Two SCADA security researchers Alexander Timorin, Dmitry Sklyarov releases a offline password brute-force tool for Siemens S7 PLCs (programmable logic controllers). ICS-CERT has issued a pdf regrading the issue and availability of the proof-of-concept exploit code on Pastebin. In
order to be able to use the tool, an attacker must first capture TCP/IP
traffic containing the authentication data in the challenge-response
form, and then by using the script, tries out different passwords until
it finds a match. The possibility exists that this code may be modified
to be used against other vendor products.
Hackers abusing iOS feature to install pirated apps without jailbreak
A
new service has found a way to let users install pirated iPhone and
iPad apps without the need for an iOS jailbreak. This was made possible
by certain Chinese app store-like services. Question is, How ?
The features that allow enterprises to deploy their own custom apps
have now been abused to deliver pirated apps to users. This is now
opening the door for piracy on millions of Apple devices and increase in
number of fake, malware apps. The iOS app may try to send out some
personal privacy information to external server which creates privacy
data leakage problem. Mobile private information leak always starts from
installing malicious app on the device, either its iOS or Android.
TrendMicro Report on mobile security issues.
No comments:
Post a Comment