The Federal Bureau of Investigation has issued a warning to healthcare organizations using File Transfer Protocol ( FTP ) servers . Medical and dental organizations have been advised to ensure FTP servers are configured to require users to be properly authenticated before access to stored data can be gained . Many FTP servers are configured to allow anonymous access using a common username such as ‘ FTP ’ or ‘ anonymous ’ . In some cases , a generic password is required , although security researchers have discovered Vulnerability-related.DiscoverVulnerability that in many cases , FTP servers can be accessed without a password . The FBI warning Vulnerability-related.DiscoverVulnerability cites research conducted by the University of Michigan in 2015 that revealed Vulnerability-related.DiscoverVulnerability more than 1 million FTP servers allowed anonymous access to stored data The FBI warns that hackers are targeting these anonymous FTP servers to gain access Attack.Databreach to the protected health information of patients . PHI carries a high value on the black market as it can be used for identity theft and fraud . Healthcare organizations could also be blackmailed Attack.Ransom if PHI is stolen Attack.Databreach . Last year , the hacker operating under the name TheDarkOverlord conducted a number of attacks Attack.Databreach on healthcare organizations . The protected health information of patients was stolen Attack.Databreach and organizations were threatened with the publication of data if a sizable ransom payment Attack.Ransom was not made . In some cases , patient data were published online when payment was not received Attack.Ransom . There are reasons why IT departments require FTP servers to accept anonymous requests ; however , if that is the case , those servers should not be used to store any protected health information of patients . If PHI must be stored on the servers , they can not be configured to run in anonymous mode . The FBI suggests all healthcare organizations should instruct their IT departments to check the configuration of their FTP servers to ensure they are not running in anonymous mode and to take immediate action to secure those servers and reduce risk if they are .

It was starting to feel like Intel was overdue for serious Management Engine ( ME ) vulnerabilities . But this week , researchers at Positive Technologies revealed Vulnerability-related.DiscoverVulnerability a new security flaw in the subsystem that could let attackers compromise its MFS file system . Intel has released Vulnerability-related.PatchVulnerability updates to address Vulnerability-related.PatchVulnerability the problem , though , so Intel CPU owners should make sure their firmware is up-to-date . ME has become a repeated source of problems for Intel and its customers . The utility is a chip-on-a-chip that allows IT managers to remotely access company PCs with tools like Intel 's Active Management Technology ( AMT ) . ME has its own network interface , memory , operating system and file system ( MFS ) that are kept separate from the main system in a bid to prevent it from allowing hackers to access ostensibly secure information . The problem is that researchers have discovered Vulnerability-related.DiscoverVulnerability numerous vulnerabilities in ME over the last few years ; Positive Technologies revealed Vulnerability-related.DiscoverVulnerability one in 2017 that allowed full takeover of ME via USB ( it 's since been fixed Vulnerability-related.PatchVulnerability ) . Now , it 's revealed Vulnerability-related.DiscoverVulnerability another one that allows someone with physical access to a system to compromise ME and `` manipulate the state of MFS and extract important secrets '' with the ability to `` add files , delete files and change their protection attributes . '' Positive Technologies said the attack can be used to learn four keys MFS uses to secure data -- the Intel Integrity Key , Non-Intel Integrity Key , Intel Confidentiality Key and Non-Intel Confidentiality Key -- that were supposed to be protected via a firmware update Intel released Vulnerability-related.PatchVulnerability in 2017 . Positive Technologies explained how someone with physical access to the system could bypass that patch to compromise those keys in its blog post : `` Positive Technologies expert Dmitry Sklyarov discovered Vulnerability-related.DiscoverVulnerability vulnerability CVE-2018-3655 , described in advisory Intel-SA-00125 . He found that Non-Intel Keys are derived from two values : the SVN and the immutable non-Intel root secret , which is unique to each platform . By using an earlier vulnerability to enable the JTAG debugger , it was possible to obtain the latter value . Knowing the immutable root secret enables calculating the values of both Non-Intel Keys even in the newer firmware version . ... Attackers could calculate the Non-Intel Integrity Key and Non-Intel Confidentiality Key for firmware that has the updated SVN value and therefore compromise the MFS security mechanisms that rely on these keys . '' Intel released Vulnerability-related.PatchVulnerability the Intel-SA-00125 firmware update to defend against this vulnerability on September 11 . But this is another point in favor of companies questioning -- or outright banning -- the use of ME in their systems . Purism avoids ME and the services it enables in its privacy-focused Librem notebooks , Google is working to remove ME from the Intel processors it uses and previous security flaws have raised concerns among consumers .

Researchers have discovered Vulnerability-related.DiscoverVulnerability some serious security flaws threatening Linux . These vulnerabilities exist in Vulnerability-related.DiscoverVulnerability Linux systemd component . According to the researchers , the vulnerabilities pose a risk to all systemd-based Linux distros . Allegedly , researchers at Qualys have disclosed Vulnerability-related.DiscoverVulnerability some bugs targeting the Linux systemd component . Systemd provides the core building blocks for Linux and handles major processes after booting . As revealed Vulnerability-related.DiscoverVulnerability , three vulnerabilities have targeted the systemd-journald , which is responsible for data collection and log storage . The vulnerabilities let an attacker gain root privileges on the target device . The researchers state Vulnerability-related.DiscoverVulnerability that these vulnerabilities threaten all Linux distros based on systemd except a few . As stated in their report , “ To the best of our knowledge , all systemd-based Linux distributions are vulnerable Vulnerability-related.DiscoverVulnerability , but SUSE Linux Enterprise 15 , openSUSE Leap 15.0 , and Fedora 28 and 29 are not exploitable because their user space is compiled with GCC ’ s -fstack-clash-protection. ” The three bugs include two different memory corruption flaws ( CVE-2018-16864 and CVE-2018-16865 ) , and an out-of-bounds flaw ( CVE-2018-16866 ) . At first , the researchers accidentally discovered Vulnerability-related.DiscoverVulnerability CVE-2018-16864 while working on an exploit for a previously disclosed vulnerability , Mutagen Astronomy . Then , when they were busy on its PoC , they spotted Vulnerability-related.DiscoverVulnerability the other two bugs . “ We developed Vulnerability-related.DiscoverVulnerability a proof of concept for CVE-2018-16864 that gains eip control on i386… We developed Vulnerability-related.DiscoverVulnerability an exploit for CVE-2018-16865 and CVE-2018-16866 that obtains a local root shell in 10 minutes on i386 and 70 minutes on amd64 , on average. ” Interestingly , the bugs had been around for quite a few years . For now , Red Hat has patched Vulnerability-related.PatchVulnerability the bugs CVE-2018-16864 and CVE-2018-16865 . Whereas , Debian has fixed Vulnerability-related.PatchVulnerability CVE-2018-16866 in the unstable systemd 240-1 release . Other distros will also supposedly release Vulnerability-related.PatchVulnerability the fixes soon . In November 2018 , a Google researcher also highlighted Vulnerability-related.DiscoverVulnerability a critical flaw in Systemd that induced system crashes and hacks .

Security researchers from Pen Test Partners have discovered Vulnerability-related.DiscoverVulnerability pretty glaring security flaws in Aga 's line of smart ovens . According to researchers , these flaws can be exploited Vulnerability-related.DiscoverVulnerability via SMS messages . The reason appears to be that Aga management opted to use a GSM SIM module to control its devices , instead of the classic option of using a Wi-Fi module . This SMS-based management feature allows Aga users to turn ovens on or off from remote locations by sending an SMS to their device . In this scenario , an attacker would need a victim 's oven SMS number , but Pen Test Partners researchers say Vulnerability-related.DiscoverVulnerability the web-based administration panel contains Vulnerability-related.DiscoverVulnerability flaws that allow attackers to scrape for all active SIM card numbers assigned to Aga ovens . There 's no authentication involved with the SMS management commands , meaning anyone could send them , and mess around with people 's `` smart '' ovens . Professional cooking ovens , like the Aga iTotal Control , need hours of warming before reaching optimal cooking temperatures . While attackers could annoy oven owners by turning their ovens off , Pen Test Partners say that an ill-intent miscreant could also turn all known Aga ovens on , and cause a spike in electric energy consumption within an area , albeit this could be an exaggerated claim , as there would need to be thousands of these devices laying around . Besides the non-authenticated SMS-based remote management feature , the research team also discovered Vulnerability-related.DiscoverVulnerability other major problems with Aga 's smart ovens . For starters , the Aga web administration panel does n't use HTTPS and forces users to use a five-digit password , one that 's incredibly easy to brute-force . Second , the Aga mobile app also works via HTTP , but even if developers used HTTPS , the app disables certificate validation on purpose , meaning attackers could use any SSL certificate to intercept traffic coming in and to the app . After spending two weeks attempting to alert the UK-based IoT manufacturer , Pen Test Researchers decided to go public Vulnerability-related.DiscoverVulnerability with their findings yesterday . Furthermore , Pent Test Partners say that the GSM SIM remote management module used for Aga 's iTotal Control smart oven was created by a company called Tekelek , which also ships similar SMS management components for oil storage tanks , heating systems , process control and medical devices . `` These appear to be monitored using SMS , so I wonder where else this bizarre unauthenticated text messaging process might lead , '' said Ken Munro , Pen Test Partners expert . At the time of writing , and following the public disclosure Vulnerability-related.DiscoverVulnerability of the iTotal Control issues , Aga appears to have taken down its web-based administration portal , as Pen Test Partners initially suggested .

Microsoft has released Vulnerability-related.PatchVulnerability an emergency security update to patch Vulnerability-related.PatchVulnerability below-reported crazy bad remote code execution vulnerability in its Microsoft Malware Protection Engine ( MMPE ) that affects Vulnerability-related.DiscoverVulnerability Windows 7 , 8.1 , RT and 10 computers , as well as Windows Server 2016 operating systems . Google Project Zero 's security researchers have discovered Vulnerability-related.DiscoverVulnerability another critical remote code execution ( RCE ) vulnerability in Microsoft ’ s Windows operating system , claiming that it is something truly bad . Tavis Ormandy announced during the weekend that he and another Project Zero researcher Natalie Silvanovich discovered Vulnerability-related.DiscoverVulnerability `` the worst Windows remote code [ execution vulnerability ] in recent memory . This is crazy bad . Report on the way . '' Ormandy did not provide Vulnerability-related.DiscoverVulnerability any further details of the Windows RCE bug , as Google gives a 90-day security disclosure deadline to all software vendors to patch Vulnerability-related.PatchVulnerability their products and disclose Vulnerability-related.DiscoverVulnerability it to the public . This means the details of the new RCE vulnerability in Windows will likely be disclosed Vulnerability-related.DiscoverVulnerability in 90 days from now even if Microsoft fails to patch Vulnerability-related.PatchVulnerability the issue . However , Ormandy later revealed Vulnerability-related.DiscoverVulnerability some details of the Windows RCE flaw , clarifying that : The vulnerability they claimed to have discovered Vulnerability-related.DiscoverVulnerability works against default Windows installations . The attacker does not need to be on the same local area network ( LAN ) as the victim , which means vulnerable Windows computers can be hacked remotely . The attack is `` wormable , '' capability to spread itself . Despite not even releasing any technical details on the RCE flaw , some IT professionals working for corporates have criticized the Google Project Zero researcher for making the existence of the vulnerability public , while Twitter 's infosec community is happy with the work . `` If a tweet is causing panic or confusion in your organization , the problem is n't the tweet , the problem is your organization , '' Project Zero researcher Natalie Silvanovich tweeted . This is not the first time when Google 's security researchers have discovered Vulnerability-related.DiscoverVulnerability flaws in Microsoft ’ s products . Most recently in February , Google researchers disclosed Vulnerability-related.DiscoverVulnerability the details of an unpatched vulnerability impacting Vulnerability-related.DiscoverVulnerability Microsoft 's Edge and Internet Explorer browsers . Microsoft released Vulnerability-related.PatchVulnerability a patch as part of its next Patch Tuesday but criticized Google for making all details public , exposing millions of its Windows users at risk of being hacked . Microsoft has not yet responded to the latest claims , but the company has its May 2017 Patch Tuesday scheduled tomorrow , May 9 , so hopefully , it will include a security patch to resolve Vulnerability-related.PatchVulnerability this issue .

Microsoft has released Vulnerability-related.PatchVulnerability an emergency security update to patch Vulnerability-related.PatchVulnerability below-reported crazy bad remote code execution vulnerability in its Microsoft Malware Protection Engine ( MMPE ) that affects Vulnerability-related.DiscoverVulnerability Windows 7 , 8.1 , RT and 10 computers , as well as Windows Server 2016 operating systems . Google Project Zero 's security researchers have discovered Vulnerability-related.DiscoverVulnerability another critical remote code execution ( RCE ) vulnerability in Microsoft ’ s Windows operating system , claiming that it is something truly bad . Tavis Ormandy announced during the weekend that he and another Project Zero researcher Natalie Silvanovich discovered Vulnerability-related.DiscoverVulnerability `` the worst Windows remote code [ execution vulnerability ] in recent memory . This is crazy bad . Report on the way . '' Ormandy did not provide Vulnerability-related.DiscoverVulnerability any further details of the Windows RCE bug , as Google gives a 90-day security disclosure deadline to all software vendors to patch Vulnerability-related.PatchVulnerability their products and disclose Vulnerability-related.DiscoverVulnerability it to the public . This means the details of the new RCE vulnerability in Windows will likely be disclosed Vulnerability-related.DiscoverVulnerability in 90 days from now even if Microsoft fails to patch Vulnerability-related.PatchVulnerability the issue . However , Ormandy later revealed Vulnerability-related.DiscoverVulnerability some details of the Windows RCE flaw , clarifying that : The vulnerability they claimed to have discovered Vulnerability-related.DiscoverVulnerability works against default Windows installations . The attacker does not need to be on the same local area network ( LAN ) as the victim , which means vulnerable Windows computers can be hacked remotely . The attack is `` wormable , '' capability to spread itself . Despite not even releasing any technical details on the RCE flaw , some IT professionals working for corporates have criticized the Google Project Zero researcher for making the existence of the vulnerability public , while Twitter 's infosec community is happy with the work . `` If a tweet is causing panic or confusion in your organization , the problem is n't the tweet , the problem is your organization , '' Project Zero researcher Natalie Silvanovich tweeted . This is not the first time when Google 's security researchers have discovered Vulnerability-related.DiscoverVulnerability flaws in Microsoft ’ s products . Most recently in February , Google researchers disclosed Vulnerability-related.DiscoverVulnerability the details of an unpatched vulnerability impacting Vulnerability-related.DiscoverVulnerability Microsoft 's Edge and Internet Explorer browsers . Microsoft released Vulnerability-related.PatchVulnerability a patch as part of its next Patch Tuesday but criticized Google for making all details public , exposing millions of its Windows users at risk of being hacked . Microsoft has not yet responded to the latest claims , but the company has its May 2017 Patch Tuesday scheduled tomorrow , May 9 , so hopefully , it will include a security patch to resolve Vulnerability-related.PatchVulnerability this issue .

Microsoft has released Vulnerability-related.PatchVulnerability an emergency security update to patch Vulnerability-related.PatchVulnerability below-reported crazy bad remote code execution vulnerability in its Microsoft Malware Protection Engine ( MMPE ) that affects Vulnerability-related.DiscoverVulnerability Windows 7 , 8.1 , RT and 10 computers , as well as Windows Server 2016 operating systems . Google Project Zero 's security researchers have discovered Vulnerability-related.DiscoverVulnerability another critical remote code execution ( RCE ) vulnerability in Microsoft ’ s Windows operating system , claiming that it is something truly bad . Tavis Ormandy announced during the weekend that he and another Project Zero researcher Natalie Silvanovich discovered Vulnerability-related.DiscoverVulnerability `` the worst Windows remote code [ execution vulnerability ] in recent memory . This is crazy bad . Report on the way . '' Ormandy did not provide Vulnerability-related.DiscoverVulnerability any further details of the Windows RCE bug , as Google gives a 90-day security disclosure deadline to all software vendors to patch Vulnerability-related.PatchVulnerability their products and disclose Vulnerability-related.DiscoverVulnerability it to the public . This means the details of the new RCE vulnerability in Windows will likely be disclosed Vulnerability-related.DiscoverVulnerability in 90 days from now even if Microsoft fails to patch Vulnerability-related.PatchVulnerability the issue . However , Ormandy later revealed Vulnerability-related.DiscoverVulnerability some details of the Windows RCE flaw , clarifying that : The vulnerability they claimed to have discovered Vulnerability-related.DiscoverVulnerability works against default Windows installations . The attacker does not need to be on the same local area network ( LAN ) as the victim , which means vulnerable Windows computers can be hacked remotely . The attack is `` wormable , '' capability to spread itself . Despite not even releasing any technical details on the RCE flaw , some IT professionals working for corporates have criticized the Google Project Zero researcher for making the existence of the vulnerability public , while Twitter 's infosec community is happy with the work . `` If a tweet is causing panic or confusion in your organization , the problem is n't the tweet , the problem is your organization , '' Project Zero researcher Natalie Silvanovich tweeted . This is not the first time when Google 's security researchers have discovered Vulnerability-related.DiscoverVulnerability flaws in Microsoft ’ s products . Most recently in February , Google researchers disclosed Vulnerability-related.DiscoverVulnerability the details of an unpatched vulnerability impacting Vulnerability-related.DiscoverVulnerability Microsoft 's Edge and Internet Explorer browsers . Microsoft released Vulnerability-related.PatchVulnerability a patch as part of its next Patch Tuesday but criticized Google for making all details public , exposing millions of its Windows users at risk of being hacked . Microsoft has not yet responded to the latest claims , but the company has its May 2017 Patch Tuesday scheduled tomorrow , May 9 , so hopefully , it will include a security patch to resolve Vulnerability-related.PatchVulnerability this issue .

Security researchers at Qualys Security have discovered Vulnerability-related.DiscoverVulnerability a Linux flaw that could be exploited Vulnerability-related.DiscoverVulnerability to gain root privileges and overwrite any file on the filesystem on SELinux-enabled systems . The high severity flaw , tracked as Vulnerability-related.DiscoverVulnerability CVE-2017-1000367 , resides in Vulnerability-related.DiscoverVulnerability the Sudo ’ s get_process_ttyname ( ) for Linux and is related to the way Sudo parses tty information from the process status file in the proc filesystem . The Linux flaw could be exploited Vulnerability-related.DiscoverVulnerability by a local user with privileges to execute commands via Sudo and could allow attackers to escalate their privileges to root . The Sudo ’ s get_process_ttyname ( ) function opens “ /proc/ [ pid ] /stat ” ( man proc ) and reads the device number of the tty from field 7 ( tty_nr ) . These fields are space-separated , the field 2 ( comm , the filename of the command ) can contain spaces . Sudoer users on SELinux-enabled systems could escalate their privileges to overwrite any file on the filesystem with their command ’ s output , including root-owned files . “ We discovered Vulnerability-related.DiscoverVulnerability a vulnerability in Sudo ’ s get_process_ttyname ( ) for Linux : this function opens “ /proc/ [ pid ] /stat ” ( man proc ) and reads the device number of the tty from field 7 ( tty_nr ) . Unfortunately , these fields are space-separated and field 2 ( comm , the filename of the command ) can contain spaces ( CVE-2017-1000367 ) . ” reads the security advisory . “ On an SELinux-enabled system , if a user is Sudoer for a command that does not grant him full root privileges , he can overwrite any file on the filesystem ( including root-owned files ) with his command ’ s output , because relabel_tty ( ) ( in src/selinux.c ) calls open ( O_RDWR|O_NONBLOCK ) on his tty and dup2 ( ) s it to the command ’ s stdin , stdout , and stderr . This allows any Sudoer user to obtain full root privileges. ” To exploit the issue , a Sudo user would have to choose a device number that doesn ’ t exist under “ /dev ” . If the terminal isn ’ t present under the /dev/pts directory when the Sudo performs a breadth-first search of /dev , the user could allocate a pseudo-terminal between the two searchers and create a “ symbolic link to the newly-created device in a world-writable directory under /dev , such as /dev/shm , ” “ Exploiting the bug requires that the user already have sudo privileges . SELinux must also be enabled on the system and sudo must have been built with SELinux support . To exploit the bug , the user can choose a device number that does not currently exist under /dev . If sudo does not find the terminal under the /dev/pts directory , it performs a breadth-first search of /dev . It is possible to allocate a pseudo-terminal after sudo has checked /dev/pts but before sudo performs its breadth-first search of /dev . The attacker may then create a symbolic link to the newly-created device in a world-writable directory under /dev , such as /dev/shm. ” read a Sudo alert . “ This file will be used as the command ’ s standard input , output and error when an SELinux role is specified on the sudo command line . If the symbolic link under /dev/shm is replaced with a link to an another file before it is opened by sudo , it is possible to overwrite an arbitrary file by writing to the standard output or standard error . This can be escalated to full root access by rewriting a trusted file such as /etc/shadow or even /etc/sudoers. ” The Linux flaw affects Vulnerability-related.DiscoverVulnerability all Sudo versions from 1.8.6p7 through 1.8.20 , the Sudo 1.8.20p1 fixes Vulnerability-related.PatchVulnerability it , the issue was rated with a CVSS3 Base Score of 7.8 .

As part of Unit 42 ’ s ongoing threat research , we can now disclose Vulnerability-related.DiscoverVulnerability that Palo Alto Networks Unit 42 researchers have discovered Vulnerability-related.DiscoverVulnerability two code execution vulnerabilities affecting Vulnerability-related.DiscoverVulnerability Microsoft Office that were addressed Vulnerability-related.PatchVulnerability in Microsoft ’ s May 2017 monthly security update release : For current customers with a Threat Prevention subscription , Palo Alto Networks has also released Vulnerability-related.PatchVulnerability IPS signatures providing proactive protection from these vulnerabilities . Traps , Palo Alto Networks advanced endpoint solution , can block memory corruption based exploits of this nature . Palo Alto Networks is a regular contributor to vulnerability research in Microsoft , Adobe , Apple , Google Android and other ecosystems . By proactively identifying Vulnerability-related.DiscoverVulnerability these vulnerabilities , developing protections for our customers , and sharing the information with the security community , we are removing weapons used by attackers to threaten users , and compromise enterprise , government , and service provider networks .

As part of Unit 42 ’ s ongoing threat research , we can now disclose that Palo Alto Networks Unit 42 researchers have discovered Vulnerability-related.DiscoverVulnerability two code execution vulnerabilities affecting Vulnerability-related.DiscoverVulnerability Adobe Flash ( APSB17-04 ) that were addressed Vulnerability-related.PatchVulnerability in Adobe ’ s monthly security update release Vulnerability-related.PatchVulnerability : For current customers with a Threat Prevention subscription , Palo Alto Networks has also released IPS signatures providing proactive protection from these vulnerabilities . Traps , Palo Alto Networks advanced endpoint solution , can block memory corruption based exploits of this nature . Palo Alto Networks is a regular contributor to vulnerability research in Microsoft , Adobe , Apple , Google Android and other ecosystems . By proactively identifying these vulnerabilities , developing protections for our customers , and sharing the information with the security community , we are removing weapons used by attackers to threaten users , and compromise enterprise , government , and service provider networks