The amazing and frightening thing about the Mirai botnet's reign of terror wasn't that it was a super-sophisticated cyberweapon: rather, it was a clumsy, amateurish fuggly hack that turned out to have been produced by a couple of dum-dums with a Minecraft racket.
That led a lot of people to wonder about the capabilities of an Internet of Things worm that was created and maintained by someone halfway bright? Now, we're finding out.
A new IoT botnet called Satori is spreading more slowly than Mirai did -- it's compromised about 40,000 devices so far -- but it's mutating a lot faster than Mirai ever did, with regular infusions of code designed to exploit new vulnerabilities. Security researchers fear that a Mirai-alike botnet with a competent patching regime could be far more devastating than Mirai ever was.
As a result, it’s been evolving quickly. It began by targeting routers in Latin America and Egypt. When internet service providers in those places blocked it late last year, a new variant appeared, aimed at computers mining digital currency. Now it’s morphed again. The latest version targets software associated with ARC processors, which provide the silicon brains for a wide range of internet-of-things devices, including some smart thermostats, digital TV set-top boxes, and car infotainment systems.
After finding a weak point in a device’s defenses, Satori probes to see if the owner has kept default passwords and settings, hoping to exploit these to gain control of the machine. If it succeeds, it then looks for other devices on a network and tries to infect them too.
A fast-evolving new botnet could take gadgets in your home to the dark side [Martin Giles/Tech Review]
(via Naked Capitalism)
The video conferencing app Zoom has become suddenly ubiquitous over the past few weeks, as the coronavirus shutdown closes schools, businesses, and keeps us all indoors. Shares of Zoom dropped 9% on Monday, adding to their sharp declines in recent days, as security and privacy vulnerabilities are reported. There is also new competition from other […]
“Researchers conclude that Zoom uses non-industry-standard cryptographic techniques with identifiable weaknesses and is not suitable for sensitive communications.”
The suddenly popular videoconferencing app Zoom has issued a patch for a vulnerability in its Windows client that allowed attackers to steal the user’s Windows login credentials from malicious chat links. Hi @zoom_us & @NCSC – here is an example of exploiting the Zoom Windows client using UNC path injection to expose credentials for use […]
Gather round, young and old — and hear tales of bygone days. Back in olden times, citizens would mass at a house of coffee, wherein skilled java alchemists would concoct special blends and apply artisanal wizardry to make each steaming chalice an appointment for the taste buds. Granted, said wizards, once known as baristas, were […]
The last few weeks have given us all a lot to think about. As we watched stores close, Costco lines snake through parking lots and items like hand sanitizer and toilet paper disappear everywhere like they were Lady Gaga tickets, there’s one significant takeaway it’s safe to say we all can agree on. We should […]
Whether it was Bach or Chopin, Ray Charles or Jerry Lee Lewis, Stevie Wonder, Elton John, Alicia Keys or Norah Jones, there was someone whose mastery on the piano made you think, wow, I wish I knew how to do that. It’s a singular, almost timeless skill — and if you love music, there’s no […]