Exploits

For quite some time, criminal actors have been using mobile devices for mining, without the knowledge or consent of the user.

The threat situation has continued to be high in the past year, with over 3 million new Android malware samples discovered. 744,065 of these were discovered in the fourth quarter of 2017. This means that G DATA analysts are counting an average of 8,225 new malware samples for the Android operating…

International researchers have discovered two severe vulnerabilities in the design of many recent CPUs. The vulnerabilities exist in CPUs from most major vendors, including Intel and AMD, and have been lingering there for over a decade. Microsoft has released an update which is also compatible with…

Meltdown and Spectre are considered the most serious bug in the history of computers. With Anders Fogh we have one of the few people worldwide in our team, who has driven the research, which was laying the foundation for the recently published security flaws. We sat down with him and asked him some…

It is possible to gain access to an aircraft’s systems from the outside, according to a report from a team of DHS experts. For perhaps obvious reasons, any details about the attack are classified, but reports still leave a bitter aftertaste. In the end, things come down to money yet again.

On Monday, reports emerged about the encryption of WiFi networks being susceptible to attacks. A design flaw in the WPA2 encryption allows the reuse of certain cryptographic keys instead of blocking it. The Belgian research team dubbed the attack “KRACK”.

A few days ago reports emerged about a collection of vulnerabilities on the Bluetooth protocol suite. Those allow an attacker to gain complete control over a vulnerable target device without the victim being aware of the attack. What are the consequences for users and how relevant are the examples?

We have written about vulnerabilities in IoT devices before. There are several factors that work to the advantage of anyone seeking to compromise the confidentiality, integrity or availability of such devices: the lack of standards or (legal) regulations as well as the lack of update facilites in…

The development of any kind of software takes time. Not every function that is planned for the final product is implemented right from the start. It does not come as a surprise that this is also true for the development of malware. At the G DATA Security Labs, a file has sparked the interest of our…

For the past few weeks, headlines have been awash with reports about ransomware and other disruptive malware. Since malware in a worry for many people, scammers naturally try to profit off this trend. We had our own Tim Berghoff pose as a victim. Read his full report here.