A Russian vulnerability researcher and exploit developer has published Vulnerability-related.DiscoverVulnerability detailed information about a zero-day vulnerability in VirtualBox . His explanations include step-by-step instructions for exploiting the bug . According to the initial details in the disclosure Vulnerability-related.DiscoverVulnerability , the issue is present Vulnerability-related.DiscoverVulnerability in a shared code base of the virtualization software , available on all supported operating systems . Exploiting Vulnerability-related.DiscoverVulnerability the vulnerability allows an attacker to escape the virtual environment of the guest machine and reach the Ring 3 privilege layer , used for running code from most user programs , with the least privileges . Turning one `` overflow '' into another Sergey Zelenyuk found Vulnerability-related.DiscoverVulnerability that the security bug can be leveraged on virtual machines configured with the Intel PRO/1000 MT Desktop ( 82540EM ) network adapter in Network Address Translation ( NAT ) mode , the default setup that allows the guest system to access external networks . `` The [ Intel PRO/1000 MT Desktop ( 82540EM ) ] has a vulnerability allowing an attacker with root/administrator privileges in a guest to escape to a host ring3 . Then the attacker can use existing techniques to escalate privileges to ring 0 via /dev/vboxdrv , '' Zelenyuk writes Vulnerability-related.DiscoverVulnerability in a technical write-up on Tuesday . Zelenyuk says that an important aspect in getting how the vulnerability works is to understand that context descriptors are processed before data descriptors . The researcher describes the mechanics behind the security flaw in detail , showing how to trigger the necessary conditions to obtain a buffer overflow that could be abused to escape the confinements of the virtual operating system . First , he caused an integer underflow condition using packet descriptors - data segments that allow the network adapter to track network packet data in the system memory . This state was then leveraged to read data from the guest OS to into a heap buffer and cause an overflow condition that could lead to overwriting function pointers ; or to cause a stack overflow condition .

While combing through WikiLeaks’ Vault 7 data dump Attack.Databreach , Cisco has unearthed Vulnerability-related.DiscoverVulnerability a critical vulnerability affecting 300+ of its switches and one gateway that could be exploited Vulnerability-related.DiscoverVulnerability to take over the devices . The flaw is present Vulnerability-related.DiscoverVulnerability in the Cisco Cluster Management Protocol ( CMP ) processing code in Cisco IOS and Cisco IOS XE Software . “ The vulnerability is due to the combination of two factors : the failure to restrict the use of CMP-specific Telnet options only to internal , local communications between cluster members and instead accept and process such options over any Telnet connection to an affected device , and the incorrect processing of malformed CMP-specific Telnet options , ” Cisco explained . An exploit could allow an attacker to execute arbitrary code and obtain full control of the device or cause a reload of the affected device ” . The extensive and complete list of affected devices is provided in the security advisory . Cisco says that they are not aware of any public announcements or active malicious use of the vulnerability , and that they will provide Vulnerability-related.PatchVulnerability free software updates to address Vulnerability-related.PatchVulnerability it ( they don ’ t say when ) . In the meantime , users can mitigate the risk by disabling the Telnet protocol and switching to using SSH . If that ’ s not possible , they can reduce the attack surface by implementing infrastructure access control lists . It also includes indicators of compromise that can be used to detect exploitation attempts

Trade-off between security and usability unlikely to permit systematic surveillance , experts say • This article was originally published on 13 January 2017 . It has been extensively amended ( see endnotes ) following a review by the Guardian ’ s readers ’ editor . A design feature that could potentially allow some encrypted messages to reach unintended recipients is present Vulnerability-related.DiscoverVulnerability within the WhatsApp messaging service . Facebook-owned WhatsApp , which has about one billion users , has not made it widely known that there is an aspect of WhatsApp that results in some messages being re-encrypted and resent automatically , without first giving the sender an opportunity to verify the recipient . Campaigners have expressed concern Vulnerability-related.DiscoverVulnerability about how this aspect of WhatsApp could potentially be exploited Vulnerability-related.DiscoverVulnerability to conduct surveillance . WhatsApp has made privacy and security a primary selling point , and has become a go-to communications tool of activists , dissidents and diplomats . Its end-to-end encryption relies on the generation of unique security keys using the acclaimed Signal protocol , developed by Open Whisper Systems . Keys are exchanged between users to guarantee communications are secure from interception by middlemen . The way WhatsApp implemented the protocol , new keys are generated when – for example – a user gets a new phone or reinstalls the app . Messages for the user which may have been waiting to be delivered while the user was offline are then re-encrypted and resent by the sender automatically , without the sender having had an opportunity to verify that the recipient is the person intended to receive the message . A sender is notified after the event if the sender has opted to turn on a notification in settings , but not otherwise . This aspect of WhatsApp , which increases convenience and reliability of message delivery at the cost of some security , is not inherent to the Signal protocol . If a recipient ’ s security key changes while offline , an in-transit message will fail to be delivered and the sender will be notified of the change in security keys without the message having been resent automatically .