Information Security News
There's a new method for rooting Android devices that's believed to work reliably on every version of the mobile operating system and a wide array of hardware. Individuals can use it to bypass limitations imposed by manufacturers or carriers, but it could also be snuck into apps for malicious purposes.
The technique comes courtesy of a Linux privilege-escalation bug that, as came to light last week, attackers are actively exploiting to hack Web servers and other machines. Dirty Cow, as some people are calling the vulnerability, was introduced into the core Linux kernel in 2007. It's extremely easy to exploit, making it one of the worst privilege-elevation flaws ever to hit the open-source OS.
Independent security researcher David Manouchehri told Ars that this proof-of-concept code that exploits Dirty Cow on Android gets devices close to root. With a few additional lines, Manouchehri's code provides persistent root access on all five of the Android devices he has tested.
Since Friday, the Mirai botnet has become kind of a household name. I have been continuing to watch the botnet infect my test DVR over and over. A coupleof things I have seen over the weekend:
Prior articles about Mirai:
ISC Briefing: Large DDoS Attack Against Dyn(with PPT slides for you to use)
The Short Life of a Vulnerable DVR Connected to the Internet(includes full packet capture of an infection)