A serious vulnerability in a widely used , and widely forked , jQuery file upload plugin may have been exploited Vulnerability-related.DiscoverVulnerability for years by hackers to seize control of websites – and is only now patched Vulnerability-related.PatchVulnerability . Larry Cashdollar , a bug-hunter at Akamai , explained Vulnerability-related.DiscoverVulnerability late last week how the security shortcoming , designated Vulnerability-related.DiscoverVulnerability CVE-2018-9206 , allows a miscreant to upload and execute arbitrary code as root on a website that uses the vulnerable code with the Apache web server . This would potentially allow an attacker to , among other things , upload and run a webshell to execute commands on the target machine to steal Attack.Databreach data , change files , distribute malware , and so on . Cashdollar – real name , he swears – was able to track Vulnerability-related.DiscoverVulnerability the flaw down to Sebastian Tschan 's open-source jQuery File Upload tool , and got the developer to fix Vulnerability-related.PatchVulnerability it in version 9.22.1 . The flaw stems from a change to the Apache web server , from version 2.3.9 and onwards , that disabled support for .htaccess security configuration files , which left projects like jQuery File Upload open to exploitation . Additionally , Cashdollar noted Vulnerability-related.DiscoverVulnerability , it is almost certain he was not the first person to come across Vulnerability-related.DiscoverVulnerability this simple vulnerability . Demonstration videos on YouTube suggest similar flaws are known Vulnerability-related.DiscoverVulnerability to miscreants , and have been targeted in some circles for years . `` The internet relies on many security controls every day in order to keep our systems , data , and transactions safe and secure , '' Cashdollar said . `` If one of these controls suddenly does n't exist it may put security at risk unknowingly to the users and software developers relying on them . '' So , it 's believed hackers have been quietly exploiting the bug for several years as the flaw itself is fairly trivial and also eight years old . Now that details of the vulnerability are public Vulnerability-related.DiscoverVulnerability , exploit code has been produced , for example , here , and may be handy if you wish to test whether or not your website is vulnerable Vulnerability-related.DiscoverVulnerability to CVE-2018-9206 . In any case , loads of people now know about it , so that means more miscreants menacing and hijacking vulnerable websites .

A bloke has told how he discovered Vulnerability-related.DiscoverVulnerability a bug in Valve 's Steam marketplace that could have been exploited Vulnerability-related.DiscoverVulnerability by thieves to steal game license keys and play pirated titles . Researcher Artem Moskowsky told The Register earlier this week that he stumbled Vulnerability-related.DiscoverVulnerability across the vulnerability – which earned him a $ 20,000 bug bounty for reporting Vulnerability-related.DiscoverVulnerability it – by accident while looking over the Steam partner portal . That 's the site developers use to manage the games they make available for download from Steam . A professional bug-hunter and pentester , Moskowsky said he has been doing security research since he was in school , and for the past several years , he has made a career out of finding and reporting Vulnerability-related.DiscoverVulnerability flaws . In this case , while looking through the Steam developer site , he noticed it was fairly easy to change parameters in an API request , and get activation keys for a selected game in return . Those keys , also known as CD keys , can be used to activate and play games downloaded from Steam . The API is provided so developers and their partners can obtain license keys for their titles to pass onto gamers . `` This bug was discovered Vulnerability-related.DiscoverVulnerability randomly during the exploration of the functionality of a web application , '' Moskowsky explained Vulnerability-related.DiscoverVulnerability . `` It could have been used by any attacker who had access to the portal . '' Essentially , anyone who had an account on the developer portal would be able to access the game activation keys for any other game Steam hosted , and sell or distribute them for pirates to use to play games from Steam . Fetching from the /partnercdkeys/assignkeys/ API with a zero key count returned a huge bunch of activation keys . `` To exploit the vulnerability , it was necessary to make only one request , '' Moskowsky told El Reg . `` I managed to bypass the verification of ownership of the game by changing only one parameter . After that , I could enter any ID into another parameter and get any set of keys . '' How severe was the flaw ? Moskowski says that , in one case , he entered a random string into the request , to pick a title at random , and in return he got 36,000 activation keys for Portal 2 , a game that still retails for $ 9.99 in the Steam store . Fortunately for Valve , Moskowsky opted to privately come forward with the flaw via HackerOne . The programming blunder has since been fixed Vulnerability-related.PatchVulnerability . As the HackerOne entry for the vulnerability shows , Moskowsky first submitted the report Vulnerability-related.DiscoverVulnerability on the flaw in early August . Three days later , Valve handed out the $ 15,000 bounty as well as a $ 5,000 bonus for the find , though Valve only allowed the report to go public on October 31 . The researcher told us this is a pretty good turnaround , and Valve in particular is very good with handling researcher requests and paying out bug bounties . Impressively , this $ 20,000 bounty is n't even the biggest payout Moskowsky has received from the games service . Back in July he was given a cool $ 25,000 for weeding out Vulnerability-related.DiscoverVulnerability a SQL Injection bug in the same developer portal .

The vulnerability was discovered Vulnerability-related.DiscoverVulnerability by researchers from the hacking collective the Exploiteers ( formerly GTVHacker ) , who have found Vulnerability-related.DiscoverVulnerability vulnerabilities in the Samsung SmartCam devices in the past . The flaw allows for command injection through a web script , even though the vendor has disabled the local web-based management interface in these devices . The Samsung SmartCam is a series of cloud-enabled network security cameras that were originally developed by Samsung Techwin . Samsung sold this division to South Korean business conglomerate Hanwha Group in 2015 and the company was renamed Hanwha Techwin . In response to vulnerabilities reported in Vulnerability-related.DiscoverVulnerability the web-based management interface of various SmartCam models over the past few years , Hanwha Techwin decided to completely disable the local administration panel and only allow users to access the cameras through the accompanying smartphone app and its My SmartCam cloud service . The Exploiteers researchers recently analyzed the Samsung SmartCam SNH-1011 and noticed that while accessing the web interface over the local network was no longer possible , the web server was still running on the device and hosted some PHP scripts related to a video monitoring system called iWatch . One of these scripts allows users to update the iWatch software by uploading a file , but has a vulnerability that stems from improper sanitization of the file name . The flaw can be exploited Vulnerability-related.DiscoverVulnerability by unauthenticated attackers to inject shell commands that will then be executed by the web server running with root privileges . `` The iWatch Install.php vulnerability can be exploited Vulnerability-related.DiscoverVulnerability by crafting a special filename which is then stored within a tar command passed to a php system ( ) call , '' the researchers explained Vulnerability-related.DiscoverVulnerability in a blog post Saturday . `` Because the web-server runs as root , the filename is user supplied , and the input is used without sanitization , we are able to inject our own commands within to achieve root remote command execution . '' While the flaw was found Vulnerability-related.DiscoverVulnerability in the SNH-1011 model , the researchers believe that it affects the entire Samsung SmartCam series . Ironically the vulnerability can be exploited Vulnerability-related.DiscoverVulnerability to turn on the disabled web management interface , whose removal was criticized by some users . The Exploiteers published Vulnerability-related.DiscoverVulnerability a proof-of-concept exploit that does just that .

In a blog post , Leonov explained Vulnerability-related.DiscoverVulnerability that he reported Vulnerability-related.DiscoverVulnerability the issue to Facebook in October 2016 according to which the ImageMagick flaw was still active and impacted Vulnerability-related.DiscoverVulnerability Facebook . He also provided Vulnerability-related.DiscoverVulnerability Facebook security team with an in-depth proof of concept ( PoC ) who patched Vulnerability-related.PatchVulnerability the issue and awarded him a sum of $ 40,000 through the Bugcrowd payment system . “ Once upon a time on Saturday in October I was testing some big service ( not Facebook ) when some redirect followed me on Facebook . “ I am glad to be the one of those who broke the Facebook , ” said Leonov . To confirm the payment , The Register has contacted Facebook .

In an email sent to users on 26th December , the site explained Vulnerability-related.DiscoverVulnerability that hackers were able to conduct this breach by exploiting Vulnerability-related.DiscoverVulnerability a known vulnerability in outdated vBulletin forum software . Although PakWheels didn ’ t reveal the number of affected users , we at HackRead have inside details on this breach Attack.Databreach according to which the number of targeted users impacted by this breach Attack.Databreach goes over 674,775 users including names , emails , encrypted passwords , mobile number and Facebook sessions . PakWheels was started back in 2003 to fill the missing space between automotive enthusiasts and absence of a platform that discusses automotive industry related topics in the country . In May 2016 , Pakistan ’ s real estate giant Zameen was hacked Attack.Databreach by a Bangladeshi hacker who leaked Attack.Databreach its entire database after being ignored by Zameen ’ s administration . As far as vBulletin forum software , the year 2016 , has been a bad year for anyone using vBulletin and not updating it to its latest version . Until now , the forums hacked Attack.Databreach due to vulnerability in outdated vBulletin forum software include Clash of Kings forum with 1.6 million data stolen , Epic games forum with 800,000 accounts stolen , Grand Theft Auto ( GTA ) forum , Russia ’ s Mail.ru with 27 million accounts stolen , LifeBoat forum with 7 million accounts stolen and Exile Mod gaming forum with 12,000 accounts stolen .

Yesterday , researcher Simon Kenin of Trustwave SpiderLabs released information Vulnerability-related.DiscoverVulnerability about an authentication bypass flaw affecting Vulnerability-related.DiscoverVulnerability a wide variety of Netgear routers , as well as PoC attack code for triggering it . The vulnerability ( CVE-2017-5521 ) can be exploited Vulnerability-related.DiscoverVulnerability by attackers to discover the password required to take over control of an affected device . “ The bug is exploitable remotely if the remote management option is set and can also be exploited Vulnerability-related.DiscoverVulnerability given access to the router over LAN or WLAN , ” he explained Vulnerability-related.DiscoverVulnerability . “ When trying to access the web panel a user is asked to authenticate , if the authentication is cancelled and password recovery is not enabled , the user is redirected to a page which exposes a password recovery token . If a user supplies the correct token to the page http : //router/passwordrecovered.cgi ? id=TOKEN ( and password recovery is not enabled ) , they will receive the admin password for the router ” . He discovered Vulnerability-related.DiscoverVulnerability the vulnerability almost a year ago , but revealed Vulnerability-related.DiscoverVulnerability it only now because Netgear has been slow to push out Vulnerability-related.PatchVulnerability fixed firmware for affected devices . “ In June [ 2016 ] Netgear published a notice that provided Vulnerability-related.PatchVulnerability a fix for a small subset of vulnerable routers and a workaround for the rest . They also made the commitment to working toward 100 % coverage for all affected routers , ” he noted . “ The notice has been updated several time since then and currently contains 31 vulnerable models , 18 of which are patched Vulnerability-related.PatchVulnerability now , and 2 models that they previously listed as vulnerable Vulnerability-related.DiscoverVulnerability , but are now listed as not vulnerable Vulnerability-related.DiscoverVulnerability . In fact , our tests show that one of the models listed as not vulnerable Vulnerability-related.DiscoverVulnerability ( DGN2200v4 ) is , in fact , vulnerable and this can easily be reproduced with the POC provided in our advisory ” . Trustwave found Vulnerability-related.DiscoverVulnerability over 10,000 remotely accessible vulnerable devices , and estimates that there are many more non-remotely accessible affected devices in use – possibly even a million .

Kaspersky Lab researchers have brought to light a series of attacks leveraged against 140+ banks and other businesses around the world . But what makes these attacks unusual is the criminals ’ use of widely used legitimate tools and fileless malware , which explains why the attacks went largely unnoticed . “ This threat was originally discovered Vulnerability-related.DiscoverVulnerability by a bank ’ s security team , after detecting Vulnerability-related.DiscoverVulnerability Meterpreter code inside the physical memory of a domain controller ( DC ) , ” the researchers explained Vulnerability-related.DiscoverVulnerability . “ Kaspersky Lab participated in the forensic analysis after this attack was detected , discovering Vulnerability-related.DiscoverVulnerability the use of PowerShell scripts within the Windows registry . Additionally it was discovered Vulnerability-related.DiscoverVulnerability that the NETSH utility as used for tunnelling traffic from the victim ’ s host to the attacker´s C2 ” . Meterpreter is a well known Metasploit payload that allows attackers to control the screen of a device using VNC and to browse , upload and download files . NETSH ( network shell ) , is a Windows command-line utility that allows local or remote configuration of network devices . The attackers also took advantage of the Windows SC utility to install a malicious service to execute PowerShell scripts , and Mimikatz to extract credentials from compromised machines .

Researchers at Trustwave are warning Vulnerability-related.DiscoverVulnerability of a hidden backdoor in VoIP devices produced by Chinese manufacturer DBL Technology which could allow access by the manufacturer or malicious third parties . The issue is with the authentication process , allowing a remote attacker to gain a shell with root privileges on an affected device , Trustwave researcher Neil Kettle explained Vulnerability-related.DiscoverVulnerability in a blog post . “ The Telnet interface of the GoIP is documented as providing information for users of the device through the use of logins ‘ ctlcmd ’ and ‘ limitsh ’ . However , an additional undocumented user , namely ‘ dbladm ’ is present which provides root level shell access on the device . Instead of a traditional password , this account is protected by a proprietary challenge-response authentication scheme , ” he explained . “ Investigation has shown this scheme to be fundamentally flawed in that it is not necessary for a remote user to possess knowledge of any secret besides the challenge itself and knowledge of the protocol/computation ” . This is apparently in contrast to more secure challenge-response schemes such as password-based log-ins where the user is asked for a password , which is then obscured to guard against “ network interception and replay attacks ” . The issue was first spotted Vulnerability-related.DiscoverVulnerability by Trustwave in an 8 port VoIP GSM Gateway from the company . However , it ’ s since been discovered Vulnerability-related.DiscoverVulnerability present in GoIP 1 , 4 , 8 , 16 and 32 and could affect Vulnerability-related.DiscoverVulnerability many more DBL Technology devices and OEM kit . More worryingly , when contacted last October , the firm did not fix Vulnerability-related.PatchVulnerability the issue . “ Verification of the patched version reveals that the challenge response mechanism is still present in the latest version albeit a little more complex . It seems DBL Technology engineers did not understand that the issue is the presence of a flawed challenge response mechanism and not the difficulty of reverse engineering it , ” explained Kettle . “ The main differences between the latest challenge response mechanism and the older variant is the level of complexity it employs : a simplistic MD5 with a linear equation changed to several 'round ' functions mixed with a modified version of the MD5 hash algorithm ”

Researchers from Fidelis Cybersecurity have unearthed Vulnerability-related.DiscoverVulnerability an “ interesting security issue ” involving the popular messaging app Telegram . One of the appeals of Telegram is that it has encryption options for Android and iOS , whereby it uses your contact list to prepopulate contacts inside the app . Also , when someone in your contact list signs up for Telegram , you receive a notification so you know you can contact them using the app . However , John Bambenek , threat systems manager , Fidelis Cybersecurity , revealed Vulnerability-related.DiscoverVulnerability that the combination of these features has allowed the firm to uncover Vulnerability-related.DiscoverVulnerability a big privacy problem . “ If a scammer signs up for Telegram and already has your phone number in their contact list , it will also notify them that you have also Telegram , ” he said . “ So in addition to connecting you to your friends and contacts , the app will also connect scammers directly to you . Likewise , if you have scammers ' numbers in your contact list for some reason , you will get push notifications when they join Telegram. ” What ’ s more , Bambenek explained Vulnerability-related.DiscoverVulnerability that this issue didn ’ t occur just once or twice , and on multiple occasions Fidelis observed Vulnerability-related.DiscoverVulnerability phone numbers associated with telemarketing scammers signed up to use Telegram . “ To complicate matters , we found no obvious way to prevent people from finding out if you are a Telegram user , ” he added . Further , Bambenek warned that it would not be difficult to come up with a way to find out if a phone number uses Telegram ( or many of the other popular mobile messaging/voice applications , for that matter ) , highlighting the following as uses for this insight by third parties : Intelligence agencies consider the use of such services as a `` risk factor '' when deciding on surveillance targets . Border control officials could detect the use of such services during border crossing interviews , and conclude that the user has something to hide . Criminals could use the knowledge that a user is on such a service to target them . “ Encrypted messaging and voice applications create a new surface area for attacks to unfold and should not be entirely trusted , ” Bambenek continued . “ While these apps may be a great benefit to privacy , they shouldn ’ t be trusted any more than unencrypted calls . These systems do protect against spoofing , but if you have unknown callers on such applications , due caution is still required. ” However , Chris Boyd , lead malware analyst at Malwarebytes , was quick to point out that all VoiP and regular chat apps have the ability for strangers to add you to their contact list , depending on security settings , adding : “ Whether people add themselves to your Telegram , Skype or even plain old Instant Messaging services , the same ground rules apply : try to ensure that they are who they say they are before revealing too much information . If in doubt , contact your associate directly using another service – just like you would if sent a ‘ stranded with no money in a foreign land ’ message on Facebook , ” he told Infosecurity .