Researchers foundVulnerability-related.DiscoverVulnerabilitythree vulnerabilities in Foscam connected security cameras that could enable a bad actor to gain root access knowing only the camera ’ s IP address . Foscam is urging customers to updateVulnerability-related.PatchVulnerabilitytheir security cameras after researchers foundVulnerability-related.DiscoverVulnerabilitythree vulnerabilities in that could enable a bad actor to gain root access knowing only the camera ’ s IP address . The vulnerability trifecta includes an arbitrary file-deletion bug , a shell command-injection flaw and a stack-based buffer overflow vulnerability according to the researchers at VDOO who foundVulnerability-related.DiscoverVulnerabilitythe flaws . The proof-of-concept attack revolved around a process in the cameras called webService , which receives requests from servers and can be used to verify the user ’ s credentials , if necessary , and run the handler for the desired API command . To launch an attack , an attacker would have to obtainAttack.Databreachthe camera ’ s IP address or DNS name . Generally if the camera is configured so that it has direct interface to the internet , its address might be exposedAttack.Databreachto certain internet scanners . The PoC attacker then crashed the webService process by exploiting the stack-based buffer overflow vulnerability ( CVE-2018-6832 ) . After it crashes , the webService process automatically restarts via the watchdog daemon ( which restarts important processes after they ’ re terminated ) , and during the process reload , an attacker could leverage a second flaw , the arbitrary file-deletion vulnerability ( CVE-2018-6830 ) , to delete certain critical files . This will result in authentication bypass when the webService process reloads ; so that the bad actor is able to gain administrative credentials . From there , an attacker could use the third vuln ( CVE-2018-6831 ) to execute root commands . This bug is a shell command-injection vulnerability that requires administrator credentials . “ Since the adversary gained administrator credentials in the previous stage , he can now use this vulnerability to execute commands as the root user for privilege escalation , ” researchers said . The Internet of Things continues to post a significant problem as many connected devices lack proper security controls . The 2016 Mirai botnet attack , which was orchestrated as a distributed denial of service attack through 300,000 vulnerable IoT devices like webcams , routers and video recorders , showed just how big of an impact the lack of IoT security has . The patches also come afterVulnerability-related.PatchVulnerabilityreports of a hacked baby camera emerged last week , when a woman from South Carolina said a stranger hacked into her baby monitor to spy on her and her family . These IoT security incidents show not only that connected products are highly vulnerable to security hacks , but also that such hacks could mean a complete invasion of privacy at the most personal level . Foscam , for its part , urged customers to upgradeVulnerability-related.PatchVulnerabilitytheir cameras as soon as possible , saying that “ the latest firmware for Foscam cameras utilizes protection against various types of online hacking and unauthorized access. ” It added , “ Foscam is fully committed to maintaining the safety and integrity of our user experience and will take all action reasonably necessary to ensure the privacy and security of our cameras . ”
Researchers foundVulnerability-related.DiscoverVulnerabilitythree vulnerabilities in Foscam connected security cameras that could enable a bad actor to gain root access knowing only the camera ’ s IP address . Foscam is urging customers to updateVulnerability-related.PatchVulnerabilitytheir security cameras after researchers foundVulnerability-related.DiscoverVulnerabilitythree vulnerabilities in that could enable a bad actor to gain root access knowing only the camera ’ s IP address . The vulnerability trifecta includes an arbitrary file-deletion bug , a shell command-injection flaw and a stack-based buffer overflow vulnerability according to the researchers at VDOO who foundVulnerability-related.DiscoverVulnerabilitythe flaws . The proof-of-concept attack revolved around a process in the cameras called webService , which receives requests from servers and can be used to verify the user ’ s credentials , if necessary , and run the handler for the desired API command . To launch an attack , an attacker would have to obtainAttack.Databreachthe camera ’ s IP address or DNS name . Generally if the camera is configured so that it has direct interface to the internet , its address might be exposedAttack.Databreachto certain internet scanners . The PoC attacker then crashed the webService process by exploiting the stack-based buffer overflow vulnerability ( CVE-2018-6832 ) . After it crashes , the webService process automatically restarts via the watchdog daemon ( which restarts important processes after they ’ re terminated ) , and during the process reload , an attacker could leverage a second flaw , the arbitrary file-deletion vulnerability ( CVE-2018-6830 ) , to delete certain critical files . This will result in authentication bypass when the webService process reloads ; so that the bad actor is able to gain administrative credentials . From there , an attacker could use the third vuln ( CVE-2018-6831 ) to execute root commands . This bug is a shell command-injection vulnerability that requires administrator credentials . “ Since the adversary gained administrator credentials in the previous stage , he can now use this vulnerability to execute commands as the root user for privilege escalation , ” researchers said . The Internet of Things continues to post a significant problem as many connected devices lack proper security controls . The 2016 Mirai botnet attack , which was orchestrated as a distributed denial of service attack through 300,000 vulnerable IoT devices like webcams , routers and video recorders , showed just how big of an impact the lack of IoT security has . The patches also come afterVulnerability-related.PatchVulnerabilityreports of a hacked baby camera emerged last week , when a woman from South Carolina said a stranger hacked into her baby monitor to spy on her and her family . These IoT security incidents show not only that connected products are highly vulnerable to security hacks , but also that such hacks could mean a complete invasion of privacy at the most personal level . Foscam , for its part , urged customers to upgradeVulnerability-related.PatchVulnerabilitytheir cameras as soon as possible , saying that “ the latest firmware for Foscam cameras utilizes protection against various types of online hacking and unauthorized access. ” It added , “ Foscam is fully committed to maintaining the safety and integrity of our user experience and will take all action reasonably necessary to ensure the privacy and security of our cameras . ”
Researchers foundVulnerability-related.DiscoverVulnerabilitythree vulnerabilities in Foscam connected security cameras that could enable a bad actor to gain root access knowing only the camera ’ s IP address . Foscam is urging customers to updateVulnerability-related.PatchVulnerabilitytheir security cameras after researchers foundVulnerability-related.DiscoverVulnerabilitythree vulnerabilities in that could enable a bad actor to gain root access knowing only the camera ’ s IP address . The vulnerability trifecta includes an arbitrary file-deletion bug , a shell command-injection flaw and a stack-based buffer overflow vulnerability according to the researchers at VDOO who foundVulnerability-related.DiscoverVulnerabilitythe flaws . The proof-of-concept attack revolved around a process in the cameras called webService , which receives requests from servers and can be used to verify the user ’ s credentials , if necessary , and run the handler for the desired API command . To launch an attack , an attacker would have to obtainAttack.Databreachthe camera ’ s IP address or DNS name . Generally if the camera is configured so that it has direct interface to the internet , its address might be exposedAttack.Databreachto certain internet scanners . The PoC attacker then crashed the webService process by exploiting the stack-based buffer overflow vulnerability ( CVE-2018-6832 ) . After it crashes , the webService process automatically restarts via the watchdog daemon ( which restarts important processes after they ’ re terminated ) , and during the process reload , an attacker could leverage a second flaw , the arbitrary file-deletion vulnerability ( CVE-2018-6830 ) , to delete certain critical files . This will result in authentication bypass when the webService process reloads ; so that the bad actor is able to gain administrative credentials . From there , an attacker could use the third vuln ( CVE-2018-6831 ) to execute root commands . This bug is a shell command-injection vulnerability that requires administrator credentials . “ Since the adversary gained administrator credentials in the previous stage , he can now use this vulnerability to execute commands as the root user for privilege escalation , ” researchers said . The Internet of Things continues to post a significant problem as many connected devices lack proper security controls . The 2016 Mirai botnet attack , which was orchestrated as a distributed denial of service attack through 300,000 vulnerable IoT devices like webcams , routers and video recorders , showed just how big of an impact the lack of IoT security has . The patches also come afterVulnerability-related.PatchVulnerabilityreports of a hacked baby camera emerged last week , when a woman from South Carolina said a stranger hacked into her baby monitor to spy on her and her family . These IoT security incidents show not only that connected products are highly vulnerable to security hacks , but also that such hacks could mean a complete invasion of privacy at the most personal level . Foscam , for its part , urged customers to upgradeVulnerability-related.PatchVulnerabilitytheir cameras as soon as possible , saying that “ the latest firmware for Foscam cameras utilizes protection against various types of online hacking and unauthorized access. ” It added , “ Foscam is fully committed to maintaining the safety and integrity of our user experience and will take all action reasonably necessary to ensure the privacy and security of our cameras . ”
Mozilla releasedVulnerability-related.PatchVulnerabilitynine fixes in its Wednesday launch of Firefox 62 for Windows , Mac and Android – including one for a critical glitch that could enable attackers to run arbitrary code . Overall , the latest version of the Firefox browser includedVulnerability-related.PatchVulnerabilityfixes for the critical issue , three high-severity flaws , two moderate problems and three low-severity vulnerabilities . Topping the list is a memory safety bug ( CVE-2018-12376 ) , discoveredVulnerability-related.DiscoverVulnerabilityby a number of Mozilla developers and community members . A critical impact bug means the vulnerability can be used to run attacker code and install software , requiring no user interaction beyond normal browsing , according to Mozilla . The memory safety problem , which exists inVulnerability-related.DiscoverVulnerabilityFirefox 61 and Firefox ESR 60 , meets these criteria , researchers saidVulnerability-related.DiscoverVulnerability. Mozilla didn ’ t release further details , but it did assign one CVEVulnerability-related.DiscoverVulnerabilityto represent multiple similar issues . In addition to the memory safety bug ( s ) , Mozilla also fixedVulnerability-related.PatchVulnerabilitythree high-severity vulnerabilities in its latest update . These include a use-after-free glitch in refresh driver timers ( CVE-2018-12377 ) , which power browser-page refreshes . Another high-severity bug ( CVE-2018-12378 ) is a use-after-free vulnerability that occursVulnerability-related.DiscoverVulnerabilitywhen an IndexedDB index ( a low-level API for client-side storage of significant amounts of structured data ) is deleted while still in use by JavaScript code providing payload values . “ This results in a potentially exploitable crash , ” the advisory said . Mozilla developers and community members also foundVulnerability-related.DiscoverVulnerabilitya memory-safety bug ( CVE-2018-12375 ) in Firefox 61 , which showed evidence of memory corruption and could be exploitedVulnerability-related.DiscoverVulnerabilityto run arbitrary code , according to the advisory . The moderate and low-severity fixes that were deployedVulnerability-related.PatchVulnerabilityin Firefox 62 include patches for an out-of-bounds write flaw ( triggered when the Mozilla Updater opens a MAR format file that contains a very long item filename ) ; and a proxy bypass glitch in the browser ’ s proxy settings . Firefox 62 for desktop is availableVulnerability-related.PatchVulnerabilityfor download on Mozilla ’ s website .
Tavis Ormandy , a Google Project Zero security researcher , has revealedVulnerability-related.DiscoverVulnerabilitydetails about a new major vulnerability discoveredVulnerability-related.DiscoverVulnerabilityin Ghostscript , an interpreter for Adobe 's PostScript and PDF page description languages . Ghostscript is by far the most widely used solution of its kind . The Ghostscript interpreter is embedded in hundreds of software suites and coding libraries that allow desktop software and web servers to handle PostScript and PDF-based documents . Exploiting the bug Ormandy discoveredVulnerability-related.DiscoverVulnerabilityrequires that an attacker sends a malformed PostScript , PDF , EPS , or XPS file to a victim . Once the file reaches the Ghostscript interpreter , the malicious code contained within will execute an attacker 's desired on that machine . The vulnerability , which has not received a CVEVulnerability-related.DiscoverVulnerabilityidentifier just yet , allows an attacker to take over applications and servers that use vulnerable versions of Ghostscript . At the time of writing , there is no fix availableVulnerability-related.PatchVulnerability. By far , the most affected projects are the ImageMagick image processing library , but also many Linux distros where this library ships by default . RedHat and Ubuntu have already confirmed they are affected , according to a CERT/CC security advisory released today . `` I * strongly * suggest that [ Linux ] distributions start disabling PS , EPS , PDF and XPS coders in [ ImageMagick 's ] policy.xml by default , '' Ormandy said . Because of Ghostscript 's broad adoption in the web dev and software dev communities , Ormandy has had his eyes set on Ghostscript for the past few years . He discoveredVulnerability-related.DiscoverVulnerabilitysimilar high severity issues affectingVulnerability-related.DiscoverVulnerabilityGhostscript in 2016 and again in 2017 . The vulnerability he foundVulnerability-related.DiscoverVulnerabilityin 2017 —CVE-2017-8291— was adopted by North Korean hackers , who used it to break into South Korean cryptocurrency exchanges , steal funds , and later plant false flags in an attempt to pin the hacks on Chinese-speaking threat actors . Because of Ghostscript 's wide adoption , any bugs , and especially those that lead to remote code execution , are highly sought-after by any threat actor .
A Russian vulnerability researcher and exploit developer has publishedVulnerability-related.DiscoverVulnerabilitydetailed information about a zero-day vulnerability in VirtualBox . His explanations include step-by-step instructions for exploiting the bug . According to the initial details in the disclosureVulnerability-related.DiscoverVulnerability, the issue is presentVulnerability-related.DiscoverVulnerabilityin a shared code base of the virtualization software , available on all supported operating systems . ExploitingVulnerability-related.DiscoverVulnerabilitythe vulnerability allows an attacker to escape the virtual environment of the guest machine and reach the Ring 3 privilege layer , used for running code from most user programs , with the least privileges . Turning one `` overflow '' into another Sergey Zelenyuk foundVulnerability-related.DiscoverVulnerabilitythat the security bug can be leveraged on virtual machines configured with the Intel PRO/1000 MT Desktop ( 82540EM ) network adapter in Network Address Translation ( NAT ) mode , the default setup that allows the guest system to access external networks . `` The [ Intel PRO/1000 MT Desktop ( 82540EM ) ] has a vulnerability allowing an attacker with root/administrator privileges in a guest to escape to a host ring3 . Then the attacker can use existing techniques to escalate privileges to ring 0 via /dev/vboxdrv , '' Zelenyuk writesVulnerability-related.DiscoverVulnerabilityin a technical write-up on Tuesday . Zelenyuk says that an important aspect in getting how the vulnerability works is to understand that context descriptors are processed before data descriptors . The researcher describes the mechanics behind the security flaw in detail , showing how to trigger the necessary conditions to obtain a buffer overflow that could be abused to escape the confinements of the virtual operating system . First , he caused an integer underflow condition using packet descriptors - data segments that allow the network adapter to track network packet data in the system memory . This state was then leveraged to read data from the guest OS to into a heap buffer and cause an overflow condition that could lead to overwriting function pointers ; or to cause a stack overflow condition .
A flaw in Safari – that allows an attacker to spoofAttack.Phishingwebsites and trickAttack.Phishingvictims into handing over their credentials – has yet to be patchedVulnerability-related.PatchVulnerability. A browser address bar spoofing flaw was foundVulnerability-related.DiscoverVulnerabilityby researchers this week in Safari – and Apple has yet issueVulnerability-related.PatchVulnerabilitya patch for the flaw . Researcher Rafay Baloch on Monday disclosedVulnerability-related.DiscoverVulnerabilitytwo proof-of-concepts revealingVulnerability-related.DiscoverVulnerabilityhow vulnerabilities in Edge browser 42.17134.1.0 and Safari iOS 11.3.1 could be abused to manipulate the browsers ’ address bars , tricking victims into thinking they are visiting a legitimate website . Baloch told Threatpost Wednesday that Apple has promised to fixVulnerability-related.PatchVulnerabilitythe flaw in its next security update for Safari . “ Apple has told [ me ] that the latest beta of iOS 12 also addressesVulnerability-related.PatchVulnerabilitythe issue , however they haven ’ t provided any dates , ” he said . Apple did not respond to multiple requests for comment from Threatpost . Microsoft for its part has fixedVulnerability-related.PatchVulnerabilitythe vulnerability Baloch foundVulnerability-related.DiscoverVulnerabilityin the Edge browser , ( CVE-2018-8383 ) in its August Patch Tuesday release . According to Microsoft ’ s vulnerability advisory releasedVulnerability-related.PatchVulnerabilityAugust 14 , the spoofing flaw exists because Edge does not properly parse HTTP content . Both flaws stem from the Edge and Safari browsers allowing JavaScript to update the address bar while the page is still loading . This means that an attacker could request data from a non-existent port and , due to the delay induced by the setInterval function , trigger the address bar spoofing . The browser would then preserve the address bar and load the content from the spoofed page , Baloch said in his blog breaking down both vulnerabilities . From there , the attacker could spoofAttack.Phishingthe website , using it to lureAttack.Phishingin victims and potentially gather credentials or spread malware . For instance , the attacker could sendAttack.Phishingan email message containing the specially crafted URL to the user , convince the user to click it , and take them to the link which could gather their credentials or sensitive information . “ As per Google , Address bar is the only reliable indicator for ensuring the identity of the website , if the Address bar points to Facebook.com and the content is hosted on attacker ’ s website , there is no reason why someone would not fall for this , ” Baloch told Threatpost . In a video demonstration , Baloch showed how he could visit a link for the vulnerable browser on Edge ( http : //sh3ifu [ . ] com/bt/Edge-Spoof.html ) , which would take him to a site purporting to beAttack.PhishingGmail login . However , while the URL points to a Gmail address , the content is hosted on sh3ifu.com , said Baloch . The Safari proof-of-concept is similar , except for one constraint where it does not allow users to type their information into the input boxes while the page is in a loading state . However , Bolach said he was able to circumvent this restriction by injecting a fake keyboard using Javascript – a common practice in banking sites . No other browsers – including Chrome or Firefox – were discoveredVulnerability-related.DiscoverVulnerabilityto have the flaw , said Baloch . Baloch is known for discoveringVulnerability-related.DiscoverVulnerabilitysimilar vulnerabilities in Chrome , Firefox and other major browsers in 2016 , which also allowed attackers to spoof URLs in the address bar . The vulnerabilities were disclosedVulnerability-related.DiscoverVulnerabilityto both Microsoft and Apple and Baloch gave both a 90-day deadline before he went publicVulnerability-related.DiscoverVulnerabilitywith the flaws . Due to the Safari browser bug being unpatchedVulnerability-related.PatchVulnerability, Baloch said he has not yet released a Proof of Concept : “ However considering there is a slight difference between the Edge browser POC and Safari , anyone with decent knowledge of Javascript can make it work on Safari , ” he told us .
EOS has tweeted to confirm that it has patchedVulnerability-related.PatchVulnerability“ most ” of the reported bugs and is “ working hard ” on the remainder . It expects the mainnet launch to stay on schedule . Qihoo 360 , a China-based internet security firm , says it has notifiedVulnerability-related.DiscoverVulnerabilitythe EOS blockchain project about “ a series of epic vulnerabilities ” discoveredVulnerability-related.DiscoverVulnerabilityon its platform . The firm said in a Tuesday reportVulnerability-related.DiscoverVulnerabilitythat loopholes foundVulnerability-related.DiscoverVulnerabilityin the EOS platform could expose nodes on the network to attackers , giving them the ability to execute code remotely and take “ full control ” of transactions . The firm claims that such an attack could potentially “ decimate ” the entire cryptocurrency network . Qihoo 360 went on to explain that bad actors would be able to attack the network by constructing and publishing smart contracts containing malicious code on the EOS mainnet and have EOS supernodes pack them into new blocks . Subsequently the code would affect all nodes on the network , including those of cryptocurrency wallets and exchanges , letting the attackers gain control of private keys to cryptocurrency transactions . While EOS has not yet made any public comment on the issue , Qihoo 360 said in another blog update that the project ’ s lead developer , Daniel Larimer , was notifiedVulnerability-related.DiscoverVulnerabilityof the issues and that he has since saidVulnerability-related.DiscoverVulnerabilitythe vulnerabilities – identified as issue number 3498 on Github – have been fixedVulnerability-related.PatchVulnerability. “ If any of these asserts trigger in release it shouldn ’ t pass , but should throw . Allowing the code to continue running in release is a potential security vulnerability and will likely result in crashes elsewhere , ” Larimer wrote on the Github page . Meanwhile , Larimer has today appealed for more external assistance in identifyingVulnerability-related.DiscoverVulnerabilitycritical bugs in the system with the project ’ s mainnet launch just days away .
Cisco patchesVulnerability-related.PatchVulnerabilitya severe flaw in switch deployment software that can be attacked with crafted messages sent to a port that 's open by default . Cisco has releasedVulnerability-related.PatchVulnerabilitypatches for 34 vulnerabilities mostly affectingVulnerability-related.DiscoverVulnerabilityits IOS and IOS XE networking software , including three critical remote code execution security bugs . Perhaps the most serious issue Cisco has releasedVulnerability-related.PatchVulnerabilitya patch for is critical bug CVE-2018-0171 affectingVulnerability-related.DiscoverVulnerabilitySmart Install , a Cisco client for quickly deploying new switches for Cisco IOS Software and Cisco IOS XE Software . A remote unauthenticated attacker can exploit a flaw in the client to reload an affected device and cause a denial of service or execute arbitrary code . Embedi , the security firm that foundVulnerability-related.DiscoverVulnerabilitythe flaw , initially believed it could only be exploitedVulnerability-related.DiscoverVulnerabilitywithin an enterprise 's network . However , it foundVulnerability-related.DiscoverVulnerabilitymillions of affected devices exposed on the internet . `` Because in a securely configured network , Smart Install technology participants should not be accessible through the internet . But scanning the internet has shown that this is not true , '' wrote Embedi . `` During a short scan of the internet , we detected 250,000 vulnerable devices and 8.5 million devices that have a vulnerable port open . '' Smart Install is supported by a broad range of Cisco routers and switches . The high number of devices with an open port is probably because the Smart Install client 's port TCP 4786 is open by default . This situation is overlooked by network admins , Embedi said . The company has also publishedVulnerability-related.DiscoverVulnerabilityproof-of-concept exploit code , so it probably will be urgent for admins to patchVulnerability-related.PatchVulnerability. An attacker can exploit the bug by sendingAttack.Phishinga crafted Smart Install message to these devices on TCP port 4786 , according to Cisco . Embedi discoveredVulnerability-related.DiscoverVulnerabilitythe flaw last year , landing it an award at the GeekPwn conference in Hong Kong last May , and reportedVulnerability-related.DiscoverVulnerabilityit to Cisco in September . Cisco 's internal testing also turned upVulnerability-related.DiscoverVulnerabilitya critical issue in its IOS XE software , CVE-2018-0150 , due to an undocumented user account that has a default username and password . Cisco warnsVulnerability-related.DiscoverVulnerabilitythat an attacker could use this account to remotely connect to a device running the software . Cisco engineers also foundVulnerability-related.DiscoverVulnerabilityCVE-2018-0151 , a remote code execution bug in the QoS subsystem of IOS and IOS XE . `` The vulnerability is due to incorrect bounds checking of certain values in packets that are destined for UDP port 18999 of an affected device . An attacker could exploit this vulnerability by sending malicious packets to an affected device , '' writes Cisco . All three bugs were given a CVSS score of 9.8 out of 10 .
Cisco patchesVulnerability-related.PatchVulnerabilitya severe flaw in switch deployment software that can be attacked with crafted messages sent to a port that 's open by default . Cisco has releasedVulnerability-related.PatchVulnerabilitypatches for 34 vulnerabilities mostly affectingVulnerability-related.DiscoverVulnerabilityits IOS and IOS XE networking software , including three critical remote code execution security bugs . Perhaps the most serious issue Cisco has releasedVulnerability-related.PatchVulnerabilitya patch for is critical bug CVE-2018-0171 affectingVulnerability-related.DiscoverVulnerabilitySmart Install , a Cisco client for quickly deploying new switches for Cisco IOS Software and Cisco IOS XE Software . A remote unauthenticated attacker can exploit a flaw in the client to reload an affected device and cause a denial of service or execute arbitrary code . Embedi , the security firm that foundVulnerability-related.DiscoverVulnerabilitythe flaw , initially believed it could only be exploitedVulnerability-related.DiscoverVulnerabilitywithin an enterprise 's network . However , it foundVulnerability-related.DiscoverVulnerabilitymillions of affected devices exposed on the internet . `` Because in a securely configured network , Smart Install technology participants should not be accessible through the internet . But scanning the internet has shown that this is not true , '' wrote Embedi . `` During a short scan of the internet , we detected 250,000 vulnerable devices and 8.5 million devices that have a vulnerable port open . '' Smart Install is supported by a broad range of Cisco routers and switches . The high number of devices with an open port is probably because the Smart Install client 's port TCP 4786 is open by default . This situation is overlooked by network admins , Embedi said . The company has also publishedVulnerability-related.DiscoverVulnerabilityproof-of-concept exploit code , so it probably will be urgent for admins to patchVulnerability-related.PatchVulnerability. An attacker can exploit the bug by sendingAttack.Phishinga crafted Smart Install message to these devices on TCP port 4786 , according to Cisco . Embedi discoveredVulnerability-related.DiscoverVulnerabilitythe flaw last year , landing it an award at the GeekPwn conference in Hong Kong last May , and reportedVulnerability-related.DiscoverVulnerabilityit to Cisco in September . Cisco 's internal testing also turned upVulnerability-related.DiscoverVulnerabilitya critical issue in its IOS XE software , CVE-2018-0150 , due to an undocumented user account that has a default username and password . Cisco warnsVulnerability-related.DiscoverVulnerabilitythat an attacker could use this account to remotely connect to a device running the software . Cisco engineers also foundVulnerability-related.DiscoverVulnerabilityCVE-2018-0151 , a remote code execution bug in the QoS subsystem of IOS and IOS XE . `` The vulnerability is due to incorrect bounds checking of certain values in packets that are destined for UDP port 18999 of an affected device . An attacker could exploit this vulnerability by sending malicious packets to an affected device , '' writes Cisco . All three bugs were given a CVSS score of 9.8 out of 10 .
Cisco patchesVulnerability-related.PatchVulnerabilitya severe flaw in switch deployment software that can be attacked with crafted messages sent to a port that 's open by default . Cisco has releasedVulnerability-related.PatchVulnerabilitypatches for 34 vulnerabilities mostly affectingVulnerability-related.DiscoverVulnerabilityits IOS and IOS XE networking software , including three critical remote code execution security bugs . Perhaps the most serious issue Cisco has releasedVulnerability-related.PatchVulnerabilitya patch for is critical bug CVE-2018-0171 affectingVulnerability-related.DiscoverVulnerabilitySmart Install , a Cisco client for quickly deploying new switches for Cisco IOS Software and Cisco IOS XE Software . A remote unauthenticated attacker can exploit a flaw in the client to reload an affected device and cause a denial of service or execute arbitrary code . Embedi , the security firm that foundVulnerability-related.DiscoverVulnerabilitythe flaw , initially believed it could only be exploitedVulnerability-related.DiscoverVulnerabilitywithin an enterprise 's network . However , it foundVulnerability-related.DiscoverVulnerabilitymillions of affected devices exposed on the internet . `` Because in a securely configured network , Smart Install technology participants should not be accessible through the internet . But scanning the internet has shown that this is not true , '' wrote Embedi . `` During a short scan of the internet , we detected 250,000 vulnerable devices and 8.5 million devices that have a vulnerable port open . '' Smart Install is supported by a broad range of Cisco routers and switches . The high number of devices with an open port is probably because the Smart Install client 's port TCP 4786 is open by default . This situation is overlooked by network admins , Embedi said . The company has also publishedVulnerability-related.DiscoverVulnerabilityproof-of-concept exploit code , so it probably will be urgent for admins to patchVulnerability-related.PatchVulnerability. An attacker can exploit the bug by sendingAttack.Phishinga crafted Smart Install message to these devices on TCP port 4786 , according to Cisco . Embedi discoveredVulnerability-related.DiscoverVulnerabilitythe flaw last year , landing it an award at the GeekPwn conference in Hong Kong last May , and reportedVulnerability-related.DiscoverVulnerabilityit to Cisco in September . Cisco 's internal testing also turned upVulnerability-related.DiscoverVulnerabilitya critical issue in its IOS XE software , CVE-2018-0150 , due to an undocumented user account that has a default username and password . Cisco warnsVulnerability-related.DiscoverVulnerabilitythat an attacker could use this account to remotely connect to a device running the software . Cisco engineers also foundVulnerability-related.DiscoverVulnerabilityCVE-2018-0151 , a remote code execution bug in the QoS subsystem of IOS and IOS XE . `` The vulnerability is due to incorrect bounds checking of certain values in packets that are destined for UDP port 18999 of an affected device . An attacker could exploit this vulnerability by sending malicious packets to an affected device , '' writes Cisco . All three bugs were given a CVSS score of 9.8 out of 10 .
Researchers at cybersecurity company Check Point have today shared detailsVulnerability-related.DiscoverVulnerabilityof a vulnerability in DJI ’ s infrastructure that could have given hackers access to consumer and corporate user accounts , personal data , flight logs , photos , videos , and – if the user was flying with DJI ’ s FlightHub application – a live camera feed and map during missions . Check Point submitted a reportVulnerability-related.DiscoverVulnerabilityto DJI ’ s Bug Bounty Program , highlighting a process in which an attacker could have gained access to a user ’ s account through a vulnerability discoveredVulnerability-related.DiscoverVulnerabilityin the user identification process within DJI Forum . Check Point ’ s researchers foundVulnerability-related.DiscoverVulnerabilitythat DJI ’ s various platforms used a token to identify registered users across different aspects of the customer experience . Hackers could plant malicious links that would compromise accounts within that framework . In a blog post outlining their investigation , Check Point explained the process of a possible exploit : The vulnerability was accessed through DJI Forum , an online forum DJI runs for discussions about its products . A user who logged into DJI Forum , then clicked a specially-planted malicious link , could have had his or her login credentials stolenAttack.Databreachto allow access to other DJI online assets : DJI ’ s web platform ( account , store , forum ) Cloud server data synced from DJI ’ s GO or GO 4 pilot apps DJI ’ s FlightHub ( centralized drone operations management platform ) We notifiedVulnerability-related.DiscoverVulnerabilityDJI about this vulnerability in March 2018 and DJI respondedVulnerability-related.DiscoverVulnerabilityresponsibly . The vulnerability has since been patchedVulnerability-related.PatchVulnerability. DJI classifiedVulnerability-related.DiscoverVulnerabilitythis vulnerability as high risk but low probability , and indicated there is no evidence this vulnerability was ever exploitedVulnerability-related.DiscoverVulnerabilityby anyone other than Check Point researchers . Check Point even made a Mission Impossible-style trailer for their findings , which is… interesting .
A flaw in certificate pinning exposed customers of a number of high-profile banks to man-in-the-middle attacks on both iOS and Android devices . A vulnerability in the mobile apps of major banks could have allowed attackers to stealAttack.Databreachcustomers ' credentials including usernames , passwords , and pin codes , according to researchers . The flaw was foundVulnerability-related.DiscoverVulnerabilityin apps by HSBC , NatWest , Co-op , Santander , and Allied Irish bank . The banks in question have now all updatedVulnerability-related.PatchVulnerabilitytheir apps to protect against the flaw . UncoveredVulnerability-related.DiscoverVulnerabilityby researchers in the Security and Privacy Group at the University of Birmingham , the vulnerability allows an attacker who is on the same network as the victim to perform a man-in-the-middle attack and steal information . The vulnerability lay inVulnerability-related.DiscoverVulnerabilitythe certificate pinning technology , a security mechanism used to prevent impersonation attacks and use of fraudulent certificates by only accepting certificates signed by a single pinned CA root certificate . While certificate pinning usually improves security , a tool developed by the researchers to perform semi-automated security-testing of mobile apps found that a flaw in the technology meant standard tests failed to detect attackers trying to take control of a victim 's online banking . As a result , certificate pinning can hide the lack of proper hostname verification , enabling man-in-the-middle attacks . The findings have been outlinedVulnerability-related.DiscoverVulnerabilityin a research paper and presentedVulnerability-related.DiscoverVulnerabilityat the Annual Computer Security Applications Conference in Orlando , Florida . The tool was run on 400 security critical apps in total , leading to the discoveryVulnerability-related.DiscoverVulnerabilityof the flaw . Tests foundVulnerability-related.DiscoverVulnerabilityapps from some of the largest banks contained the flaw which , if exploitedVulnerability-related.DiscoverVulnerability, could have enabled attackers to decrypt , view , and even modify network traffic from users of the app . That could allow them to view information entered and perform any operation that app can usually perform -- such as making payments or transferring of funds . Other attacks allowed hackers to perform in-app phishing attacksAttack.Phishingagainst Santander and Allied Irish bank users , allowing attackers to take over part of the screen while the app was running and stealAttack.Databreachthe entered credentials . The researchers have worked with the National Cyber Security Centre and all the banks involved to fixVulnerability-related.PatchVulnerabilitythe vulnerabilities , noting that the current version of all the apps affectedVulnerability-related.DiscoverVulnerabilityby the pinning vulnerability are now secure . A University of Birmingham spokesperson told ZDNet all the banks were highly cooperative : `` once this was flagged to them they did work with the team to amend it swiftly . ''
A Google Project Zero researcher has published a macOS exploit to demonstrate that Apple is exposing its users to security risks by patchingVulnerability-related.PatchVulnerabilityserious flaws in iOS but not revealing the fact until it fixesVulnerability-related.PatchVulnerabilitythe same bugs in macOS a week later . This happened during Apple 's updateVulnerability-related.PatchVulnerabilityfor critical flaws in iOS 12 , tvOS 12 and Safari 12 on September 17 . A Wayback Machine snapshot of the original advisory does n't mentionVulnerability-related.DiscoverVulnerabilityany of the bugs that Project Zero researcher Ivan Fratric had reportedVulnerability-related.DiscoverVulnerabilityto Apple , and which were actually fixedVulnerability-related.PatchVulnerability. Then , a week later , after Apple patchedVulnerability-related.PatchVulnerabilitythe same bugs in macOS , the company updatedVulnerability-related.PatchVulnerabilityits original advisory with details about the nine flaws that Fratric had reportedVulnerability-related.DiscoverVulnerability, six of which affectedVulnerability-related.DiscoverVulnerabilitySafari . The update fixedVulnerability-related.PatchVulnerabilitya Safari bug that allowed arbitrary code execution on macOS if a vulnerable version of Safari browsed to a website hosting an exploit for the bugs . While Fratric concedes that Apple is probably concealingVulnerability-related.PatchVulnerabilitythe fix in iOS to buy time to patchVulnerability-related.PatchVulnerabilitymacOS , he argues the end result is that people may ignore an important security update because they were n't properly informed by Apple in the security advisory . `` This practice is misleading because customers interested in the Apple security advisories would most likely read them only once , when they are first released and the impression they would get is that the product updates fix far fewer vulnerabilities and less severe vulnerabilities than is actually the case . '' Even worse , a skilled attacker could use the update for iOS to reverse-engineer a patch , develop an exploit for macOS , and then deploy it against a macOS user-base that does n't have a patch . Users also do n't know that Apple has released information that could make their systems vulnerable to attack . Fratric developed an exploit for one of the Safari bugs he reported and publishedVulnerability-related.DiscoverVulnerabilitythe attack on Thursday . The bugs were all foundVulnerability-related.DiscoverVulnerabilityusing a publicly available fuzzing tool he developed , called Domato , meaning anyone else , including highly advanced attackers , could use it too . `` If a public tool was able to find that many bugs , it is expected that private ones might be even more successful , '' he noted . He was n't aiming to write a reliable or sophisticated exploit , but the bug is useful enough for a skilled exploit writer to develop an attack to spread malware and `` potentially do a lot of damage even with an unreliable exploit '' . Fratric said he successfully tested the exploit on Mac OS 10.13.6 High Sierra , build version 17G65 . `` If you are still using this version , you might want to update , '' noted Fratric . On the upside , it appears Apple and its Safari WebKit team have improved the security of the browser compared with the results of Fratric 's Domato fuzzing efforts last year , which turned up way more bugs in Safari than in Chrome , Internet Explorer , and Edge . Last year he foundVulnerability-related.DiscoverVulnerability17 Safari flaws using the fuzzing tool . His final word of warning is not to discount any of the bugs he found just because no one 's seen them being attacked in the wild . `` While it is easy to brush away such bugs as something we have n't seen actual attackers use , that does n't mean it 's not happening or that it could n't happen , '' the researcher noted .
When it comes to fixingVulnerability-related.PatchVulnerabilitysecurity vulnerabilities , it should be clear by now that words only count when they ’ re swiftly followed by actions . Ask peripherals maker Logitech , which last week became the latest company to find itself on the receiving end of an embarrassing public flaw disclosureVulnerability-related.DiscoverVulnerabilityby Google ’ s Project Zero team . In September , Project Zero researcher Tavis Ormandy installed Logitech ’ s Options application for Windows ( available separately for Mac ) , used to customise buttons on the company ’ s keyboards , mice , and touchpads . Pretty quickly , he noticedVulnerability-related.DiscoverVulnerabilitysome problems with the application ’ s design , starting with the fact that it… opens a websocket server on port 10134 that any website can connect to , and has no origin checking at all . Websockets simplify the communication between a client and a server and , unlike HTTP , make it possible for servers to send data to clients without first being asked to , which creates additional security risks . The only “ authentication ” is that you have to provide a pid [ process ID ] of a process owned by your user , but you get unlimited guesses so you can bruteforce it in microseconds . Ormandy claimedVulnerability-related.DiscoverVulnerabilitythis might offer attackers a way of executing keystroke injection to take control of a Windows PC running the software . Within days of contacting Logitech , Ormandy says he had a meeting to discussVulnerability-related.DiscoverVulnerabilitythe vulnerability with its engineers on 18 September , who assured him they understood the problem . A new version of Options appearedVulnerability-related.PatchVulnerabilityon 1 October without a fix , although in fairness to Logitech that was probably too soon for any patch for Ormandy ’ s vulnerability to be includedVulnerability-related.PatchVulnerability. As anyone who ’ s followed Google ’ s Project Zero will know , it operates a strict 90-day deadline for a company to fixVulnerability-related.PatchVulnerabilityvulnerabilities disclosedVulnerability-related.DiscoverVulnerabilityto it , after which they are made publicVulnerability-related.DiscoverVulnerability. I would recommend disabling Logitech Options until an update is availableVulnerability-related.PatchVulnerability. Clearly , the disclosure got things moving – on 13 December , Logitech suddenly updatedVulnerability-related.PatchVulnerabilityOptions to version 7.00.564 ( 7.00.554 for Mac ) . The company also tweeted that the flaws had been fixedVulnerability-related.PatchVulnerability, confirmed by Ormandy on the same day . Logitech aren ’ t the first to feel Project Zero ’ s guillotine on their neck . Earlier in 2018 , Microsoft ran into a similar issue over a vulnerability foundVulnerability-related.DiscoverVulnerabilityby Project Zero in the Edge browser . Times have changed – vendors have to move from learning about a bug to releasingVulnerability-related.PatchVulnerabilitya fix much more rapidly than they used to .
Attackers continue to take aim at the e-commerce platform Magento . Researchers said last week they came across a malicious function snuckAttack.Databreachinto one of the platform ’ s modules in order to stealAttack.Databreachcredit card information . Code for the function was injected into a .php file for SF9 Realex , a module that helps sites store customer credit card data for the one-click checkout functionality commonly used by repeat customers . The module interacts with the Realex RealAuth Remote and Redirect systems , “ very popular solutions in the Magento community , ” according to Bruno Zanelato , a researcher with the firm Sucuri , who foundVulnerability-related.DiscoverVulnerabilitythe malicious function . The function , sendCCNumber ( ) , reroutes credit card information entered by a customer from Magento to an attacker ’ s email address , hidden inside a variable later in the code . The data , encoded in JSON , arrives in the attacker ’ s inbox without the victim being any the wiser . According to researchers , the attacker uses binlist.net , a public web service for searching issuer identification numbers ( IIN ) , to help identify which bank each card is associated with . Zanelato said Friday that attackers are going greater lengths to target credit card data , especially in e-commerce platforms like Magento . “ Magento credit card stealers are indeed on the rise , ” Zanelato wrote Friday , “ While the information here is specific to Magento , realize that this can affect any platform that is used for ecommerce . As the industry grows , so will the specific attacks targeting it ” . Zanelato is quick to point outVulnerability-related.DiscoverVulnerabilitythat there wasn ’ t a vulnerability in Magento that enabled the theft of credit card data . From there the attacker was able to inject script and takeover SF9 Realex . It ’ s the latest in a line of credit card stealers Sucuri researchers have observed taking advantage of Magento , however . Last summer Cesar Anjos , a researcher with the firm looked at one stealer that was loaded from another source . The stealer essentially performedAttack.Databreacha man-in-the-middle attack between the user and the checkout page after credit card information was entered . Last October , Ben Martin , a different researcher with the firm , discovered attackers scrapingAttack.Databreachcredit card numbers and exfiltratingAttack.Databreachthem in obscure , sometimes publicly viewable image files . Researchers with RiskIQ monitored attacks similar to ones described by Sucuri last year . The firm said the attacks it had been monitoring originated from a single hacking group targeting e-commerce platforms such as Powerfront CMS and OpenCart with a web-based keylogger in March 2016
Published December 7 , 2016 5:50 pm in Adobe , Adobe Flash , Malware , Ransomware , Vulnerability 0 Of the top 10 vulnerabilities incorporated by exploit kits in 2016 , six of them ( rather unsurprisingly ) affected Adobe Flash Player . Real-time threat intelligence provider Recorded Future arrived at those findings by analyzing thousands of sources including information security blogs and deep web forum postings . Recorded Future then rankedVulnerability-related.DiscoverVulnerabilityeach vulnerability based upon how many web references linked the bug to at least one of 141 exploit kits , malicious software packages like Neutrino and RIG which abuse security flaws to infect users with TrickBot and other malware . Recorded Future foundVulnerability-related.DiscoverVulnerabilitythe most references to CVE-2016-0189 , a vulnerability affecting Internet Explorer . More than 700 web sources linked the bug to the Magnitude , RIG , Neutrino , and Sundown exploit kits . But when it came to actual links with exploit kits , Adobe Flash Player cleaned house . In total , six Adobe Flash Player vulnerabilities appearedVulnerability-related.DiscoverVulnerabilityin the top 10 list . Two of those ( CVE-2016-1o1o and CVE-2015-8446 ) bonded with the late Angler exploit kit . Another three ( CVE-2016-1019 , CVE-2016-4117 , and CVE-2015-8651 ) connected to at least three exploit kits . Overall , the regrettable honor of integration with the most exploit kits goes to CVE-2015-7645 , a flaw which a mere 70 web sources linked to seven different packages : Neutrino , Angler , Magnitude , RIG , Nuclear Pack , Spartan , and Hunter . Recorded Future providesVulnerability-related.DiscoverVulnerabilitysome background on why this vulnerability likely received so many linkages : `` CVE-2015-7645 impacts Windows , Mac , and Linux operating systems , which makes it extremely versatile . Per Adobe , it can be used to take control of the affected system . Additionally , it was the first zero-day exploit discoveredVulnerability-related.DiscoverVulnerabilityafter Adobe introducedVulnerability-related.PatchVulnerabilitynew security mitigations , and as such , it was quickly adopted as many other older exploits ceased working on machines with newer Flash versions . The vulnerability was also noted as being used by Pawn Storm ( APT28 , Fancy Bear ) , a Russian government-backed espionage group . '' To protect against RIG and the others from exploiting some of these vulnerabilities on your machine , you should patchVulnerability-related.PatchVulnerabilityyour system regularly , install a reputable anti-virus solution , and install an ad-blocker . There 's no hope when it comes to Adobe Flash Player . It seems like new bugs are emergingVulnerability-related.DiscoverVulnerabilityevery day , which makes patch managementVulnerability-related.PatchVulnerabilitya serious headache . If you can , you should uninstall Adobe Flash Player from your computer as soon as possible .
Some medical devices , smartphones and internet of things gadgets contain certain types of sensors that are vulnerableVulnerability-related.DiscoverVulnerabilityto potential hacking using sound waves , saysVulnerability-related.DiscoverVulnerabilitycybersecurity researcher Kevin Fu . `` This is now a risk that all manufacturers should be aware of , and in their hazard analysis , it has to be a part of their cybersecurity risk management , '' says Fu , explaining findings of a recent research study conducted by the University of Michigan and the University of South Carolina . The microelectromechanical systems - or MEMS accelerometers - that the research team foundVulnerability-related.DiscoverVulnerabilityto contain these vulnerabilities - are sensors used in various devices to measure acceleration or velocity , and then report those readings to a microprocessor . `` What we looked atVulnerability-related.DiscoverVulnerabilitywas the ability to trick these sensors into delivering false readings to the microprocessor by using sound waves , '' he says in an interview with Information Security Media Group . `` What medical devices contain these sensors is still an open question . The main hazard of this sound wave vulnerability is the threat to the integrity and availability of the sensor , he explainsVulnerability-related.DiscoverVulnerability. Prior studies by other researchers had foundVulnerability-related.DiscoverVulnerabilitythat sound waves can be used to disable these sensors . `` What 's new here is that it is now known that one can actually damage the integrity of the reading , '' he says . `` If you were trusting this reading to do something automated , such as rate-adapt a pacemaker , perhaps based on changing activity of a patient , you now need a second way to verify the integrity of that reading . '' The study lists 20 accelerometers for which the researchers were able to change the output of the sensors using sound waves , Fu says . `` In some devices , we found that there is a speaker built in right next to the sensor , which means there is a remote ability to cause these changes without an adversary being near the chip . '' Fu recommends that manufacturers assess the researchers ' list of accelerometers that contain the sound wave vulnerability `` and ask [ suppliers ] for specific parameters , including the resident frequencies , to understand the risks and mitigations .
Things are getting messy at McDonald 's in India , and that 's not just for consumers of the Maharaja Mac - a double-stacked grilled chicken monstrosity with jalapenos and habanero sauce . The flaw , foundVulnerability-related.DiscoverVulnerabilityby payments company Fallible , exposed names , email addresses , phone numbers , home addresses and sometimes the coordinates of those homes , as well as links to social media profiles . And Fallible contends that the leakAttack.Databreachstill has n't been properly fixed . I queried McDonald 's to see if it has tried to sealVulnerability-related.PatchVulnerabilitythe hole in the API and also whether it has notified customers or regulators , but I did n't get an immediate response . In a March 19 tweet , McDonald 's did n't issue any clear answers , instead taking the well-trodden path of seeking to reassure users by highlighting what was not breachedAttack.Databreach. McDonald 's has dabbled in home delivery in many countries since the early 1990s , attracting budget diners willing to risk the short half-life of its sandwiches and fries versus the vagaries of home delivery . Fallible says it contacted McDonald 's India on Feb 7 , letting the fast-food chain know it could sequentially pullAttack.Databreachuser information from the API using a curl request . `` An unprotected publicly accessible API endpoint for getting user details coupled with serially enumerable integers as customer IDs can be used to obtain accessAttack.Databreachto all users personal information , '' Fallible writes in a blog post . But the issue appeared to remain unfixedVulnerability-related.PatchVulnerability, so Fallible says McDonald 's another email on March 7 asking for a status update . Ten days later , it sent another email and received no response . Fallible chose to go public with the issue in a March 18 blog postVulnerability-related.DiscoverVulnerability, prompting a public acknowledgement from McDonald 's on Twitter the next day . Fallible contendsVulnerability-related.DiscoverVulnerabilitythe issue hasn't been fixedVulnerability-related.PatchVulnerability, and it 's unclear from McDonald 's tweet if it was . India does n't have a specific law that requires mandatory reporting of data breachesAttack.Databreach. But there are regulations and laws that cover the disclosure of personal information .
A critical vulnerability in Moodle , an open source PHP-based learning management system deployed across scores of schools and universities , could expose the server its running on to compromise . Tens of thousands of universities worldwide , including the California State University system , the University of Oxford , and Stanford University , use the service to provide students with course outlines , grades , and other personal data . The issue–at its root a SQL injection vulnerability–could be used by an attacker to execute PHP code on a university ’ s server according to Netanel Rubin , the researcher who foundVulnerability-related.DiscoverVulnerabilitythe bug . Rubin , who has previously dug upVulnerability-related.DiscoverVulnerabilityvulnerabilities in Mozilla ’ s Bugzilla bug tracking system , e-commerce platform Magento , and WordPress , describedVulnerability-related.DiscoverVulnerabilitythe bug in depth in a blog post on Monday . “ Similar scenarios could be used in previous versions of Moodle but only by managers/admins and only via web services , ” the advisory reads . School IT administrators are being encouraged to apply a patch that maintainers of the system pushed 10 days ago . Rubin discovered that he could exploit the feature however and get an unserialize call by leaving a preference in a block mechanism empty . That could open the door to an object injection attack . While the attack had its limitations , Rubin discovered a way to pivot from it to a series of method calls . From there , he found he could use the system ’ s “ update ” method to update any row in an affected database . This gave him the ability to tweak administrator accounts , passwords , the site configuration , “ basically whatever we want , ” he wrote . Rubin used a double SQL injection to top off his exploit , helping him gain full administrator privileges on any server running Moodle . “ After gaining full administrator privileges executing code is as simple as uploading a new plugin or template to the server , ” Rubin writes .
A week ago the Moodle developers releasedVulnerability-related.PatchVulnerabilityupdates for the still supported branches of the platform : 3.2.2 , 3.1.5 , 3.0.9 and 2.7.19 . The release notes mentioned that `` a number of security related issues were resolvedVulnerability-related.PatchVulnerability, '' but did n't provide any additional details about their nature or impact . The severity of the flaws became apparentVulnerability-related.DiscoverVulnerabilityMonday , when security researcher Netanel Rubin , who foundVulnerability-related.DiscoverVulnerabilitythe vulnerabilities , publishedVulnerability-related.DiscoverVulnerabilitya detailed blog post about them . They do n't seem too critical on their own , but when combined , they allow attackers to create hidden administrative accounts and execute malicious PHP code on the underlying server . The exploit takes advantage of some false assumptions made by the developers , which Rubin described as a logic flaw , an Object Injection , a double SQL injection , and an overly permissive administrative dashboard . The logic issue stems from the reimplementation of a certain function without taking into account decisions made by the original function 's developers . According to the researcher , it is the result of `` having too much code , too many developers and lacking documentation . '' `` Keep in mind that logical vulnerabilities can and will occur in almost all systems featuring a large code base , '' Rubin said . `` Security issues in large code bases is , of course , not Moodle specific . '' Gaining administrative privileges on the Moodle platform is not only dangerous because attackers could install a PHP backdoor by uploading malicious plug-ins or templates , but also because Moodle installations store sensitive and private information about students taking online courses
Security researchers from computer and network security outfit Cybellum have revealedVulnerability-related.DiscoverVulnerabilitya new zero-day code injection and persistence technique that can be used by attackers to take over applications and entire Windows machines . They demonstrated the attack on antivirus solutions , and ultimately dubbed it DoubleAgent , as it turns the antivirus security agent into a malicious agent . “ DoubleAgent exploits a legitimate tool of Windows called ‘ Microsoft Application Verifier ’ which is a tool included in all versions of Microsoft Windows and is used as a runtime verification tool in order to discoverVulnerability-related.DiscoverVulnerabilityand fixVulnerability-related.PatchVulnerabilitybugs in applications , ” the company explained . “ Our researchers discovered an undocumented ability of Application Verifier that gives an attacker the ability to replace the standard verifier with his own custom verifier . An attacker can use this ability in order to inject a custom verifier into any application . Once the custom verifier has been injected , the attacker now has full control over the application ” . In fact , the attack can be used to compromise all kinds of applications , but the researchers chose to focus on antivirus solutions since this type of software is generally considered to be trusted . “ By using DoubleAgent , the attacker can take full control over the antivirus and do as he wish without the fear of being caught or blocked , ” they noted . This includes : Cybellum researchers demonstrated a DoubleAgent code injection against Symantec Norton antivirus , and offered PoC exploit code on GitHub . More technical details about the DoubleAgent technique can be found here . The researchers have notified major antivirus vendors of their findings , and some of them ( Malwarebytes , AVG ) have already issuedVulnerability-related.PatchVulnerabilitya patch for the vulnerability . Among the still vulnerable antivirus apps are those by Avast , BitDefender , ESET , Kaspersky , and F-Secure . “ Microsoft has provided a new design concept for antivirus vendors called Protected Processes . The new concept is specially designed for antivirus services . Antivirus processes can be created as ‘ Protected Processes ’ and the protected process infrastructure only allows trusted , signed code to load and has built-in defense against code injection attacks , ” the researchers explained . “ This means that even if an attacker foundVulnerability-related.DiscoverVulnerabilitya new zero-day technique for injecting code , it could not be used against the antivirus as its code is not signed . Currently no antivirus ( except Windows Defender ) has implemented this design , even though Microsoft made this design available more than 3 years ago ” . The vulnerability that allows the DoubleAgent attack works on all Microsoft Windows versions and architectures . The attack technique can be used to take over any application , and even the OS . “ We need to make more efforts to detect and prevent these attacks , and stop blindly trusting traditional security solutions , ” the researchers noted . We implementedVulnerability-related.PatchVulnerabilitythe fix at the time of reporting and therefore can confirm that both the Avast and AVG 2017 products , launched earlier this year , are not vulnerable . It is important to note that the exploit requires administrator privileges to conduct the attack which is difficult for hackers to achieve
LastPass engineers have Google researcher Tavis Ormandy to thank yet again for another busy few days after the British white hat foundVulnerability-related.DiscoverVulnerabilitya second critical bug in the password manager . Ormandy tweeted over the weekend that he began ‘ working ’ on the research in an unusual location : “ Ah-ha , I had an epiphany in the shower this morning and realized how to get codeexec in LastPass 4.1.43 . Full report and exploit on the way. ” On Monday , LastPass responded by explaining that the Google Project Zero man had reportedVulnerability-related.DiscoverVulnerabilitya new client-side vulnerability in its browser extension . “ We are now actively addressingVulnerability-related.PatchVulnerabilitythe vulnerability . This attack is unique and highly sophisticated , ” it added . “ We don ’ t want to discloseVulnerability-related.DiscoverVulnerabilityanything specific about the vulnerability or our fix that could reveal anything to less sophisticated but nefarious parties . So you can expect a more detailed post mortem once this work is complete. ” The firm offered a few steps that users could take to protect themselves from client-side security issues . These include : launching sites directly from the LastPass vault ; switching on two-factor authentication for any site that offers it ; and to be constantly on the lookout for phishing attacksAttack.Phishing. It ’ s the second vulnerability in a week that Ormandy has reportedVulnerability-related.DiscoverVulnerabilityto LastPass . Last week , the password manager firm was forced to fixVulnerability-related.PatchVulnerabilitya critical zero day that would have allowed remote code execution , enabling an attacker to steal users ’ passwords . The prolific Ormandy also helped to make the firm more secure last year when he foundVulnerability-related.DiscoverVulnerability“ a bunch of obvious critical problems ” in the service . Yet he has also publicly appeared to query the logic of using an online service which , if breached , could give up its customers ’ passwords . One Twitter follower claimed at the time : “ I 'm perplexed anyone uses an online service to store passwords. ” Ormandy responded : “ Yeah , me too . ”
LastPass engineers have Google researcher Tavis Ormandy to thank yet again for another busy few days after the British white hat foundVulnerability-related.DiscoverVulnerabilitya second critical bug in the password manager . Ormandy tweeted over the weekend that he began ‘ working ’ on the research in an unusual location : “ Ah-ha , I had an epiphany in the shower this morning and realized how to get codeexec in LastPass 4.1.43 . Full report and exploit on the way. ” On Monday , LastPass responded by explaining that the Google Project Zero man had reportedVulnerability-related.DiscoverVulnerabilitya new client-side vulnerability in its browser extension . “ We are now actively addressingVulnerability-related.PatchVulnerabilitythe vulnerability . This attack is unique and highly sophisticated , ” it added . “ We don ’ t want to discloseVulnerability-related.DiscoverVulnerabilityanything specific about the vulnerability or our fix that could reveal anything to less sophisticated but nefarious parties . So you can expect a more detailed post mortem once this work is complete. ” The firm offered a few steps that users could take to protect themselves from client-side security issues . These include : launching sites directly from the LastPass vault ; switching on two-factor authentication for any site that offers it ; and to be constantly on the lookout for phishing attacksAttack.Phishing. It ’ s the second vulnerability in a week that Ormandy has reportedVulnerability-related.DiscoverVulnerabilityto LastPass . Last week , the password manager firm was forced to fixVulnerability-related.PatchVulnerabilitya critical zero day that would have allowed remote code execution , enabling an attacker to steal users ’ passwords . The prolific Ormandy also helped to make the firm more secure last year when he foundVulnerability-related.DiscoverVulnerability“ a bunch of obvious critical problems ” in the service . Yet he has also publicly appeared to query the logic of using an online service which , if breached , could give up its customers ’ passwords . One Twitter follower claimed at the time : “ I 'm perplexed anyone uses an online service to store passwords. ” Ormandy responded : “ Yeah , me too . ”
Microsoft Internet Information Services ( IIS ) 6.0 is vulnerableVulnerability-related.DiscoverVulnerabilityto a zero-day Buffer Overflow vulnerability ( CVE-2017-7269 ) due to an improper validation of an ‘ IF ’ header in a PROPFIND request . A remote attacker could exploit this vulnerability in the IIS WebDAV Component with a crafted request using PROPFIND method . Successful exploitation could result in denial of service condition or arbitrary code execution in the context of the user running the application . According to the researchers who foundVulnerability-related.DiscoverVulnerabilitythis flaw , this vulnerability was exploitedVulnerability-related.DiscoverVulnerabilityin the wild in July or August 2016 . Other threat actors are now in the stages of creating malicious code based on the original proof-of-concept ( PoC ) code . Web Distributed Authoring and Versioning ( WebDAV ) is an extension of the HTTP protocol that allows clients to perform remote Web content authoring operations . WebDAV extends the set of standard HTTP methods and headers allowed for the HTTP request . Few example of WebDAV methods are COPY , LOCK , MKCOL , PROPFIND , UNLOCK etc . This vulnerability is exploitedVulnerability-related.DiscoverVulnerabilityusing the PROPFIND method and IF header . The PROPFIND method retrieves properties defined on the resource identified by the Request-URI . All the WebDAV-Compliant resources must support the PROPFIND method . The IF header handles the state token as well as the ETags . It makes the request conditional by supplying a series of state lists with conditions that match tokens and ETags to specific resource . If all states present in the IF header fail , the request fails with 412 ( Precondition Failed ) status
A `` panic button '' distributed by the Colombian government to high-risk activists and journalists has a number of security flaws , at least one of which is by design , a security firm reportedVulnerability-related.DiscoverVulnerability. Rapid7 investigated the Eview EV-07S GPS tracker at the behest of The Associated Press . The site lists main applications of the EV-07S as elderly care , disabled and patient care , child protection , employee management , and pet and animal tracking . `` I would n't be worried about giving this to my grandma . But I would be more concerned giving it to anyone who might be at risk , '' said Deral Heiland , internet of things research lead at Rapid7 . The group foundVulnerability-related.DiscoverVulnerabilityanother six vulnerabilities not listed in the manual . Those include a web portal for the device that allows anyone ( even people without passwords ) to access GPS coordinates of any device . Anyone who logs into an account on the site has accessAttack.Databreachto other information from all accounts , including phone numbers and device configurations . The device also transmits data in `` clear , '' unencrypted text , allowing anyone to tamper or alter information in transit . Rapid7 spoke with the manufacturer in December to relay its findings . Eview has not informed Rapid7 of any intention to repair the security flaws . `` We thought we had a responsibility to alertVulnerability-related.DiscoverVulnerabilityusers that these vulnerabilities exist , '' said Heiland .
There was a caveat to the hack , however—the hijack involved older models of Samsung TVs and required the CIA have physical access to a TV to install the malware via a USB stick . But the window to this sort of hijacking is far wider than originally thought because a researcher in Israel has uncoveredVulnerability-related.DiscoverVulnerability40 unknown vulnerabilities , or zero-days , that would allow someone to remotely hack millions of newer Samsung smart TVs , smart watches , and mobile phones already on the market , as well as ones slated for future release , without needing physical access to them . The security holes are inVulnerability-related.DiscoverVulnerabilityan open-source operating system called Tizen that Samsung has been rolling out in its devices over the last few years . It already has Tizen running on some 30 million smart TVs , as well as Samsung Gear smartwatches and in some Samsung phones in a limited number of countries like Russia , India and Bangladesh—the company plans to have 10 million Tizen phones in the market this year . Samsung also announced earlier this year that Tizen would be the operating system on its new line of smart washing machines and refrigerators too . But the operating system is riddledVulnerability-related.DiscoverVulnerabilitywith serious security vulnerabilities that make it easy for a hacker to take control of Tizen-powered devices , according to Israeli researcher Amihai Neiderman . A Samsung Z1 with the Tizen operating system on display at the Mobile World Congress 2015 in Barcelona , Spain . But one security hole Neiderman uncoveredVulnerability-related.DiscoverVulnerabilitywas particularly critical . It involves Samsung 's TizenStore app—Samsung 's version of Google Play Store—which delivers apps and software updates to Tizen devices . Neiderman saysVulnerability-related.DiscoverVulnerabilitya flaw in its design allowed him to hijack the software to deliver malicious code to his Samsung TV . Because the TizenStore software operates with the highest privileges you can get on a device , it 's the Holy Grail for a hacker who can abuse it . `` You can update a Tizen system with any malicious code you want , '' he says . Although TizenStore does use authentication to make sure only authorized Samsung software gets installed on a device , Neiderman foundVulnerability-related.DiscoverVulnerabilitya heap-overflow vulnerability that gave him control before that authentication function kicked in . Although researchers have uncoveredVulnerability-related.DiscoverVulnerabilityproblems with other Samsung devices in the past , Tizen has escaped extensive scrutiny from the security community , probably because it 's not widely used on phones yet . It did n't take long for Neiderman to noticeVulnerability-related.DiscoverVulnerabilityhow bad the Tizen code was on his TV , which caused him to purchase a few Tizen phones to see what he could do with them as well . He says much of the Tizen code base is old and borrows from previous Samsung coding projects , including Bada , a previous mobile phone operating system that Samsung discontinued . `` You can see that they took all this code and tried to push it into Tizen , '' Neiderman says . But most of the vulnerabilities he foundVulnerability-related.DiscoverVulnerabilitywere actually in new code written specifically for Tizen within the last two years . Many of them are the kind of mistakes programmers were making twenty years ago , indicating that Samsung lacks basic code development and review practices to prevent and catch such flaws . But there 's a basic flaw in it whereby it fails to check if there is enough space to write the data , which can create a buffer overrun condition that attackers can exploit . A buffer overrun occurs when the space to which data is being written is too small for the data , causing the data to write to adjacent areas of memory . A Tizen stand at the at the Mobile World Congress 2015 in Barcelona , Spain . They use it on some data transmissions but not others , and usually not on ones that need it most . `` They made a lot of wrong assumptions about where they needed encryption , '' he says , noting that `` it 's extra work to move between secure connections and unsecure connections . '' This indicates that they did n't do it inadvertently but were making conscious decisions not to use SSL in those places , he says . Neiderman contacted Samsung months ago to reportVulnerability-related.DiscoverVulnerabilitythe problems he foundVulnerability-related.DiscoverVulnerabilitybut got only an automated email in response .
There was a caveat to the hack , however—the hijack involved older models of Samsung TVs and required the CIA have physical access to a TV to install the malware via a USB stick . But the window to this sort of hijacking is far wider than originally thought because a researcher in Israel has uncoveredVulnerability-related.DiscoverVulnerability40 unknown vulnerabilities , or zero-days , that would allow someone to remotely hack millions of newer Samsung smart TVs , smart watches , and mobile phones already on the market , as well as ones slated for future release , without needing physical access to them . The security holes are inVulnerability-related.DiscoverVulnerabilityan open-source operating system called Tizen that Samsung has been rolling out in its devices over the last few years . It already has Tizen running on some 30 million smart TVs , as well as Samsung Gear smartwatches and in some Samsung phones in a limited number of countries like Russia , India and Bangladesh—the company plans to have 10 million Tizen phones in the market this year . Samsung also announced earlier this year that Tizen would be the operating system on its new line of smart washing machines and refrigerators too . But the operating system is riddledVulnerability-related.DiscoverVulnerabilitywith serious security vulnerabilities that make it easy for a hacker to take control of Tizen-powered devices , according to Israeli researcher Amihai Neiderman . A Samsung Z1 with the Tizen operating system on display at the Mobile World Congress 2015 in Barcelona , Spain . But one security hole Neiderman uncoveredVulnerability-related.DiscoverVulnerabilitywas particularly critical . It involves Samsung 's TizenStore app—Samsung 's version of Google Play Store—which delivers apps and software updates to Tizen devices . Neiderman saysVulnerability-related.DiscoverVulnerabilitya flaw in its design allowed him to hijack the software to deliver malicious code to his Samsung TV . Because the TizenStore software operates with the highest privileges you can get on a device , it 's the Holy Grail for a hacker who can abuse it . `` You can update a Tizen system with any malicious code you want , '' he says . Although TizenStore does use authentication to make sure only authorized Samsung software gets installed on a device , Neiderman foundVulnerability-related.DiscoverVulnerabilitya heap-overflow vulnerability that gave him control before that authentication function kicked in . Although researchers have uncoveredVulnerability-related.DiscoverVulnerabilityproblems with other Samsung devices in the past , Tizen has escaped extensive scrutiny from the security community , probably because it 's not widely used on phones yet . It did n't take long for Neiderman to noticeVulnerability-related.DiscoverVulnerabilityhow bad the Tizen code was on his TV , which caused him to purchase a few Tizen phones to see what he could do with them as well . He says much of the Tizen code base is old and borrows from previous Samsung coding projects , including Bada , a previous mobile phone operating system that Samsung discontinued . `` You can see that they took all this code and tried to push it into Tizen , '' Neiderman says . But most of the vulnerabilities he foundVulnerability-related.DiscoverVulnerabilitywere actually in new code written specifically for Tizen within the last two years . Many of them are the kind of mistakes programmers were making twenty years ago , indicating that Samsung lacks basic code development and review practices to prevent and catch such flaws . But there 's a basic flaw in it whereby it fails to check if there is enough space to write the data , which can create a buffer overrun condition that attackers can exploit . A buffer overrun occurs when the space to which data is being written is too small for the data , causing the data to write to adjacent areas of memory . A Tizen stand at the at the Mobile World Congress 2015 in Barcelona , Spain . They use it on some data transmissions but not others , and usually not on ones that need it most . `` They made a lot of wrong assumptions about where they needed encryption , '' he says , noting that `` it 's extra work to move between secure connections and unsecure connections . '' This indicates that they did n't do it inadvertently but were making conscious decisions not to use SSL in those places , he says . Neiderman contacted Samsung months ago to reportVulnerability-related.DiscoverVulnerabilitythe problems he foundVulnerability-related.DiscoverVulnerabilitybut got only an automated email in response .
There was a caveat to the hack , however—the hijack involved older models of Samsung TVs and required the CIA have physical access to a TV to install the malware via a USB stick . But the window to this sort of hijacking is far wider than originally thought because a researcher in Israel has uncoveredVulnerability-related.DiscoverVulnerability40 unknown vulnerabilities , or zero-days , that would allow someone to remotely hack millions of newer Samsung smart TVs , smart watches , and mobile phones already on the market , as well as ones slated for future release , without needing physical access to them . The security holes are inVulnerability-related.DiscoverVulnerabilityan open-source operating system called Tizen that Samsung has been rolling out in its devices over the last few years . It already has Tizen running on some 30 million smart TVs , as well as Samsung Gear smartwatches and in some Samsung phones in a limited number of countries like Russia , India and Bangladesh—the company plans to have 10 million Tizen phones in the market this year . Samsung also announced earlier this year that Tizen would be the operating system on its new line of smart washing machines and refrigerators too . But the operating system is riddledVulnerability-related.DiscoverVulnerabilitywith serious security vulnerabilities that make it easy for a hacker to take control of Tizen-powered devices , according to Israeli researcher Amihai Neiderman . A Samsung Z1 with the Tizen operating system on display at the Mobile World Congress 2015 in Barcelona , Spain . But one security hole Neiderman uncoveredVulnerability-related.DiscoverVulnerabilitywas particularly critical . It involves Samsung 's TizenStore app—Samsung 's version of Google Play Store—which delivers apps and software updates to Tizen devices . Neiderman saysVulnerability-related.DiscoverVulnerabilitya flaw in its design allowed him to hijack the software to deliver malicious code to his Samsung TV . Because the TizenStore software operates with the highest privileges you can get on a device , it 's the Holy Grail for a hacker who can abuse it . `` You can update a Tizen system with any malicious code you want , '' he says . Although TizenStore does use authentication to make sure only authorized Samsung software gets installed on a device , Neiderman foundVulnerability-related.DiscoverVulnerabilitya heap-overflow vulnerability that gave him control before that authentication function kicked in . Although researchers have uncoveredVulnerability-related.DiscoverVulnerabilityproblems with other Samsung devices in the past , Tizen has escaped extensive scrutiny from the security community , probably because it 's not widely used on phones yet . It did n't take long for Neiderman to noticeVulnerability-related.DiscoverVulnerabilityhow bad the Tizen code was on his TV , which caused him to purchase a few Tizen phones to see what he could do with them as well . He says much of the Tizen code base is old and borrows from previous Samsung coding projects , including Bada , a previous mobile phone operating system that Samsung discontinued . `` You can see that they took all this code and tried to push it into Tizen , '' Neiderman says . But most of the vulnerabilities he foundVulnerability-related.DiscoverVulnerabilitywere actually in new code written specifically for Tizen within the last two years . Many of them are the kind of mistakes programmers were making twenty years ago , indicating that Samsung lacks basic code development and review practices to prevent and catch such flaws . But there 's a basic flaw in it whereby it fails to check if there is enough space to write the data , which can create a buffer overrun condition that attackers can exploit . A buffer overrun occurs when the space to which data is being written is too small for the data , causing the data to write to adjacent areas of memory . A Tizen stand at the at the Mobile World Congress 2015 in Barcelona , Spain . They use it on some data transmissions but not others , and usually not on ones that need it most . `` They made a lot of wrong assumptions about where they needed encryption , '' he says , noting that `` it 's extra work to move between secure connections and unsecure connections . '' This indicates that they did n't do it inadvertently but were making conscious decisions not to use SSL in those places , he says . Neiderman contacted Samsung months ago to reportVulnerability-related.DiscoverVulnerabilitythe problems he foundVulnerability-related.DiscoverVulnerabilitybut got only an automated email in response .
Samsung , being a large multinational company , makes a lot of products spread across various spheres of life and marketed to diverse segments in a multitude of countries . Over here on XDA-Developers , Samsung is famously known for their Android smartphones and tablets , given they are some of the top contenders for their respective product categories . Samsung also makes many more interesting electronics , including a few “ smart ” ones that run on its own open-source OS , Tizen OS . Tizen powers Samsung products like smart TVs , smartwatches like the Gear series and even mobile phones like the Samsung Galaxy Z lineup . Samsung is seeking to expand the Tizen offerings to more products and more markets , as is evident from the expansion of the Galaxy Z smartphones and the Gear smartwatches . As security researcher Amihai Neiderman of Equus Software mentionedVulnerability-related.DiscoverVulnerabilityto Motherboard , Samsung ’ s Tizen OS has as many as 40 zero-day vulnerabilities still active and posing threat to the security of the operating system . These vulnerabilities allow someone to remotely hack “ millions ” of newer Samsung smart TVs , smartwatches and mobile phones , both already on the market as well as ones slated for future release as Samsung does not knowVulnerability-related.DiscoverVulnerabilityand has not fixedVulnerability-related.PatchVulnerabilitythese vulnerabilities ( hence , “ zero day ” ) . You can see that nobody with any understanding of security looked at this code or wrote it . It ’ s like taking an undergraduate and letting him program your software ” . All of the vulnerabilities allow remote code execution on a Samsung device . One of these vulnerabilities even exploits a flaw in the design of Samsung ’ s TizenStore app to hijack the software and deliver malicious code to a Samsung TV . Worse , the TizenStore app operates with the highest privileges on a Tizen device , so such a vulnerability is an even bigger cause of worry as Mr. Neiderman saysVulnerability-related.DiscoverVulnerabilitythat you can update a Tizen system with any malicious code the hacker wants . The TizenStore does use authentication for making sure only authorized Samsung software gets installed , but a heap-overflow vulnerability allows for gaining control before the authentication kicks in . The researcher mentions that a lot of the Tizen code base is old and borrows from previous projects like Bada . But most of the vulnerabilities he foundVulnerability-related.DiscoverVulnerabilitywere in new code specifically written for Tizen within the last two years . The vulnerabilities are described as “ mistakes programmers were making twenty years ago ” to indicateVulnerability-related.DiscoverVulnerabilitythat Samsung lacked basic code development and review practices for Tizen . When contacted , Samsung sent the researcher an automated email in response . Samsung ’ s current smartphone lineup is heavily dependent on Android , so these news shouldn ’ t necessarily impact your opinion of their Android smartphones in particular . But Samsung ’ s other avenues that involve Tizen are likely to invite hackers to explore and findVulnerability-related.DiscoverVulnerabilitymore of such zero-day vulnerabilities . There needs to be a higher priority on Tizen ’ s security if Samsung ever wants Tizen to bean OS for the internet of things .
Kapustkiy wo n't buy malware , but the hacker claims to sell zero day exploits , software loopholes that allow attackers to exploit software and networks . `` I ca n't name the site I use , but I think that most hackers would use the same [ sites ] , '' he said . Kapustkiy is a young , ideologically driven hacker who frequently tunnels into government and corporate sites . `` I hack for political reasons , '' he said in translated , broken English , `` but make money sometimes from selling hacks . '' Zero day exploits are a major profit center for many hackers and are at the heart of underground cyberwar ecosystem . Malware and software bugs can sell for tens or hundreds of thousands of dollars on the Dark Web . SEE : IT leader 's guide to the blockchain ( Tech Pro Research ) Zero day bugs are valuable because of the high stakes for victims . Bugs in Flash or Windows grant hackers easy access to corporate systems . Malware in the form of Stuxnet was allegedly developed and deployed by the United States and Israel to attack Iran 's nuclear program , and Sandworm was allegedly used by Russian hackers to attack NATO . I got a huge list of around 20 domains and I saw thatVulnerability-related.DiscoverVulnerabilityall of them were running on the same server and also hadVulnerability-related.DiscoverVulnerabilitythe same vulnerability . So I foundVulnerability-related.DiscoverVulnerabilitya exploit in the web-server and I managed to hack [ several sites ] .
Back in January 2013 , researchers from application security services firm DefenseCode unearthedVulnerability-related.DiscoverVulnerabilitya remote root access vulnerability in the default installation of some Cisco Linksys ( now Belkin ) routers . The flaw was actually foundVulnerability-related.DiscoverVulnerabilityin Broadcom ’ s UPnP implementation used in popular routers , and ultimately the researchers extendedVulnerability-related.DiscoverVulnerabilitythe list of vulnerable routers to encompass devices manufactured by the likes of ASUS , D-Link , Zyxel , US Robotics , TP-Link , Netgear , and others . “ Back in the days , Cisco fixedVulnerability-related.PatchVulnerabilitythe vulnerability , but we are not sure about all other router vendors and models because there are too many of them , ” the DefenseCode team noted . When DefenseCode first came outVulnerability-related.DiscoverVulnerabilitywith the vulnerability in 2013 , Rapid7 researchers also foundVulnerability-related.DiscoverVulnerabilitya number of flaws in other popular UPnP implementations , and by scanning the Internet , revealedVulnerability-related.DiscoverVulnerabilitythat there were approximately 15 million devices with a vulnerable Broadcom UPnP implementation . It ’ s difficult to tell how many of these devices are still vulnerableVulnerability-related.DiscoverVulnerabilitybut , as DefenseCode ’ s Leon Juranic pointed out to me , users rarely ( if ever ) update their router ’ s firmware , so there are bound to be still many of them . And given how many people have watched and analyzed their technical video of the exploit in action over the years , obviously many are interested in it . Still , I think we can all agree , four years is more than enough time for patchingVulnerability-related.PatchVulnerability, and nobody can fault them for publishing the exploit . Hopefully , if there are manufacturers that still haven ’ t pushed outVulnerability-related.PatchVulnerabilitya patch they ’ ll do it now , but this is could also be a welcome impetus for users to update their router ’ s firmware – especially those that haven ’ t done it for years . Whitepapers and offers
On Friday , a cache of hacking tools allegedly developed by the US National Security Agency was dumped online . The news was explosive in the digital security community because the tools contained methods to hack computers running Windows , meaning millions of machines could be at risk . Security experts who tested the tools , leaked by a group called the Shadow Brokers , found that they worked . They were panicked : This is really bad , in about an hour or so any attacker can download simple toolkit to hack into Microsoft based computers around the globe . — Hacker Fantastic ( @ hackerfantastic ) April 14 , 2017 But just hours later , Microsoft announced that many of the vulnerabilities were addressedVulnerability-related.PatchVulnerabilityin a security update releasedVulnerability-related.PatchVulnerabilitya month ago . “ Today , Microsoft triaged a large release of exploits made publicly available by Shadow Brokers , ” Philip Misner , a Microsoft executive in charge of security wrote in a blog post . “ Our engineers have investigated the disclosed exploits , and most of the exploits are already patchedVulnerability-related.PatchVulnerability. ” Misner ’ s post showed that three of nine vulnerabilities from the leak were fixedVulnerability-related.PatchVulnerabilityin a March 14 security update . As Ars Technica pointed out , when security holes are discoveredVulnerability-related.DiscoverVulnerability, the individual or organization that foundVulnerability-related.DiscoverVulnerabilitythem is usually credited in the notes explaining the update . No such acknowledgment was found in the March 14 update . Here ’ s a list of acknowledgments for 2017 , showing credit for finding security problems in almost every update . One theory among security practitioners is that the NSA itself reportedVulnerability-related.DiscoverVulnerabilitythe vulnerabilities to Microsoft , knowing that the tools would be dumped publicly . Microsoft told ZDNet that it might not list individuals who discoverVulnerability-related.DiscoverVulnerabilityflaws for a number of reasons , including by request from the discoverer . The US government has not commented on this leak , though previous leaks by the Shadow Brokers claiming to be NSA hacking tools were confirmed at least in part by affected vendors and NSA whistleblower Edward Snowden .
Researchers from several German universities have checked the PHP codebases of over 64,000 projects on GitHub , and foundVulnerability-related.DiscoverVulnerability117 vulnerabilities that they believe have been introduced through the use of code from popular but insufficiently reviewed tutorials . The researchers identified popular tutorials by inputing search terms such as “ mysql tutorial ” , “ php search form ” , “ javascript echo user input ” , etc . into Google Search . The first five results for each query were then manually reviewed and evaluated for SQLi and XSS vulnerabilities by following OWASP ’ s guidelines ( Reviewing Code for SQL Injection , Cross Site Scripting Prevention Cheat Sheat ) . This resulted in the discoveryVulnerability-related.DiscoverVulnerabilityof 9 tutorials containing vulnerable code ( 6 with SQLi , 3 with XSS ) . Based on these , they created two types of queries that they used against the aforementioned data set obtained from GitHub . “ We use strict queries to identify known vulnerable patterns in web applications , and normal queries to identify code analogues of tutorial code , ” they explained . The results were , finally , manually reviewed by the researchers . “ Thanks to our framework , we have uncoveredVulnerability-related.DiscoverVulnerabilityover 100 vulnerabilities in web application code that bear a strong resemblance to vulnerable code patterns foundVulnerability-related.DiscoverVulnerabilityin popular tutorials . More alarmingly , we have confirmedVulnerability-related.DiscoverVulnerabilitythat 8 instances of a SQLi vulnerability present inVulnerability-related.DiscoverVulnerabilitydifferent web applications are an outcome of code copied from a single vulnerable tutorial , ” they noted . “ Our results indicateVulnerability-related.DiscoverVulnerabilitythat there is a substantial , if not causal , link between insecure tutorials and web application vulnerabilities. ” “ [ Our findings ] suggest that there is a pressing need for code audit of widely consumed tutorials , perhaps with as much rigor as for production code , ” they pointed out . In their research , they evaluated only PHP application code , but their approach can be easily used to evaluate codebases in other programming languages , especially because they have made available their crawler ( GithubSpider ) and code analogue detector ( CADetector ) tools . Unfortunately , such a search can be easily replicated – “ even with limited resources such as a standard PC and a broadband DSL connection ” – by individuals or groups intent of discoveringVulnerability-related.DiscoverVulnerabilityvulnerabilities in software for future exploitation .