close
  • chevron_right

    Researchers find backdoor lurking in WordPress plugin used by schools

    news.movim.eu / ArsTechnica · Yesterday - 22:51

A cartoon door leads to a wall of computer code.

Enlarge (credit: BeeBright / Getty Images / iStockphoto )

Researchers said on Friday that they found a malicious backdoor in a WordPress plugin that gave attackers full control of websites that used the package, which is marketed to schools.

The premium version of School Management , a plugin schools use to operate and manage their websites, has contained the backdoor since at least version 8.9, researchers at website security service JetPack said in a blog post without ruling out that it had been present in earlier versions. This page from a third-party site shows that version 8.9 was released last August.

Obvious backdoor

Jetpack said it discovered the backdoor after support team members at WordPress.com reported finding heavily obfuscated code on several sites that used School Management Pro. After deobfuscating it, they realized that the code, stashed in the license-checking part of the plugin, was intentionally placed there with the goal of giving outsiders the ability to take control of sites.

Read 8 remaining paragraphs | Comments

  • chevron_right

    Twitter deal leaves Elon Musk with no easy way out

    news.movim.eu / ArsTechnica · 2 days ago - 17:54

Since the financial crisis, corporate lawyers have aspired to build the ultimate ironclad merger contract that keeps buyers with cold feet from backing out.

The “bulletproof” modern deal agreement now faces one of its biggest tests, as Elon Musk, the Tesla boss and richest person in the world, openly entertains the possibility of ditching his $44 billion deal for Twitter.

Musk said in a tweet this week that the “ deal cannot move forward ” until the social media platform provides detailed data about fake accounts, a request that Twitter seems unlikely to meet. Twitter’s board, meanwhile, has stated its commitment “to completing the transaction on the agreed price and terms as promptly as practicable."

Read 17 remaining paragraphs | Comments

  • chevron_right

    How we learned to break down barriers to machine learning

    news.movim.eu / ArsTechnica · 2 days ago - 16:12

Dr. Sephus discusses breaking down barriers to machine learning at Ars Frontiers 2022. Click here for transcript . (video link)

Welcome to the week after Ars Frontiers! This article is the first in a short series of pieces that will recap each of the day's talks for the benefit of those who weren't able to travel to DC for our first conference. We'll be running one of these every few days for the next couple of weeks, and each one will include an embedded video of the talk (along with a transcript).

For today's recap, we're going over our talk with Amazon Web Services tech evangelist Dr. Nashlie Sephus. Our discussion was titled "Breaking Barriers to Machine Learning."

Read 27 remaining paragraphs | Comments

  • chevron_right

    2 vulnerabilities with 9.8 severity ratings are under exploit. A 3rd looms

    news.movim.eu / ArsTechnica · 3 days ago - 22:58

2 vulnerabilities with 9.8 severity ratings are under exploit. A 3rd looms

Enlarge (credit: Getty Images)

Malicious hackers, some believed to be state-backed, are actively exploiting two unrelated vulnerabilities—both with severity ratings of 9.8 out of a possible 10—in hopes of infecting sensitive enterprise networks with backdoors, botnet software, and other forms of malware.

The ongoing attacks target unpatched versions of multiple product lines from VMware and of BIG-IP software from F5, security researchers said. Both vulnerabilities give attackers the ability to remotely execute malicious code or commands that run with unfettered root system privileges. The largely uncoordinated exploits appear to be malicious, as opposed to benign scans that attempt to identify vulnerable servers and quantify their number.

First up: VMware

On April 6, VMware disclosed and patched a remote code execution vulnerability tracked as CVE-2022-22954 and a privilege escalation flaw tracked as CVE-2022-22960. According to an advisory published on Wednesday by the Cybersecurity and Infrastructure Security Agency, “malicious cyber actors were able to reverse engineer the updates to develop an exploit within 48 hours and quickly began exploiting the disclosed vulnerabilities in unpatched devices.”

Read 12 remaining paragraphs | Comments

  • chevron_right

    New Bluetooth hack can unlock your Tesla—and all kinds of other devices

    news.movim.eu / ArsTechnica · 3 days ago - 14:03 · 1 minute

New Bluetooth hack can unlock your Tesla—and all kinds of other devices

Enlarge (credit: Getty Images)

When you use your phone to unlock a Tesla, the device and the car use Bluetooth signals to measure their proximity to each other. Move close to the car with the phone in hand, and the door automatically unlocks. Move away, and it locks. This proximity authentication works on the assumption that the key stored on the phone can only be transmitted when the locked device is within Bluetooth range.

Now, a researcher has devised a hack that allows him to unlock millions of Teslas—and countless other devices—even when the authenticating phone or key fob is hundreds of yards or miles away. The hack, which exploits weaknesses in the Bluetooth Low Energy standard adhered to by thousands of device makers, can be used to unlock doors, open and operate vehicles, and gain unauthorized access to a host of laptops and other security-sensitive devices.

When convenience comes back to bite us

“Hacking into a car from hundreds of miles away tangibly demonstrates how our connected world opens us up to threats from the other side of the country—and sometimes even the other side of the world,” Sultan Qasim Khan, a principal security consultant and researcher at security firm NCC Group, told Ars. “This research circumvents typical countermeasures against remote adversarial vehicle unlocking and changes the way we need to think about the security of Bluetooth Low Energy communications.”

Read 20 remaining paragraphs | Comments

  • chevron_right

    Researchers devise iPhone malware that runs even when device is turned off

    news.movim.eu / ArsTechnica · 5 days ago - 20:20

Researchers devise iPhone malware that runs even when device is turned off

Enlarge (credit: Classen et al.)

When you turn off an iPhone, it doesn’t fully power down. Chips inside the device continue to run in a low-power mode that makes it possible to locate lost or stolen devices using the Find My feature or use credit cards and car keys after the battery dies. Now researchers have devised a way to abuse this always-on mechanism to run malware that remains active even when an iPhone appears to be powered down.

It turns out that the iPhone’s Bluetooth chip—which is key to making features like Find My work—has no mechanism for digitally signing or even encrypting the firmware it runs. Academics at Germany’s Technical University of Darmstadt figured out how to exploit this lack of hardening to run malicious firmware that allows the attacker to track the phone’s location or run new features when the device is turned off.

This video provides a high overview of some of the ways an attack can work.

Read 9 remaining paragraphs | Comments

  • chevron_right

    The tech sector teardown is more catharsis than crisis

    news.movim.eu / ArsTechnica · 6 days ago - 11:00

Image of a person in front of a graph tracking investment performance.

Enlarge (credit: Getty Images )

Following a series of “super clarifying” meetings with shareholders, Uber’s chief executive, Dara Khosrowshahi, emailed employees on Sunday night with an arresting message: “we need to show them the money.”

Mangling his metaphors, Khosrowshahi explained that the market was experiencing a “seismic shift” and the “goalposts have changed.” The ride-hailing and food delivery company’s priority must now be to generate free cash flow. “We are serving multitrillion-dollar markets, but market size is irrelevant if it doesn’t translate into profit,” he wrote .

For the boss of Uber to be trumpeting cash flow and profit would once have seemed about as likely as Elon Musk shouting about the benefits of personal humility and petrol-fueled cars. No company has been more emblematic of the long, crazy, capital-doped bull market in technology stocks than Uber. Founded in 2009, the company floated a decade later at a valuation of $76 billion without recording a single quarter of profits . Its belated conversion to financial orthodoxy shows how much markets have been transformed since the turn in the interest rate cycle and the crash of the tech-heavy Nasdaq market, which has dropped 26 percent this year.

Read 11 remaining paragraphs | Comments

  • chevron_right

    How a French satellite operator helps keep Russia’s TV propaganda online

    news.movim.eu / ArsTechnica · 7 days ago - 12:00

Russian President Vladimir Putin speaking at a forum.

Enlarge / Russian President Vladimir Putin speaks during the Moscow Urban Forum 2018 on July 18, 2018 in Moscow, Russia. (credit: Getty Images | Mikhail Svetlov )

Not long after Russia steamrolled into South Ossetia in 2008, effectively annexing the territory of its southern neighbor, a group of Georgians banded together to set up a new Russian-language television station, a voice independent of the Kremlin: Kanal PIK.

With the help of Georgia’s public broadcaster, they signed a five-year deal with French satellite operator Eutelsat to beam their station into the Caucasus. Just two weeks after they launched in 2010, Eutelsat notified PIK that they were dropped. Their space on the satellite had been promised to Gazprom Media Group, a chief pillar in Moscow’s tightly controlled media system .

Kanal PIK said in a statement at the time that the saga “leaves Intersputnik and Gazprom Media Group—both of which adhere to the Kremlin's editorial line—with a de facto satellite transmission monopoly over Russian-language audience.” Kanal PIK would acquire a spot on another Eutelsat a year later, but the station struggled and went dark in 2012.

Read 34 remaining paragraphs | Comments