GHOST(dot)WEB: The First Blood

The Positive Technologies researchers report there is a working exploit for GHOST vulerability against the popular phpBB forum. The exploit in gethostbyname function allows an attacker to gain full control over an operating system of the vulnerable server.  PhpBB is a well-known forum tool for websites. A quick Google search shows that this system is currently installed in more than 800,000 websites.



Of course, not all of them are vulnerable to GHOST, as it requires that several factors be taken into account. However, rich mechanisms to maintain host identification allow an attacker to create a specially crafted exploit via http and achieve almost 100% success in conducting this attack.

Hacking ATM with Raspberry Pi

First days of new year came with the warning about a new class of ATM fraud named "black box attack". The crooks gain physical access to the top of the cash machine, connect their own computer to the the cash dispenser and force it to spit out cash, Krebs OnSecurity reports. In fact, this technics isn't so new. The Positive Technologies experts Olga Kochetova and Alexey Osipov showed similar attacks on ATM at Black Hat Europe 2014 in Amsterdam.

iOS Blocking — Do Not Give In to Cyber Blackmail!

Another scandal beside the one with celebrity nude photo leaks seems to break out soon. Recently, many owners of Apple phones and tablets have faced iCloud account blocking. Accounts are blocked by Apple itself in response to continuous bruteforce attempts. Positive Technologies experts warn you of iCloud blocking attacks conducted for the sake of blackmail and ask to ignore suspicious emails.

Nowadays cybercriminals are very attentive to information security researches — celebrity photos appeared on the Internet right after Andrey Belenko published his report "iCloud Keychain and iOS 7 Data Protection". Following notorious photo publications, Apple restricted the number of login attempts. Once all of them fail, an account gets blocked.

Mobile eavesdropping via SS7 and first reaction from telecoms

Mobile network operators and manufacturers finally said some words about vulnerabilities in the SS7 technology that allow an intruder to perform subscriber’s tracking, conversation tapping and other serious attacks. We reported some of these vulnerabilities and attack schemes in May 2014 at Positive Hack Days IV as well as here in our blog.

In December 2014, these SS7 threats were brought to public attention again, at the Chaos Communication Congress in Hamburg, where German researchers showed some new ways to intercept and decrypt mobile phone calls using SS7. The research have included more than 20 networks worldwide, including T-Mobile in the United States.