulation task that lays the groundwork for general-purpose robots to do all manner of other tasks.

OpenAI solved the Rubik’s Cube, in simulation, in July 2017. But as of July 2018, it had only managed to get the IRL robot to manipulate a block. Now, it’s reached its initial goal of teaching the robot to solve the puzzle – at least, some of the time.

Read more at https://nakedsecurity.sophos.com/2019/10/17/robotic-hand-solves-rubiks-cube-by-learning-how-to-learn-about-it/

Hackers hack card details from BriansClub carding site

By Lisa Vaas

Hackers have hacked BriansClub, one of the biggest black market sites trafficking in stolen credit card data, whisking away the data of more than 26 million payment cards.

Security journalist Brian Krebs reported that last month, a source shared a plain text file containing what they claimed to be the full database of cards for sale, both currently and historically, at BriansClub.

That cache contains details stolen from bricks-and-mortar retailers over the past four years, including nearly eight million uploaded so far in this year alone.

Krebs reports that the data hacked out of the carder site has been shared with people who work with financial institutions that identify, monitor, or reissue compromised cards that show up for sale on criminal forums. BriansClub mostly resells cards stolen by other cybercrooks, known as resellers or affiliates, who earn a (currently undetermined) percentage from each sale, Krebs says.

Read more at https://nakedsecurity.sophos.com/2019/10/17/hackers-hack-card-details-from-briansclub-carding-site/

Adobe fixes 46 critical bugs in patchfest

By Danny Bradbury

Adobe patched a total of 82 vulnerabilities across a range of products on Tuesday, including 46 critical bugs.

The lion’s share of the patches, which the company flagged on 11 October, came in a single advisory covering Acrobat and Acrobat Reader on the Windows and macOS platforms, extending back to the Classic 2015 versions.

There were 45 critical bugs in this batch, allowing for arbitrary code execution thanks to a range of weaknesses covering type confusion, race conditions, and memory issues such as out-of-bounds write, use after free, buffer overrun, and heap overflow.

The company said:

Successful exploitation could lead to arbitrary code execution in the context of the current user.

Other bugs in this collection, ranked important, could be triggered via cross-site scripting, out-of-bounds reads, and what Adobe called an “incomplete implementation of security mechanism,” although like many of the bugs, details on that one hadn’t been published.

Adobe also patched a single important-ranking vulnerability in the Windows Adobe Download Manager (CVE-2019-8071), which allowed for privilege escalation through insecure file permissions.

Read more at https://nakedsecurity.sophos.com/2019/10/17/adobe-fixes-46-critical-bugs-in-patchfest/

ACS

Advanced Computer Services of Central Florida

Centrally located in Winter Haven, we serve residential and business clients in and around Polk County.

9 Camellia Drive
Winter Haven, FL 33880
863-229-4244

Our Promise to You

Plain language, no tech-talk

We will never try to over-sell you a product you don't need.


Advanced Computer Services of Central Florida is your local, hometown computer service and repair company that can do more than just fix your PC.  We offer highly skilled professionals who can be counted on to give you sound advice on upgrades, software and hardware, commercial & residential networks, hardwire or secure wireless.

No trip charges within Polk County

No after-hours or weekend fees

$45.00/hr Residential

$65.00/hr Commercial - free system evaluation