iOS 10.3 , released Vulnerability-related.PatchVulnerability to the public on Monday , patches Vulnerability-related.PatchVulnerability a bug that allowed bad actors to use a JavaScript pop-up in Safari in an attempt to extort money Attack.Ransom from iOS users . Security firm Lookout ( via Ars Technica ) said the scammers would target Safari users who viewed pornography by placing malicious scripts on various pornographic website that would create an endless pop-up loop that basically locked the browser , if an uninformed user didn ’ t know how to get around the flaw . The scammers abused the handling of pop-ups in Mobile Safari in such a way that a person would be “ locked ” out from using Safari unless they paid a fee Attack.Ransom — or knew they could simply clear Safari ’ s cache ( see next section ) . The attack was contained within the app sandbox of the Safari browser ; no exploit code was used in this campaign , unlike an advanced attack like Pegasus that breaks out of the app sandbox to install malware on the device . The scammers registered domains and launched the attack from the domains they owned , such as police-pay [ . ] com , which the attackers apparently named with the intent of scaring users looking for certain types of material on the Internet into paying money . The pop-ups claimed to be Attack.Phishing from law-enforcement personnel , and claimed the only way to get control of the browser back was to pay a fine Attack.Ransom in the form of an iTunes gift card code delivered via text message . Users actually could have gotten out of the pop-up loop by manually clearing the Safari browser cache . However , a new or otherwise uninformed user might believe they actually needed to pay the ransom Attack.Ransom before regaining control of their browser . “ The attackers effectively used fear as a factor to get what they wanted before the victim realized that there was little actual risk , ” Lookout researchers Andrew Blaich and Jeremy Richards said . iOS 10.3 changes the way pop-up dialogs work in Safari . Previously , a pop-up dialog took over the entire Safari app . Now , pop-ups are only per tab . iOS users who are hit by the scam before updating to iOS 10.3 can clear their browsing cache by going to “ Settings ” - > “ Safari ” and tapping : “ Clear History and Website Data . ”

Microsoft published earlier today the Patch Tuesday security bulletin for May 2018 , containing Vulnerability-related.PatchVulnerability fixes for 67 security issues . This month , Microsoft fixed Vulnerability-related.PatchVulnerability security flaws in Microsoft Windows , Internet Explorer , Microsoft Edge , ChakraCore , .NET Framework , Microsoft Exchange Server , Windows Host Compute Service Shim , and Microsoft Office and Microsoft Office Services and Web Apps . Microsoft patches Vulnerability-related.PatchVulnerability two zero-days The biggest issue patched Vulnerability-related.PatchVulnerability this month is a zero-day in Internet Explorer that has been abused by a cyber-espionage campaign earlier this month . The zero-day ( CVE-2018-8174 ) affects Vulnerability-related.DiscoverVulnerability not only IE but also any other projects that embed the IE web rendering engine . Microsoft credited researchers from both Qihoo 360 Core Security and Kaspersky Lab for discovering Vulnerability-related.DiscoverVulnerability this issue . The second zero-day is CVE-2018-8120 , an elevation-of-privilege vulnerability in the Win32k component . `` An attacker who successfully exploited Vulnerability-related.DiscoverVulnerability this vulnerability could run arbitrary code in kernel mode . An attacker could then install programs ; view , change , or delete data ; or create new accounts with full user rights , '' Microsoft says . But the flaw is not as dangerous as it sounds , as an attacker already needs a foothold on Windows systems to run his malicious code in the first place , to elevate his access rights . Microsoft also patched Vulnerability-related.PatchVulnerability CVE-2018-8141 ( Windows Kernel Information Disclosure Vulnerability ) and CVE-2018-8170 ( Windows Image Elevation of Privilege Vulnerability ) , for which exploitation details became public . Despite info about these two flaws being published Vulnerability-related.DiscoverVulnerability online , Microsoft says Vulnerability-related.DiscoverVulnerability none were exploited Vulnerability-related.DiscoverVulnerability in the wild . Flash fixes also included Last but not least , the Microsoft May 2018 Patch Tuesday also included a patch for an Adobe Flash Player vulnerability ( CVE-2018-4944 ) that Adobe patched Vulnerability-related.PatchVulnerability earlier today . Below is a table listing of all the security issues Microsoft fixed Vulnerability-related.PatchVulnerability this month . We used PowerShell and the Microsoft API to assemble the table below , but the report is much longer . We hosted the full report on GitHub , here .

Cisco patches Vulnerability-related.PatchVulnerability a severe flaw in switch deployment software that can be attacked with crafted messages sent to a port that 's open by default . Cisco has released Vulnerability-related.PatchVulnerability patches for 34 vulnerabilities mostly affecting Vulnerability-related.DiscoverVulnerability its IOS and IOS XE networking software , including three critical remote code execution security bugs . Perhaps the most serious issue Cisco has released Vulnerability-related.PatchVulnerability a patch for is critical bug CVE-2018-0171 affecting Vulnerability-related.DiscoverVulnerability Smart Install , a Cisco client for quickly deploying new switches for Cisco IOS Software and Cisco IOS XE Software . A remote unauthenticated attacker can exploit a flaw in the client to reload an affected device and cause a denial of service or execute arbitrary code . Embedi , the security firm that found Vulnerability-related.DiscoverVulnerability the flaw , initially believed it could only be exploited Vulnerability-related.DiscoverVulnerability within an enterprise 's network . However , it found Vulnerability-related.DiscoverVulnerability millions of affected devices exposed on the internet . `` Because in a securely configured network , Smart Install technology participants should not be accessible through the internet . But scanning the internet has shown that this is not true , '' wrote Embedi . `` During a short scan of the internet , we detected 250,000 vulnerable devices and 8.5 million devices that have a vulnerable port open . '' Smart Install is supported by a broad range of Cisco routers and switches . The high number of devices with an open port is probably because the Smart Install client 's port TCP 4786 is open by default . This situation is overlooked by network admins , Embedi said . The company has also published Vulnerability-related.DiscoverVulnerability proof-of-concept exploit code , so it probably will be urgent for admins to patch Vulnerability-related.PatchVulnerability . An attacker can exploit the bug by sending Attack.Phishing a crafted Smart Install message to these devices on TCP port 4786 , according to Cisco . Embedi discovered Vulnerability-related.DiscoverVulnerability the flaw last year , landing it an award at the GeekPwn conference in Hong Kong last May , and reported Vulnerability-related.DiscoverVulnerability it to Cisco in September . Cisco 's internal testing also turned up Vulnerability-related.DiscoverVulnerability a critical issue in its IOS XE software , CVE-2018-0150 , due to an undocumented user account that has a default username and password . Cisco warns Vulnerability-related.DiscoverVulnerability that an attacker could use this account to remotely connect to a device running the software . Cisco engineers also found Vulnerability-related.DiscoverVulnerability CVE-2018-0151 , a remote code execution bug in the QoS subsystem of IOS and IOS XE . `` The vulnerability is due to incorrect bounds checking of certain values in packets that are destined for UDP port 18999 of an affected device . An attacker could exploit this vulnerability by sending malicious packets to an affected device , '' writes Cisco . All three bugs were given a CVSS score of 9.8 out of 10 .

Researchers at Germany-based security firm Cure53 have conducted a 32-day audit of the Network Time Protocol ( NTP ) and the NTPsec project and discovered Vulnerability-related.DiscoverVulnerability more than a dozen vulnerabilities . Experts identified Vulnerability-related.DiscoverVulnerability a total of 16 security-related issues , including 8 weaknesses that only affect Vulnerability-related.DiscoverVulnerability NTP and two that only impact Vulnerability-related.DiscoverVulnerability NTPsec , which is meant to be a secure , hardened and improved implementation of NTP . Cure53 has published separate reports focusing on the NTP and NTPsec problems . The Network Time Foundation addressed Vulnerability-related.PatchVulnerability the flaws earlier this month with the release of ntp-4.2.8p10 . Cure53 has classified Vulnerability-related.DiscoverVulnerability one vulnerability as being critical . CVE-2017-6460 , which only affects Vulnerability-related.DiscoverVulnerability NTP , has been described Vulnerability-related.DiscoverVulnerability as a stack-based buffer overflow that can be triggered by a malicious server when a client requests the restriction list . The flaw can be exploited Vulnerability-related.DiscoverVulnerability to cause a crash and possibly to execute arbitrary code . The security holes rated Vulnerability-related.DiscoverVulnerability by Cure53 as high severity are CVE-2017-6463 and CVE-2017-6464 , both of which can be exploited Vulnerability-related.DiscoverVulnerability for DoS attacks . It ’ s worth noting that while some of the vulnerabilities have been classified Vulnerability-related.DiscoverVulnerability as critical and high severity by Cure53 , NTP developers have only assigned Vulnerability-related.DiscoverVulnerability medium , low and informational-level severity ratings to the discovered flaws . Ntp-4.2.8p10 patches Vulnerability-related.PatchVulnerability a total of 15 vulnerabilities and also includes just as many non-security fixes and improvements . Of the 15 security holes resolved Vulnerability-related.PatchVulnerability in the latest version , 14 were discovered Vulnerability-related.DiscoverVulnerability by Cure53 , which also noticed Vulnerability-related.DiscoverVulnerability that a flaw initially patched Vulnerability-related.PatchVulnerability in December 2014 was reintroduced Vulnerability-related.DiscoverVulnerability in November 2016 . One of the vulnerabilities fixed Vulnerability-related.PatchVulnerability in ntp-4.2.8p10 was reported Vulnerability-related.DiscoverVulnerability by researchers at Cisco Talos . Experts identified Vulnerability-related.DiscoverVulnerability a DoS vulnerability affecting Vulnerability-related.DiscoverVulnerability the origin timestamp check functionality

As everyone in TV-land knows , established broadcasters have been losing eyeballs to streaming companies such as Netflix and Amazon and their big-budget “ event ” shows . The upstarts look unstoppable but might an obscure hacker called The Dark Overlord , previously connected to health sector data extortion Attack.Ransom , have spotted an important flaw in the model ? Last week , Netflix found itself on the receiving end of a ransom demand Attack.Ransom from the individual or group , making unconfirmed demands Attack.Ransom in return for not releasing the unseen series 5 of the hit Orange Is the New Black , starring Dascha Polanco ( pictured , at Toronto Pride ) to the web . The company , understandably , refused to play ball and on Saturday reports emerged that a number of episodes had appeared on a popular torrenting service , the name of which it behoves us not to mention for reasons including the high risk of encountering malware . Visiting that resource , we managed to find one file with mention of a “ press release ” that has since been expunged , including from web caches . It reportedly read : We ’ ve decided to release Episodes 2-10 of “ Orange Is The New Black ” Season 5 after many lengthy discussions at the office where alcohol was present . Separately , the group ’ s Twitter feed crowed : And so let it be read that the loathsome giants do too fall . Hello Netflix , we ’ ve arrived . The account threatened the release of material stolen Attack.Databreach from other media companies , including ABC , National Geographic and Fox . Netflix acknowledged the leak Attack.Databreach , which it said was caused by a breach Attack.Databreach at a “ production vendor ” also used by other TV studios . Netflix is cleverly covering its back by pointing the level of integration – and vulnerability – in the TV industry , but there is no question the breach still lands at its door . It ’ s not clear whether the way streaming services process digital content is that different or less secure from established broadcasters but the minute a show exists in a form that can be copied it becomes vulnerable to theft . The BBC found this out to its cost when an episode of the Russian version of Sherlock found its way on to the internet before it was due to be broadcast . And yet , defying cybersecurity breach orthodoxy , perhaps this particular breach isn ’ t so bad after all : on Monday , Netflix ’ s share price even rose . One reason might be that content breaches Attack.Databreach aren ’ t the same as ones involving customer data . The latter will cost the victim organisation money , court time and , in most countries , regulatory investigation . A few people watching a Netflix show earlier than normal seems minor by comparison as long as it doesn ’ t happen too often . Assuming the company patches Vulnerability-related.PatchVulnerability the hole that let its show be thieved , it ’ s not stretching it to suggest The Dark Overlord ’ s leaking Attack.Databreach could even have given Orange Is the New Black an unintended publicity jump . Presumably that ’ s not what The Dark Overlord intended although it ’ s also possible this has always been about self-regarding publicity as much as simple extortion for money Attack.Ransom . If so , Netflix is starting to look like the winner on that front too .

Polish security expert Dawid Golunski has discovered Vulnerability-related.DiscoverVulnerability a zero-day in the WordPress password reset mechanism that would allow an attacker to obtain the password reset link , under certain circumstances . The researcher published his findings Vulnerability-related.DiscoverVulnerability yesterday , after reporting Vulnerability-related.DiscoverVulnerability the flaw to the WordPress security team last July . After more than ten months and no progress , Golunski decided to go public and inform Vulnerability-related.DiscoverVulnerability WordPress site owners of this issue so they could protect their sites by other means . The issue , tracked Vulnerability-related.DiscoverVulnerability via the CVE-2017-8295 identifier , affects Vulnerability-related.DiscoverVulnerability all WordPress versions and is related to how WordPress sites put together the password reset emails . According to Golunski , an attacker can craft a malicious HTTP request that triggers a tainted password reset operation by injecting a custom SERVER_NAME variable , such as `` attacker-domain.com '' . This means that when the WordPress site puts together the password reset email , the `` From '' and `` Return-Path '' values will be in the form of `` wordpress @ attacker-domain.com '' . Most users would think this zero-day is useless , as the attacker would n't achieve anything more than sending Attack.Phishing a password reset email to the legitimate site owner , but from the wrong Sender address . These complex exploitation scenarios are most likely the main reason why the WordPress team has not prioritized patching Vulnerability-related.PatchVulnerability this issue until now . The same opinion is shared by security experts from Sucuri , a vendor of web-based security products , recently acquired by GoDaddy . `` The vulnerability exists Vulnerability-related.DiscoverVulnerability , but is not as critical as advertised for several reasons , '' said Sucuri vulnerability researcher Marc Montpas . `` The whole attack relies on the fact that the victim 's email is not accessible at the time the attack is occurring , which greatly reduces the chance of a successful attack . '' His colleague , Denis Sinegubko , also shared his thoughts on the issue . `` After a brief reading and assuming the attack works , it has limited impact as it requires an individual site to be accessible by IP address , so will not work for most sites on shared servers . Only for poorly configured dedicated servers . '' `` The whole attack scenario is theoretically possible but in practice , I do n't see thousands of sites getting hacked because of this vulnerability any time soon , '' Montpas added . But if some users are not willing to take risks , webmasters managing high-value sites looking for a way to prevent exploitation of this zero-day have some options at their dispossable . `` As a temporary solution users can enable UseCanonicalName to enforce [ a ] static SERVER_NAME value , '' Golunski proposes . On Reddit , other users also recommended that site owners `` create a dummy vhost that catches all requests with unrecognized Host headers . '' Depending on your technical prowess , you can also experiment with other mitigations discussed in this Reddit thread , at least until the WordPress team patches Vulnerability-related.PatchVulnerability this issue .

A remote hijacking flaw that lurked in Intel chips for seven years was more severe than many people imagined , because it allowed hackers to remotely gain administrative control over huge fleets of computers without entering a password . This is according to technical analyses published Friday . Further ReadingIntel patches Vulnerability-related.PatchVulnerability remote hijacking vulnerability that lurked in chips for 7 years . As Ars reported Vulnerability-related.DiscoverVulnerability Monday , the authentication bypass vulnerability resides in Vulnerability-related.DiscoverVulnerability a feature known as Active Management Technology . AMT , as it 's usually called , allows system administrators to perform a variety of powerful tasks over a remote connection . Among the capabilities : changing the code that boots up computers , accessing the computer 's mouse , keyboard , and monitor , loading and executing programs , and remotely powering on computers that are turned off . In short , AMT makes it possible to log into a computer and exercise the same control enjoyed by administrators with physical access . AMT , which is available with many vPro processors , was set up to require a password before it could be remotely accessed over a Web browser interface . But , remarkably , that authentication mechanism can be bypassed by entering no text at all . According to a blog post published Friday by Tenable Network Security , the cryptographic hash that the interface 's digest access authentication requires to verify someone is authorized to log in can be anything at all , including no string at all . `` Authentication still worked '' even when the wrong hash was entered , Tenable Director of Reverse Engineering Carlos Perez wrote . `` We had discovered a complete bypass of the authentication scheme . '' A separate technical analysis from Embedi , the security firm Intel credited with first disclosing Vulnerability-related.DiscoverVulnerability the vulnerability , arrived at the same conclusion . Embedi e-mailed the analysis to reporters , but did n't publish it online . Making matters worse , unauthorized accesses typically are n't logged by the PC because AMT has direct access to the computer 's network hardware . When AMT is enabled , all network packets are redirected to the Intel Management Engine and from there to the AMT . The packets bypass the OS completely . The vulnerable management features were made available in some but not all Intel chipsets starting in 2010 , Embedi has said . In a blog post published Friday , Intel officials said they expect PC makers to release Vulnerability-related.PatchVulnerability a patch next week . The releases will update Vulnerability-related.PatchVulnerability Intel firmware , meaning patching Vulnerability-related.PatchVulnerability will require that each vulnerable chip set is reflashed . In the meantime , Intel is urging customers to download and run this discovery tool to diagnose potentially vulnerable computers . Systems that test positive should be temporarily secured using this mitigation guide until a patch is supplied Vulnerability-related.PatchVulnerability . Computer makers Fujitsu , HP , and Lenovo , have also issued advisories for specific models they sell .

SEATTLE — When malicious software first became a serious problem on the internet about 15 years ago , most people agreed that the biggest villain , after the authors of the damaging code , was Microsoft . As a new cyberattack continues to sweep across the globe , the company is once again at the center of the debate over who is to blame for a vicious strain of malware demanding ransom Attack.Ransom from victims in exchange for the unlocking of their digital files . This time , though , Microsoft believes others should share responsibility for the attack , an assault that targeted flaws in the Windows operating system . On Sunday , Brad Smith , Microsoft ’ s president and chief legal officer , wrote a blog post describing the company ’ s efforts to stop the ransomware ’ s spread , including an unusual step it took to release Vulnerability-related.PatchVulnerability a security update for versions of Windows that Microsoft no longer supports . Mr. Smith wrote , “ As a technology company , we at Microsoft have the first responsibility to address Vulnerability-related.PatchVulnerability these issues. ” He went on , though , to emphasize that the attack had demonstrated the “ degree to which cybersecurity has become a shared responsibility between tech companies and customers , ” the latter of whom must update their systems if they want to be protected . He also pointed his finger at intelligence services , since the latest vulnerability appeared to have been leaked from the National Security Agency . On Monday , a Microsoft spokesman declined to comment beyond Mr. Smith ’ s post . Microsoft has recognized the risk that cybersecurity poses to it since about 2002 , when Bill Gates , the former chief executive , issued a call to arms inside the company after a wave of malicious software began infecting Windows PCs connected to the internet . “ As software has become ever more complex , interdependent and interconnected , our reputation as a company has in turn become more vulnerable , ” Mr. Gates wrote in an email to employees identifying trustworthy computing as Microsoft ’ s top priority . “ Flaws in a single Microsoft product , service or policy not only affect Vulnerability-related.DiscoverVulnerability the quality of our platform and services overall , but also our customers ’ view of us as a company. ” Since then , the company has poured billions of dollars into security initiatives , employing more than 3,500 engineers dedicated to security . In March , it released Vulnerability-related.PatchVulnerability a software patch that addressed Vulnerability-related.PatchVulnerability the vulnerability exploited by the ransomware , known as WannaCry , protecting systems such as Windows 10 , its latest operating system . Yet security flaws in older editions of Windows persist . The company no longer provides Vulnerability-related.PatchVulnerability regular software updates to Windows XP , a version first released in 2001 , unless customers pay for “ custom support , ” a practice some observers believe has put users at risk . Late Friday , Microsoft took the unusual step of making patches Vulnerability-related.PatchVulnerability that protect older systems against WannaCry , including Windows XP , free . “ Companies like Microsoft should discard the idea that they can abandon people using older software , ” Zeynep Tufekci , an associate professor at the school of information and library science at the University of North Carolina , wrote in a New York Times opinion piece over the weekend . “ The money they made from these customers hasn ’ t expired ; neither has their responsibility to fix defects. ” But security experts challenged that argument , saying that Microsoft could not be expected to keep updating old software products indefinitely . Providing Vulnerability-related.PatchVulnerability updates to older systems could make computers more insecure by removing an incentive for users to modernize , Mikko Hypponen , the chief research officer of F-Secure , a security firm . “ I can understand why they issued Vulnerability-related.PatchVulnerability an emergency patch for XP after WannaCry was found , but in general , we should just let XP die , ” Mr. Hypponen said .

IP cameras manufactured by Chinese vendor Fosscam are riddled Vulnerability-related.DiscoverVulnerability with security flaws that allow an attacker to take over the device and penetrate your network . The issues came to light yesterday when Finnish cyber-security firm F-Secure published Vulnerability-related.DiscoverVulnerability its findings after Fosscam failed to answer bug reports Vulnerability-related.DiscoverVulnerability and patch Vulnerability-related.PatchVulnerability its firmware . Below is a list of 18 vulnerabilities researchers discovered Vulnerability-related.DiscoverVulnerability in Fosscam IP cameras : The variety of issues F-Secure researchers discovered Vulnerability-related.DiscoverVulnerability means there are multiple ways an attacker can hack one of these devices and use it for various operations . `` For example , an attacker can view the video feed , control the camera operation , and upload and download files from the built-in FTP server , '' F-Secure says. `` They can stop or freeze the video feed , and use the compromised device for further actions such as DDoS or other malicious activity . '' `` If the device is in a corporate local area network , and the attacker gains access to the network , they can compromise the device and infect it with a persistent remote access malware . The malware would then allow the attacker unfettered access to the corporate network and the associated resources , '' researchers added . F-Secure researchers say Vulnerability-related.DiscoverVulnerability all these vulnerabilities have been confirmed Vulnerability-related.DiscoverVulnerability in Fosscam C2 models , but also in Opticam i5 , an IP camera sold by another vendor , but based on a white-label Fosscam device . In fact , researchers suspect that Fosscam has sold the vulnerable IP camera model as a white-label product , which other companies bought , plastered their logo on top , and resold as their own devices . F-Secure says it identified 14 other vendors that sell Fosscam made cameras , but they have not tested their products as of yet . F-Secure recommends that network administrators remove any Fosscam made IP camera from their network until the Chinese company patches Vulnerability-related.PatchVulnerability its firmware .

Adobe has patched Vulnerability-related.PatchVulnerability two critical flaws in Acrobat and Reader that warrant urgent attention . Officially , Adobe patches Vulnerability-related.PatchVulnerability security vulnerabilities around the middle of each month to coordinate with Microsoft ’ s Patch Tuesday , but recently it ’ s become almost routine for the company to issue Vulnerability-related.PatchVulnerability out-of-band updates in between . APSB19-02 , the first of such updates to reach customers in the new year , addresses Vulnerability-related.PatchVulnerability critical flaws with a priority rating of ‘ 2 ’ . That means that the flaw is potentially serious , but Adobe hasn ’ t detected Vulnerability-related.DiscoverVulnerability any real-world exploits ( the latter would entail issuing Vulnerability-related.PatchVulnerability an ‘ emergency ’ patch with a ‘ 1 ’ rating ) . The first flaw , identified Vulnerability-related.DiscoverVulnerability as CVE-2018-16011 , is described Vulnerability-related.DiscoverVulnerability by Adobe as a use-after-free bug that could be exploited Vulnerability-related.DiscoverVulnerability using a maliciously crafted PDF to take control of a target system with their malware of choice . The second , CVE-2018-16018 ( replacing CVE-2018-19725 ) , is a security bypass targeting JavaScript API restrictions on Adobe Reader DC and seems to have been in the works since before Christmas , affecting Vulnerability-related.DiscoverVulnerability all versions of Window and macOS Acrobat DC/Reader 2019.010.20064 and earlier , the fix in both cases is to update Vulnerability-related.PatchVulnerability to 2019.010.20069 . For the legacy Acrobat/Reader 2017 2017.011.30110 and Acrobat/Reader DC 2015 2015.006.30461 , the updates take those to 2017.011.30113 and 2015.006.30464 respectively . As critical flaws with a ‘ 2 ’ rating , there is a suggested 30-day window within which to apply Vulnerability-related.PatchVulnerability the updates , but it ’ s worth bearing in mind that a new round of patches will likely be offered Vulnerability-related.PatchVulnerability for Adobe products tomorrow as part of Patch Tuesday . In December ’ s Patch Tuesday , Adobe released Vulnerability-related.PatchVulnerability a not inconsiderable 87 patches , including 39 rated critical . Only days before , Adobe issued Vulnerability-related.PatchVulnerability an emergency Flash patch for a zero-day vulnerability that was being exploited Vulnerability-related.DiscoverVulnerability , while in November Flash received Vulnerability-related.PatchVulnerability a separate patch for one whose exploitation was believed to be imminent .

The zero-day memory corruption flaw resides in Vulnerability-related.DiscoverVulnerability the implementation of the SMB ( server message block ) network file sharing protocol that could allow a remote , unauthenticated attacker to crash systems with denial of service attack , which would then open them to more possible attacks . According to US-CERT , the vulnerability could also be exploited Vulnerability-related.DiscoverVulnerability to execute arbitrary code with Windows kernel privileges on vulnerable systems , but this has not been confirmed Vulnerability-related.DiscoverVulnerability right now by Microsoft . Without revealing Vulnerability-related.DiscoverVulnerability the actual scope of the vulnerability and the kind of threat the exploit poses , Microsoft has just downplayed Vulnerability-related.DiscoverVulnerability the severity of the issue , saying : `` Windows is the only platform with a customer commitment to investigate reported security issues , and proactively update impacted devices as soon as possible . We recommend customers use Windows 10 and the Microsoft Edge browser for the best protection . '' However , the proof-of-concept exploit code , Win10.py , has already been released Vulnerability-related.DiscoverVulnerability publicly for Windows 10 by security researcher Laurent Gaffie and does not require targets to use a browser . The memory corruption flaw resides in Vulnerability-related.DiscoverVulnerability the manner in which Windows handles SMB traffic that could be exploited Vulnerability-related.DiscoverVulnerability by attackers ; all they need is tricking victims to connect to a malicious SMB server , which could be easily done using clever social engineering tricks . `` In particular , Windows fails to properly handle a server response that contains too many bytes following the structure defined in the SMB2 TREE_CONNECT Response structure , '' CERT said in the advisory . `` By connecting to a malicious SMB server , a vulnerable Windows client system may crash ( BSOD ) in mrxsmb20.sys . '' Since the exploit code is now publicly available to everyone and there is no official patch from Microsoft , all Windows users are left open to potential attacks at this time . Until Microsoft patches Vulnerability-related.PatchVulnerability the memory corruption flaw ( most probably in the upcoming Windows update or out-of-band patch ) , Windows users can temporarily fix Vulnerability-related.PatchVulnerability the issue by blocking outbound SMB connections ( TCP ports 139 and 445 and UDP ports 137 and 138 ) from the local network to the WAN .

A handful of worrisome vulnerabilities in Honeywell building automation system software disclosed Vulnerability-related.DiscoverVulnerability last week are case in point of how far the industry continues to lag in securing SCADA and industrial control systems . Honeywell published in September new firmware that patches Vulnerability-related.PatchVulnerability vulnerabilities privately disclosed Vulnerability-related.DiscoverVulnerability by researcher Maxim Rupp in its XL Web II controllers . The flaws could give an attacker the ability to access relatively unprotected credentials and use those to manipulate , for example , environmental controls inside a building . While these aren ’ t critical infrastructure systems such as wastewater , energy or manufacturing , building automation system hacks can be expensive to remedy , and in a worst-case scenario , afford an attacker the ability to pivot to a corporate network . Experts told Threatpost that building automation systems can be used to remotely manage heating , air conditioning , water , lighting and door security , and help reduce building operations costs . They ’ re also popping up as more and more buildings go green ; such systems , for example , are crucial to Leadership in Energy and Environmental Design ( LEED ) certification from the United States Green Building Council . “ The main risk from this is a super simple method of accessing building system HMIs , whether for mischief or maybe even ransom . Controllers like this provide an easy interface to operating the entire building system , no additional programming knowledge or protocol expertise required , ” said Michael Toecker of Context Information Security . Unless very poorly designed , a user can ’ t damage equipment from the HMI , but they can make the building inhospitable , inefficient , and expensive to fix ” . The Industrial Control System Cyber Emergency Response Team ( ICS-CERT ) issued Vulnerability-related.DiscoverVulnerability an advisory last Thursday warning Vulnerability-related.DiscoverVulnerability of five vulnerabilities in the Honeywell XL1000C500 XLWebExe-2-01-00 and prior , and XLWeb 500 XLWebExe-1-02-08 and prior . Four of the five are authentication-related Vulnerability-related.DiscoverVulnerability flaws , the most serious of which involved passwords either stored in clear text or reachable by accessing a particular URL . A user with low privileges could also open and change parameters via a URL , ICS-CERT said . Honeywell also patched Vulnerability-related.PatchVulnerability a session fixation vulnerability allowing an attacker to establish new users sessions without invalidating prior sessions , giving them access to authenticated sessions . It also patched Vulnerability-related.PatchVulnerability a path traversal bug that allowed attackers to carry out directory traversal attacks via a URL .

Discovered Vulnerability-related.DiscoverVulnerability by a security researcher who goes by the name of Zenofex , these security flaws have not been reported Vulnerability-related.DiscoverVulnerability to Western Digital , are still unpatched Vulnerability-related.PatchVulnerability , and with public exploit code is available for more than half of the vulnerabilities . According to Zenofex multiple WD MyCloud NAS device models are affected Vulnerability-related.DiscoverVulnerability , such as : Zenofex 's decision not to inform Vulnerability-related.DiscoverVulnerability Western Digital came after the researcher attended a security conference last year , where other infosec professionals complained about Western Digital ignoring vulnerability reports Vulnerability-related.DiscoverVulnerability . It was at the same conference , Black Hat USA 2016 , where Western Digital also won a Pwnie Award in a category called `` Lamest Vendor Response . '' `` Ignoring these bugs would leave the vulnerable devices online for longer periods while responsible disclosure Vulnerability-related.DiscoverVulnerability is worked out , '' Zenofex argued his decision not to wait until Western Digital patches Vulnerability-related.DiscoverVulnerability the security bugs . `` Instead we ’ re attempting to alert Vulnerability-related.DiscoverVulnerability the community of the flaws and hoping that users remove their devices from any public facing portions of their networks , limiting access wherever possible , '' he added . Zenofex , who 's a member of the Exploitee.rs community , says he found Vulnerability-related.DiscoverVulnerability a whopping total of 85 security issues . Based on the exploit code , many of these security flaws can be exploited Vulnerability-related.DiscoverVulnerability by altering cookie values or embedding shell commands in cookie parameters . When the image loads inside their browser , the exploit code executes against the local NAS drive and takes over the device . The most severe of these issues , according to Zenofex , is authentication bypass issue , which ironically was also the easiest to exploit , requiring only the modification of cookie session parameters . And since Murphy 's Law applies to hardware devices as well , things went wrong all the way , and the commands are n't executed under a limited user , but run under root , giving attackers full control over affected devices , allowing them to upload or download data at will .