IBM has discovered Vulnerability-related.DiscoverVulnerability 17 zero-day vulnerabilities in smart city systems which could debilitate core services . At the Black Hat conference in Las Vegas on Monday , the cybersecurity firm 's X-Force Red team of penetration testers and hackers demonstrated how old-school threats are placing the cities of the future at risk in the present day . Smart city technology spending is predicted to hit $ 80 billion this year and become as high as $ 135 billion by 2021 . Water and filtration systems , smart lighting , traffic controllers , utilities , and more all become intertwined in smart cities , which aim to make urban living more energy efficient , eco-friendly , and manageable . However , connecting all of these critical elements can have devastating effects should something go wrong -- such as a successful cyberattack . We 've already seen the damage which can be caused when threat actors target core country systems , such as in the case of Ukraine 's power grid , and unless security is considered every step of the way , every future city will be placed at similar levels of risk . Together with researchers from Threatcare , IBM X-Force Red discovered Vulnerability-related.DiscoverVulnerability that smart city systems developed by Libelium , Echelon and Battelle were vulnerable Vulnerability-related.DiscoverVulnerability to attack . Libelium is a wireless sensor network hardware manufacturer , while Echelon specializes in industrial IoT , and non-profit Battelle develops and commercializes related technologies . According to IBM X-Force Red researcher Daniel Crowley , out of the 17 previously-unknown vulnerabilities discovered Vulnerability-related.DiscoverVulnerability in systems used in four smart cities , eight are deemed critical in severity . Unfortunately , many of the bugs were due to poor , lax security practices -- such as the use of default passwords , authentication bypass , and SQL injections . In total , the researchers uncovered Vulnerability-related.DiscoverVulnerability four instances of critical pre-authentication shell injection flaws in Libelium 's wireless sensor network , Meshlium .

Netskope Threat Research Labs has discovered Vulnerability-related.DiscoverVulnerability that the latest Microsoft Office zero-day vulnerability is linked to the Godzilla botnet loader discussed in our recent blog . During our research , we observed Vulnerability-related.DiscoverVulnerability the IPs related to the Godzilla Botnet loader serving payloads associated with exploits for the latest zero-day vulnerability in Microsoft Office . Microsoft has said Vulnerability-related.DiscoverVulnerability that the vulnerability will be patched Vulnerability-related.PatchVulnerability today . Netskope Threat Protection detects Vulnerability-related.DiscoverVulnerability the known exploits for this new vulnerability as Backdoor.Explot.ANWK . The payload for the exploit are detected Vulnerability-related.DiscoverVulnerability as Backdoor.Generckd.4818242 and Backdoor.Generckd.4818381 . This vulnerability allows a malicious actor to execute a Visual Basic script , when the victim opens a document containing an embedded exploit . An excerpt of the VBScript code embedded in the document is shown in Figure 1 . Figure 1 : VBScript code in the malicious document We observed Vulnerability-related.DiscoverVulnerability the domains btt5sxcx90.com , hyoeyeep.ws and rottastics36w.net also serving payloads associated with the latest Microsoft Office zero-day exploit . At this moment we can not speculate that the spam campaign and zero-day are related . However , based on current observations , we believe that the same attack group is behind these attacks . Netskope recommends users to block all the IPs and domains mentioned in Figure 8 of our previous blog . Additionally , we suggest users ensure that Office Protected View is enabled to prevent exposure to this attack .

A security vulnerability in Intel Corp. chips first disclosed Vulnerability-related.DiscoverVulnerability last week looks far worse than initially thought , as hackers can hijack Intel processors without even needing a password . The vulnerability , which affects Vulnerability-related.DiscoverVulnerability all Intel chips manufactured since 2008 , from those code-named Nahalem to today ’ s Kaby Lake , stems from a flaw in vPro firmware suite including Intel Active Management Technology from versions 6 to 11.6 . The security hole allows an unprivileged attacker to gain control of the manageability features provided by the firmware suite , giving a would-be hacker the same access that a systems administrator would have , including the ability to change boot up code and access the computer ’ s mouse , keyboard , monitor and programs installed . Intel argued that access to the vulnerability was fairly limited , in that a password was required to access AMT . But Tenable Network Security Inc . has discovered Vulnerability-related.DiscoverVulnerability that the verification process for AMT accepts a blank password submission . As Rick Falkvinge at Private Internet Access explains : In order to get administrator privileges to the server memory , all you needed to do was to submit a blank password field instead of the expected privileged-access password hash , and you would have unlimited and unlogged read/write access to the entire server memory . With the ability to gain access to an Intel central processing unit as simple as submitting no password , experts are warning that the worst should be presumed . “ If you have anything connected to the Internet with AMT on , disable it now . Assume the server has already been compromised , ” SSH inventor Tatu Ylonen said in a blog post . “ The exploit is trivial , a maximum of five lines of Python , and could be doable in a one-line shell command. ” He said the flaw gives full control of affected machines , including the ability to read and modify everything . “ It can be used to install persistent malware – possibly in the firmware – and read and modify any data . Ylonen recommended that AMT be disabled today and that affected users “ mobilize whomever you need. ” More specifically , he said , “ start from the most critical servers : Active Directory , certificate authorities , critical databases , code signing servers , firewalls , security servers , HSMs ( if they have it enabled ) . ” Data center operators should “ block ports 16992 , 16993 , 16994 , 16995 , 623 , 664 in internal firewalls ” if they can .

Argentinean security researcher Manuel Caballero has discovered Vulnerability-related.DiscoverVulnerability another vulnerability in Microsoft 's Edge browser that can be exploited Vulnerability-related.DiscoverVulnerability to bypass a security protection feature and steal data such as passwords from other sites , or cookie files that contain sensitive information . The vulnerability is a bypass of Edge 's Same Origin Policy ( SOP ) , a security feature that prevents a website from loading resources and code from other domains except its own . To exploit the flaw , Caballero says that an attacker can use server redirect requests combined with data URIs , which would allow him to confuse Edge 's SOP filter and load unauthorized resources on sensitive domains . The expert explains the attack step by step on his blog . In the end , the attacker will be able to inject a password form on another domain , which the built-in Edge password manager will automatically fill in with the user 's credentials for that domain . Below is a video of the attack . Additionally , an attacker can steal cookies in a similar manner . More demos are available on a page Caballero set up here . Two weeks ago , Caballero found Vulnerability-related.DiscoverVulnerability another SOP bypass in Edge , which an attacker could also exploit to steal cookies and passwords . That particular exploit relied on a combination of data URIs , meta refresh tag , and domainless pages , such as about : blank . Compared to the previous SOP bypass , the technique Caballero disclosed Vulnerability-related.DiscoverVulnerability yesterday has the advantage that it 's faster to execute compared to the first , which required the attacker to log users out of their accounts and re-authenticate them in order to collect their credentials . Caballero has a history of finding Vulnerability-related.DiscoverVulnerability severe bugs in Microsoft browsers . He previously also bypassed the Edge SOP using Edge 's new Reading Mode , showed how you could abuse the SmartScreen security filter for tech support scams , and found a serious JavaScript attack in Internet Explorer 11 ( still unpatched ) . What 's more worrisome is that Microsoft has not patched Vulnerability-related.PatchVulnerability any of the SOP bypass issues the expert discovered Vulnerability-related.DiscoverVulnerability . `` We have 3 SOP bypasses right now , '' Caballero told Bleeping Computer today when asked to confirm the status of the three bugs . This month 's Patch Tuesday , released Vulnerability-related.PatchVulnerability two days ago , patched Vulnerability-related.PatchVulnerability the Edge SmartScreen issue Caballero discovered Vulnerability-related.DiscoverVulnerability last December , but the researcher found a way to bypass Microsoft 's patch within minutes .

De Ceukelaire has discovered Vulnerability-related.DiscoverVulnerability that he can exploit Facebook to obtain cell phone numbers of users ; which they want to remain hidden . According to De Ceukelaire , he can easily identify the cell phone numbers of well-known personalities including top politicians and “ Flemish ” celebs simply through checking out their Facebook profile . This is done by analyzing the numbers that are associated with their profiles . It must be noted that these numbers are supposed to be confidential information and aren ’ t viewable by the public . Must Read : Hacking Facebook Account by Knowing Account Phone Number Reportedly , De Ceukelaire proved his claim Vulnerability-related.DiscoverVulnerability by obtaining the cell number of Jan Jambon , the Interior Minister for Belgium , through his Facebook profile . He further stated that : “ For clarity , I could find out his number on his account , not vice versa ; roughly , I think you get the number 20 percent of the Flemish people can find that way . Of all the people who have their mobile number linked to their profile goes to the 80 percent ” . De Ceukelaire already warned Vulnerability-related.DiscoverVulnerability the Facebook security team twice about this issue and stated that he might expose it to the public if the social network does not fix Vulnerability-related.PatchVulnerability the issue and make necessary changes . However , according to Facebook ’ s representatives , this isn ’ t a vulnerability that has been exploited Vulnerability-related.DiscoverVulnerability but a feature . He also notified law enforcement authorities about the exploitable aspect of this feature . “ If the users enter their private phone numbers and don ’ t lock them down in the privacy settings section , chances of a privacy leak are quite bright ” . Facebook informed De Ceukelaire about how to control the searching criteria , that is , who can search for you through your phone number or email address but De Ceukelaire asserts that this is a privacy leak because phone numbers are visible to the public while these are supposed to remain confidential . This problem was identified way back in 2012 because the cell number ’ s setting could not be set to visible by “ Only Me ” . Facebook did make Vulnerability-related.PatchVulnerability some modifications in its privacy settings feature , due to which only a limited number of reverse lookups would come from a particular IP address . This happened after a security researcher managed to access thousands of random phone numbers . But , it is apparent that the problem hasn ’ t been fixed Vulnerability-related.PatchVulnerability even today . It is worth noting that De Ceukelaire didn ’ t release details about how he managed to exploit Facebook to conduct this privacy leak and whether he used any different method than previous security researchers or not . But , yet again Facebook is paying no heed to his pleas of getting this feature fixed and he has been given the same ‘ Feature not Flaw ’ reply this time as well