By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy

At the Black Hat 2018 and DEF CON 26 security conferences held in Las Vegas last week, a security researcher detailed a backdoor mechanism in x86-based VIA C3 processors, a CPU family produced and sold between 2001 and 2003 by Taiwan-based VIA Technologies Inc. The affected CPU family was designed with PC use in mind but was more widely known for being deployed with point-of-sale units, smart kiosks, ATMs, gaming rigs, healthcare devices, and industrial automation equipment. The Rosenbridge backdoor mechanism Christopher Domas, a well-known hardware security expert, says that VIA C3 x86-based CPUs contain what he referred to as a "hidden God mode" that lets an attacker elevate the execution level of malicious code from kernel ring 3 (user mode) to kernel ring 0 (OS kernel). See here about CPU protection rings. Domas says that this backdoor mechanism —which he named Rosenbridge— is a RISC (Reduced Instruction Set Computer) co-processor that sits alongside the main C3 processor. Continue reading on OUR FORUM.

A new report from EnigmaSoft -- makers of the SpyHunter anti-malware product -- reveals the US cities with the highest rates of malware infection. Systems in Atlanta, Orlando, and Denver are most likely to be infected, with Louisville, Witchita, and Anchorage has the lowest infection rates. "It's hard to say exactly why one city or state has a higher rate of infection than others," says EnigmaSoft spokesperson Ryan Gerding. "There's a wide variety at the top of the list. Larger cities, smaller cities, and cities in every geographic area. The same is true for the least infected areas. New York and San Francisco ranked near the very bottom of the list." Infections are listed by state too, with Colorado ranked highest and Alabama lowest. The findings also look at the days of the week when malware is most likely to hit. Wednesday comes out as the most dangerous day, with Saturdays and Sundays the least, perhaps showing that even cybercriminals like to take the weekends off. Infections detected range from what EnigmaSoft identifies as Potentially Unwanted Programs or 'nuisanceware', which slow down computers and change some settings, all the way to ransomware, which threatens to delete valuable files unless the victim pays a ransom. "No matter what city or state you are in or what day of the week it is, it is important to always be vigilant about the threat of malware and other infections," Gerding adds. Find out how your US city ranks by visiting OUR FORUM.

Attackers are targeting DLink DSL modem routers in Brazil and exploiting them to change the DNS settings to a DNS server under the attacker's control. This then allows them to redirect users attempting to connect to their online banks to fake banking websites that steal the user's account information. According to research by Radware, the exploit being used by the attackers allows them to perform remote unauthenticated changes to DNS settings on certain DLink DSL modems/routers. This allows them to easily scan for and script the changing of large amounts of vulnerable routers so that their DNS settings point to a DNS server under the attacker's control. When users visit the fake websites, they will look almost identical to the original banking site. At the fake site, though, they will be asked for the bank agency number, account number, eight-digit pin, mobile phone number, card pin, and a CABB number. This information is then collected by the attackers. Complete details can be found on OUR FORUM.