a severe flaw in switch deployment software that can be attacked with crafted messages sent to a port that 's open by default . Cisco has releasedVulnerability-related.PatchVulnerabilitypatches for 34 vulnerabilities mostly affectingVulnerability-related.DiscoverVulnerabilityits IOS and IOS XE networking software , including three critical remote code execution security bugs . Perhaps the most serious issue Cisco has releasedVulnerability-related.PatchVulnerabilitya patch for is critical bug CVE-2018-0171 affectingVulnerability-related.DiscoverVulnerabilitySmart Install , a Cisco client for quickly deploying new switches for Cisco IOS Software and Cisco IOS XE Software . A remote unauthenticated attacker can exploit a flaw in the client to reload an affected device and cause a denial of service or execute arbitrary code . Embedi , the security firm that foundVulnerability-related.DiscoverVulnerabilitythe flaw , initially believed it could only be exploitedVulnerability-related.DiscoverVulnerabilitywithin an enterprise 's network . However , it foundVulnerability-related.DiscoverVulnerabilitymillions of affected devices exposed on the internet . `` Because in a securely configured network , Smart Install technology participants should not be accessible through the internet . But scanning the internet has shown that this is not true , '' wrote Embedi . `` During a short scan of the internet , we detected 250,000 vulnerable devices and 8.5 million devices that have a vulnerable port open . '' Smart Install is supported by a broad range of Cisco routers and switches . The high number of devices with an open port is probably because the Smart Install client 's port TCP 4786 is open by default . This situation is overlooked by network admins , Embedi said . The company has also publishedVulnerability-related.DiscoverVulnerabilityproof-of-concept exploit code , so it probably will be urgent for admins to patchVulnerability-related.PatchVulnerability. An attacker can exploit the bug by sendingAttack.Phishinga crafted Smart Install message to these devices on TCP port 4786 , according to Cisco . Embedi discoveredVulnerability-related.DiscoverVulnerabilitythe flaw last year , landing it an award at the GeekPwn conference in Hong Kong last May , and reportedVulnerability-related.DiscoverVulnerabilityit to Cisco in September . Cisco 's internal testing also turned upVulnerability-related.DiscoverVulnerabilitya critical issue in its IOS XE software , CVE-2018-0150 , due to an undocumented user account that has a default username and password . Cisco warnsVulnerability-related.DiscoverVulnerabilitythat an attacker could use this account to remotely connect to a device running the software . Cisco engineers also foundVulnerability-related.DiscoverVulnerabilityCVE-2018-0151 , a remote code execution bug in the QoS subsystem of IOS and IOS XE . `` The vulnerability is due to incorrect bounds checking of certain values in packets that are destined for UDP port 18999 of an affected device . An attacker could exploit this vulnerability by sending malicious packets to an affected device , '' writes Cisco . All three bugs were given a CVSS score of 9.8 out of 10 .
A week ago the Moodle developers releasedVulnerability-related.PatchVulnerabilityupdates for the still supported branches of the platform : 3.2.2 , 3.1.5 , 3.0.9 and 2.7.19 . The release notes mentioned that `` a number of security related issues were resolvedVulnerability-related.PatchVulnerability, '' but did n't provide any additional details about their nature or impact . The severity of the flaws became apparentVulnerability-related.DiscoverVulnerabilityMonday , when security researcher Netanel Rubin , who foundVulnerability-related.DiscoverVulnerabilitythe vulnerabilities , publishedVulnerability-related.DiscoverVulnerabilitya detailed blog post about them . They do n't seem too critical on their own , but when combined , they allow attackers to create hidden administrative accounts and execute malicious PHP code on the underlying server . The exploit takes advantage of some false assumptions made by the developers , which Rubin described as a logic flaw , an Object Injection , a double SQL injection , and an overly permissive administrative dashboard . The logic issue stems from the reimplementation of a certain function without taking into account decisions made by the original function 's developers . According to the researcher , it is the result of `` having too much code , too many developers and lacking documentation . '' `` Keep in mind that logical vulnerabilities can and will occur in almost all systems featuring a large code base , '' Rubin said . `` Security issues in large code bases is , of course , not Moodle specific . '' Gaining administrative privileges on the Moodle platform is not only dangerous because attackers could install a PHP backdoor by uploading malicious plug-ins or templates , but also because Moodle installations store sensitive and private information about students taking online courses
The IAAF said in a statement the hacking group known as Fancy Bear , which has been linked by western governments and security experts to a Russian spy agency blamed for some of the cyber operations that marred the 2016 U.S. election , was believed to be behind the attack of medical records in February . The hack targeted information concerning applications by athletics for Therapeutic Use Exemptions , the IAAF said . Athletes who had applied for TUEs since 2012 have been contacted and IAAF president , Sebastian Coe , apologized . ” Our first priority is to the athletes who have provided the IAAF with information that they believed would be secure and confidential , ” Coe said in the statement . “ They have our sincerest apologies and our total commitment to continue to do everything in our power to remedy the situation ” . TUEs are issued by sports federations and national anti-doping organizations to allow athletes to take certain banned substances for verified medical needs . The IAAF said that data on athlete TUEs was “ collectedAttack.Databreachfrom a file server and stored on a newly created file ” . “ The attack by Fancy Bear , also known as APT28 , was detected during a proactive investigation carried out by cyber incident response ( CIR ) firm Context Information Security , ” the IAAF said . Private security firms and U.S. officials have said Fancy Bear works primarily on behalf of the GRU , Russia ’ s military intelligence agency . Fancy Bear could not be immediately reached for comment . The group and other Russian hackers were behind the cyber attacks during the U.S. presidential election last year that were intended to discredit Democratic candidate Hillary Clinton and help Donald Trump , a Republican , win , according to U.S. intelligence agencies . It was not known if the information was stolenAttack.Databreachfrom the network , the IAAF said , but the incident was “ a strong indication of the attackers ’ interest and intent , and shows they had accessAttack.Databreachand means to obtainAttack.Databreachcontent from this file at will ” . The attack was uncovered after British company Context Information Security conducted a investigation of the IAAF ’ s systems at the request of the athletics body . Context Information Security said in a separate statement that it was a “ sophisticated intrusion ” and that “ the IAAF have understood the importance and impact of the attack and have provided us comprehensive assistance ” . Last year , Fancy Bear hackedAttack.Databreachinto the World Anti-Doping Agency ( WADA ) database and publishedAttack.Databreachthe confidential medical records of several dozen athletes . Those included cyclist Bradley Wiggins , the 2012 Tour de France winner and Britain ’ s most decorated Olympian with eight medals , who was revealed to have used TUEs before some races . Wiggins retired last year under something of a cloud after it was revealed he took corticosteroid triamcinolone for asthma , although he broke no anti-doping rules . The IAAF banned Russia ’ s athletics federation after a WADA commission report found evidence of state-sponsored doping . Almost all Russia ’ s athletes missed the track and field events at the Rio Olympics last year and are likely to also miss the world athletics championships in London in August
A group known as the Shadow Brokers publishedVulnerability-related.DiscoverVulnerabilityon Good Friday a set of confidential hacking tools used by the NSA to exploitVulnerability-related.DiscoverVulnerabilitysoftware vulnerabilities in Microsoft Windows software . According to Fortune , Microsoft announcedVulnerability-related.PatchVulnerabilityon the same day that it had patchedVulnerability-related.PatchVulnerabilitythe vulnerabilities related to the NSA leakAttack.Databreach. It was especially important that the company moved quickly since juvenile hackers — also known as script kiddies — were expected to be active over the holiday weekend while defenders were away . The threat was the latest and , according to security experts , the most damaging set of stolen documents publishedAttack.Databreachby the Shadow Brokers , which is believed to be tied to the Russian government . Experts sayVulnerability-related.DiscoverVulnerabilitythe leak , which was mostly lines of computer code , was made up of a variety of “ zero-day exploits ” that can infiltrate Windows machines and then be used for espionage , vandalism or document theft . The group also publishedAttack.Databreachanother set of documents that show that the NSA penetrated the SWIFT banking network in the Middle East . “ There appears to be at least several dozen exploits , including zero-day vulnerabilities , in this release . Some of the exploits even offer a potential ‘ God mode ’ on select Windows systems . A few of the products targeted include Lotus Notes , Lotus Domino , IIS , SMB , Windows XP , Windows 8 , Windows Server 2003 and Windows Server 2012 , ” said Cris Thomas , a strategist at Tenable Network Security . The Shadow Brokers have been threatening the U.S. government for some time but until last Friday had not released anything critical . There is speculation that this document dumpAttack.Databreachcould be retaliation by Russia ( if the hackers are indeed tied to the country ) in response to recent U.S. military actions .
A group known as the Shadow Brokers publishedVulnerability-related.DiscoverVulnerabilityon Good Friday a set of confidential hacking tools used by the NSA to exploitVulnerability-related.DiscoverVulnerabilitysoftware vulnerabilities in Microsoft Windows software . According to Fortune , Microsoft announcedVulnerability-related.PatchVulnerabilityon the same day that it had patchedVulnerability-related.PatchVulnerabilitythe vulnerabilities related to the NSA leakAttack.Databreach. It was especially important that the company moved quickly since juvenile hackers — also known as script kiddies — were expected to be active over the holiday weekend while defenders were away . The threat was the latest and , according to security experts , the most damaging set of stolen documents publishedAttack.Databreachby the Shadow Brokers , which is believed to be tied to the Russian government . Experts sayVulnerability-related.DiscoverVulnerabilitythe leak , which was mostly lines of computer code , was made up of a variety of “ zero-day exploits ” that can infiltrate Windows machines and then be used for espionage , vandalism or document theft . The group also publishedAttack.Databreachanother set of documents that show that the NSA penetrated the SWIFT banking network in the Middle East . “ There appears to be at least several dozen exploits , including zero-day vulnerabilities , in this release . Some of the exploits even offer a potential ‘ God mode ’ on select Windows systems . A few of the products targeted include Lotus Notes , Lotus Domino , IIS , SMB , Windows XP , Windows 8 , Windows Server 2003 and Windows Server 2012 , ” said Cris Thomas , a strategist at Tenable Network Security . The Shadow Brokers have been threatening the U.S. government for some time but until last Friday had not released anything critical . There is speculation that this document dumpAttack.Databreachcould be retaliation by Russia ( if the hackers are indeed tied to the country ) in response to recent U.S. military actions .
A group known as the Shadow Brokers publishedVulnerability-related.DiscoverVulnerabilityon Good Friday a set of confidential hacking tools used by the NSA to exploitVulnerability-related.DiscoverVulnerabilitysoftware vulnerabilities in Microsoft Windows software . According to Fortune , Microsoft announcedVulnerability-related.PatchVulnerabilityon the same day that it had patchedVulnerability-related.PatchVulnerabilitythe vulnerabilities related to the NSA leakAttack.Databreach. It was especially important that the company moved quickly since juvenile hackers — also known as script kiddies — were expected to be active over the holiday weekend while defenders were away . The threat was the latest and , according to security experts , the most damaging set of stolen documents publishedAttack.Databreachby the Shadow Brokers , which is believed to be tied to the Russian government . Experts sayVulnerability-related.DiscoverVulnerabilitythe leak , which was mostly lines of computer code , was made up of a variety of “ zero-day exploits ” that can infiltrate Windows machines and then be used for espionage , vandalism or document theft . The group also publishedAttack.Databreachanother set of documents that show that the NSA penetrated the SWIFT banking network in the Middle East . “ There appears to be at least several dozen exploits , including zero-day vulnerabilities , in this release . Some of the exploits even offer a potential ‘ God mode ’ on select Windows systems . A few of the products targeted include Lotus Notes , Lotus Domino , IIS , SMB , Windows XP , Windows 8 , Windows Server 2003 and Windows Server 2012 , ” said Cris Thomas , a strategist at Tenable Network Security . The Shadow Brokers have been threatening the U.S. government for some time but until last Friday had not released anything critical . There is speculation that this document dumpAttack.Databreachcould be retaliation by Russia ( if the hackers are indeed tied to the country ) in response to recent U.S. military actions .
The mysterious group that claims to have stolen digital weapons once used by the National Security Agency publishedAttack.Databreacha trove of active Microsoft Windows software exploits on Thursday . The code dumpAttack.Databreach, accompanied by a farewell message written in broken English by the enigmatic group the Shadow Brokers , confirms claims implicit in an earlier post Sunday . While the prior message showed filenames , directories and screenshots — implying the existence of these capabilities — along with an associated price tag , today ’ s download provides functional code . Of the 61 files provided in total in the newly released set , only one had ever been catalogued by anti-virus databases , based on a VirusTotal scan conducted earlier Thursday morning . The files contain user mode and kernel mode modules . Notably , the one tool effectively recognized by the virus scanner avoided detection from Malwarebytes , Panda , Comodo and Fortinet products , said Rendition Infosec founder Jake Williams . In their supposed final message , the ShadowBrokers say they are “ making [ an ] exit ” and “ going dark ” — although an associated bitcoin wallet will remain open for new bids . The group claims it will come out of hiding to provide the remaining stolen hacking tools only upon receiving 10,000 bitcoin , or $ 8.13 million worth of the anonymous currency . Cybersecurity experts tell CyberScoop the exploits are outdated because they are designed to work against old versions of Microsoft operating systems . “ This dump contains Windows Implants and not Unix tools , reinforcing the insider theory . And the outdated Windows target of those implants reinforce the opinion that Shadow Brokers only has old dirt , ” said Matt Suiche , founder of United Arab Emirates-based cybersecurity startup Comae Technologies . “ There is no reason to have all the tools of every platforms etc . The exploits can be understood as highly advanced hacking tools that were likely developed and deployed by a sophisticated adversary , like an intelligence service , explained Michael Zeberlein , director of intelligence analysis with Area 1 Security . “ They ’ re basically enterprise class IT infrastructure and systems management functions applied in an offensive fashion . They would help you get very granular control of computers and servers running in an enterprise environment , an entire organization , ” Zeberlein told CyberScoop . “ Really , these tools provide incredible capability ” . “ There ’ s no doubt that this is Equation Group ’ s stuff based on old reporting , ” said Zeberlein . A meticulous analysis associated with Sunday ’ s blog post suggests that the leaked information likely cameAttack.Databreachfrom an insider , rather than a hacker with accessAttack.Databreachto a compromised attack server , based on file configurations , CyberScoop first reported . “ Attackers and defenders around the globe will be reverse engineering these to repurpose [ attacks ] and create defenses , ” Williams said . “ This data , it ’ s a big deal … because it includes information related to client and server components , which will basically help [ intelligence analysts ] trace old breaches back to the Equation Group , ” a former U.S. intelligence official told CyberScoop on the condition of anonymity . The Shadow Brokers first emergedVulnerability-related.DiscoverVulnerabilityon social media in August by similarly dumping operational code for a cohort of old firewall exploits that targeted vulnerabilities in Cisco , Fortinet and Juniper Networks products . Because the source code for these firewall exploits was provided in a public forum , random hackers began using the tools themselves . “ While we can not surmise the attacker ’ s [ Shadow Brokers ] identity or motivation nor where or how this pilfered trove came to be , we can state that several hundred tools from the leakAttack.Databreachshare a strong connection with our previous findings from the Equation Group , ” Kaspersky Lab researchers , many of whom originally helped identify Equation Group ’ s existence in 2015 , wrote in a company blog post in August . The Equation Group is believed to have ties to the NSA
Users of open source webmail software SquirrelMail are open to remote code execution due to a bug ( CVE-2017-7692 ) discoveredVulnerability-related.DiscoverVulnerabilityindependently by two researchers . “ If the target server uses Sendmail and SquirrelMail is configured to use it as a command-line program , it ’ s possible to trick sendmail into using an attacker-provided configuration file that triggers the execution of an arbitrary command , ” the explanation provided by MITRE reads . “ For exploitation , the attacker must upload a sendmail.cf file as an email attachment , and inject the sendmail.cf filename with the -C option within the ‘ Options > Personal Informations > Email Address ’ setting. ” The bug was foundVulnerability-related.DiscoverVulnerabilityby researchers Filippo Cavallarin and Dawid Golunski , independently of one another , and affects SquirrelMail versions 1.4.22 and below . Golunski reportedVulnerability-related.DiscoverVulnerabilityit to SquirrelMail ( sole ) developer Paul Lesniewski , who asked for a delay of publication of the details until he could fixVulnerability-related.PatchVulnerabilitythe flaw . But as Cavallarin publishedVulnerability-related.DiscoverVulnerabilitydetails about it last week ( after not receiving any reply by the SquirrelMail developer ) , Golunski did the same during the weekend . Both researchers providedVulnerability-related.DiscoverVulnerabilitya proof-of-concept exploit for the flaw , and Cavallarin even offeredVulnerability-related.PatchVulnerabilityan unofficial patch for pluggingVulnerability-related.PatchVulnerabilitythe hole . All this prompted Lesniewski to push outVulnerability-related.PatchVulnerabilitya patch on Monday , and new , patched version snapshots of the software ( 1.4.23-svn and 1.5.2-svn ) . He also told The Register that exploitation of the bug is difficult to pull off . “ In order to exploit the bug , a malicious user would need to have already gained control over a mail account by other means , SquirrelMail would need to be configured to allow users to change their outgoing email address ( we recommend keeping this disabled ) , the user would need to determine the location of the attachments directory ( by gaining shell access or making guesses ) , the permissions on said directory and files would need to allow access by other processes ( by default this will usually be the case , but prudent admins will exert more stringent access controls ) and of course , SquirrelMail needs to be configured to send via Sendmail and not SMTP ( default is SMTP ) , ” he explained . Still , according to Golunski , the 1.4.23 version snapshot offeredVulnerability-related.PatchVulnerabilityon Monday was still vulnerableVulnerability-related.DiscoverVulnerability. But another one was pushed outVulnerability-related.PatchVulnerabilitytoday , so it ’ s possible that the issue was finally , definitely fixedVulnerability-related.PatchVulnerability. Users can wait to update their installation until things become more clear , and in the meantime , they can protect themselves by configuring their systems not to use Sendmail .
This is part of an ongoing Motherboard series on the proliferation of phone cracking technology , the people behind it , and who is buying it . Motherboard has obtained 900 GB of data related to Cellebrite , one of the most popular companies in the mobile phone hacking industry . The cache includes customer information , databases , and a vast amount of technical data regarding Cellebrite 's products . The breachAttack.Databreachis the latest chapter in a growing trend of hackers taking matters into their own hands , and stealingAttack.Databreachinformation from companies that specialize in surveillance or hacking technologies . Cellebrite is an Israeli company whose main product , a typically laptop-sized device called the Universal Forensic Extraction Device ( UFED ) , can rip dataAttack.Databreachfrom thousands of different models of mobile phones . That data can include SMS messages , emails , call logs , and much more , as long as the UFED user is in physical possession of the phone . Cellebrite is popular with US federal and state law enforcement , and , according to the hacked data , possibly also with authoritarian regimes such as Russia , the United Arab Emirates , and Turkey . The cache includes alleged usernames and passwords for logging into Cellebrite databases connected to the company 's my.cellebrite domain . This section of the site is used by customers to , among other things , access new software versions . In the majority of cases , this was not possible because the email address was already in use . A customer included in the data confirmed some of their details . The dump also contains what appears to be evidence files from seized mobile phones , and logs from Cellebrite devices . According to the hacker , and judging by timestamps on some of the files , some of the data may have been pulledAttack.Databreachfrom Cellebrite servers last year . `` Cellebrite recently experienced unauthorized access to an external web server , '' the company said in a statement on Thursday after Motherboard informed it of the breach . `` The company is conducting an investigation to determine the extent of the breach . The impacted server included a legacy database backup of my.Cellebrite , the company 's end user license management system . The company had previously migrated to a new user accounts system . Presently , it is known that the information accessed includes basic contact information of users registered for alerts or notifications on Cellebrite products and hashed passwords for users who have not yet migrated to the new system , '' the statement continues . Cellebrite advised customers to change their passwords as a precaution , and added that it is working with relevant authorities to assist in their investigation . Access to Cellebrite 's systems has been traded among a select few in IRC chat rooms , according to the hacker . `` To be honest , had it not been for the recent stance taken by Western governments no one would have known but us , '' the hacker told Motherboard . The hacker expressed disdain for recent changes in surveillance legislation . In 2014 a hacker calling themselves `` PhineasFisher '' publicly released 40GB of data from surveillance company Gamma International . Gamma makes intrusion software that can remotely switch on a target 's webcam , siphon offAttack.Databreachtheir emails , and much more . The following year , PhineasFisher targeted Italian company Hacking Team , and publishedAttack.Databreacha trove of emails and other internal documents from the company . Although the terms of this Cellebrite breachAttack.Databreachare somewhat different—the hacker has not dumpedAttack.Databreachthe files online for anyone to download—similarities seem to remain , especially in the hacker 's vigilante motivation .
The vulnerability was discoveredVulnerability-related.DiscoverVulnerabilityby researchers from the hacking collective the Exploiteers ( formerly GTVHacker ) , who have foundVulnerability-related.DiscoverVulnerabilityvulnerabilities in the Samsung SmartCam devices in the past . The flaw allows for command injection through a web script , even though the vendor has disabled the local web-based management interface in these devices . The Samsung SmartCam is a series of cloud-enabled network security cameras that were originally developed by Samsung Techwin . Samsung sold this division to South Korean business conglomerate Hanwha Group in 2015 and the company was renamed Hanwha Techwin . In response to vulnerabilities reported inVulnerability-related.DiscoverVulnerabilitythe web-based management interface of various SmartCam models over the past few years , Hanwha Techwin decided to completely disable the local administration panel and only allow users to access the cameras through the accompanying smartphone app and its My SmartCam cloud service . The Exploiteers researchers recently analyzed the Samsung SmartCam SNH-1011 and noticed that while accessing the web interface over the local network was no longer possible , the web server was still running on the device and hosted some PHP scripts related to a video monitoring system called iWatch . One of these scripts allows users to update the iWatch software by uploading a file , but has a vulnerability that stems from improper sanitization of the file name . The flaw can be exploitedVulnerability-related.DiscoverVulnerabilityby unauthenticated attackers to inject shell commands that will then be executed by the web server running with root privileges . `` The iWatch Install.php vulnerability can be exploitedVulnerability-related.DiscoverVulnerabilityby crafting a special filename which is then stored within a tar command passed to a php system ( ) call , '' the researchers explainedVulnerability-related.DiscoverVulnerabilityin a blog post Saturday . `` Because the web-server runs as root , the filename is user supplied , and the input is used without sanitization , we are able to inject our own commands within to achieve root remote command execution . '' While the flaw was foundVulnerability-related.DiscoverVulnerabilityin the SNH-1011 model , the researchers believe that it affects the entire Samsung SmartCam series . Ironically the vulnerability can be exploitedVulnerability-related.DiscoverVulnerabilityto turn on the disabled web management interface , whose removal was criticized by some users . The Exploiteers publishedVulnerability-related.DiscoverVulnerabilitya proof-of-concept exploit that does just that .
Details on serious vulnerabilities in a number of routers freely distributed by a major Thai ISP were published onVulnerability-related.DiscoverVulnerabilityMonday after private disclosuresVulnerability-related.DiscoverVulnerabilitymade to the vendors in July went unanswered . Researcher Pedro Ribeiro of Agile Information Security foundVulnerability-related.DiscoverVulnerabilityaccessible admin accounts and command injection vulnerabilities in ZyXel and Billion routers distributed by TrueOnline , Thailand ’ s largest broadband company . Ribeiro saidVulnerability-related.DiscoverVulnerabilityhe disclosedVulnerability-related.DiscoverVulnerabilitythe vulnerabilities through Beyond Security ’ s SecuriTeam Secure Disclosure Program , which contacted the affected vendors last July . Ribeiro publishedVulnerability-related.DiscoverVulnerabilitya proof of concept exploit yesterday as well . Ribeiro toldVulnerability-related.DiscoverVulnerabilityThreatpost he ’ s unsure whether TrueOnline introducedVulnerability-related.DiscoverVulnerabilitythe vulnerabilities as it adds its own customization to the routers , or whether they came from the respective manufacturers . A ZyXel representative told Threatpost the router models are no longer supported and would not comment on whether patches were being developedVulnerability-related.PatchVulnerability. A request for comment from Billion was not returned in time for publication . The commonality between the routers appears to be that they ’ re all based on the TC3162U system-on-a-chip manufactured by TrendChip . Affected routers are the ZyXel P660HN-T v1 and P660HN-T v2 , and Billion 5200 W-T , currently in distribution to TrueOnline customers . The TC3162U chips run two different firmware variants , one called “ ras ” which includes the Allegro RomPage webserver vulnerable to the Misfortne Cookie attacks , and the other called tclinux . The tclinux variant contains the vulnerabilities foundVulnerability-related.DiscoverVulnerabilityby Ribeiro , in particular several ASP files , he saidVulnerability-related.DiscoverVulnerability, are vulnerableVulnerability-related.DiscoverVulnerabilityto command injection attacks . He also cautions that they could be also vulnerable to Misfortune Cookie , but he did not investigate this possibility . “ It should be noted that tclinux contains files and configuration settings in other languages ( for example in Turkish ) . Therefore it is likely that these firmware versions are not specific to TrueOnline , and other ISP customised routers in other countries might also be vulnerable , ” Ribeiro said in his advisory . “ It is also possible that other brands and router models that use the tclinux variant are also affectedVulnerability-related.DiscoverVulnerabilityby the command injection vulnerabilities ( the default accounts are likely to be TrueOnline specific ) ” . In addition to Ribeiro ’ s proof-of-concept , Metasploit modules are availableVulnerability-related.DiscoverVulnerabilityfor three of the vulnerabilities . Most of the vulnerabilities can be exploitedVulnerability-related.DiscoverVulnerabilityremotely , some without authentication . “ These vulnerabilities are present in the web interface . The default credentials are part of the firmware deployed by TrueOnline and they are authorized to perform remote access over the WAN , ” Ribeiro said . “ Due to time and lab constraints I was unable to test whether these routers expose the web interface over the WAN , but given the credentials , it is likely ” . The ZyXel P660HN-T v1 router is vulnerableVulnerability-related.DiscoverVulnerabilityto an unauthenticated command injection attack that can be exploited remotely . Ribeiro saidVulnerability-related.DiscoverVulnerabilityhe foundVulnerability-related.DiscoverVulnerabilitythe vulnerability in the remote system log forwarding function , specifically in the ViewLog.asp page . V2 of the same router containsVulnerability-related.DiscoverVulnerabilitythe same vulnerability , but can not be exploitedVulnerability-related.DiscoverVulnerabilitywithout authentication , he said . “ Unlike in the P660HN-Tv1 , the injection is authenticated and in the logSet.asp page . However , this router contains a hardcoded supervisor password that can be used to exploit this vulnerability , ” Ribeiro said . “ The injection is in the logSet.asp page that sets up remote forwarding of syslog logs , and the parameter vulnerable to injection is the serverIP parameter ” . The Billion 5200W-T is also vulnerableVulnerability-related.DiscoverVulnerabilityto unauthenticated and authenticated command injection attacks ; the vulnerability was foundVulnerability-related.DiscoverVulnerabilityin its adv_remotelog.asp page . “ The Billion 5200W-T router also has several other command injections in its interface , depending on the firmware version , such as an authenticated command injection in tools_time.asp ( uiViewSNTPServer parameter ) , ” Ribeiro said . It should be noted that this router contains several hardcoded administrative accounts that can be used to exploit this vulnerability ” . Ribeiro said default and weak admin credentials were found on the all of the versions and were accessible remotely . The researcher said it ’ s unknown whether the routers can be patched remotely . “ Again , given the existence of default credentials that have remote access , it is likely that it is possible to update the firmware remotely , ” Ribeiro said . Most of iBall baton routers in India are also vulnerableVulnerability-related.DiscoverVulnerabilityto unauthenticated and authenticated command injection attack , i have reason to believe default and weak admin credentials are on the all of the versions and were accessible remotely . i Have I “ Ball WRA150N ” ADSL2+ iBall baton Router.And IBall is never accepting not even taking response to complains and request for latest firmware patches . ASUS patchedVulnerability-related.PatchVulnerabilitya bug that allowed attackers to pair two vulnerabilities to gain direct router access and execute commands as root . Thanks to Meltdown and Spectre , January has already been an extremely busy month of patchingVulnerability-related.PatchVulnerabilityfor Microsoft .
IP cameras manufactured by Chinese vendor Fosscam are riddledVulnerability-related.DiscoverVulnerabilitywith security flaws that allow an attacker to take over the device and penetrate your network . The issues came to light yesterday when Finnish cyber-security firm F-Secure publishedVulnerability-related.DiscoverVulnerabilityits findings after Fosscam failed to answer bug reportsVulnerability-related.DiscoverVulnerabilityand patchVulnerability-related.PatchVulnerabilityits firmware . Below is a list of 18 vulnerabilities researchers discoveredVulnerability-related.DiscoverVulnerabilityin Fosscam IP cameras : The variety of issues F-Secure researchers discoveredVulnerability-related.DiscoverVulnerabilitymeans there are multiple ways an attacker can hack one of these devices and use it for various operations . `` For example , an attacker can view the video feed , control the camera operation , and upload and download files from the built-in FTP server , '' F-Secure says. `` They can stop or freeze the video feed , and use the compromised device for further actions such as DDoS or other malicious activity . '' `` If the device is in a corporate local area network , and the attacker gains access to the network , they can compromise the device and infect it with a persistent remote access malware . The malware would then allow the attacker unfettered access to the corporate network and the associated resources , '' researchers added . F-Secure researchers sayVulnerability-related.DiscoverVulnerabilityall these vulnerabilities have been confirmedVulnerability-related.DiscoverVulnerabilityin Fosscam C2 models , but also in Opticam i5 , an IP camera sold by another vendor , but based on a white-label Fosscam device . In fact , researchers suspect that Fosscam has sold the vulnerable IP camera model as a white-label product , which other companies bought , plastered their logo on top , and resold as their own devices . F-Secure says it identified 14 other vendors that sell Fosscam made cameras , but they have not tested their products as of yet . F-Secure recommends that network administrators remove any Fosscam made IP camera from their network until the Chinese company patchesVulnerability-related.PatchVulnerabilityits firmware .
Are you such a video game fanatic that you simply can ’ t wait to get your paws on sneak previews of upcoming hit titles ? If so , your fervour may be fuelling the criminal activities of an unnamed group of who have targeted a developer of highly popular video games . Best known for developing The Witcher series of role-playing video games , CD Projekt Red took to Twitter to announce that it had been approached by extortionists who claimed to have stolenAttack.Databreachfiles from the company , including “ documents connected to early designs for the upcoming game , Cyberpunk 2077. ” CD Projekt Red says it will not pay the ransom being demandedAttack.Ransomby the thieves , who are threatening to release the stolen files to the general public : “ We will not be giving in to the demandsAttack.Ransomof the individual or individuals that have contacted us , which might eventually lead to the files being published online . The appropriate legal authorities will be informed about the situation. ” “ The documents are old and largely unrepresentative of the current vision for the game . Still , if you ’ re looking forward to playing Cyberpunk 2077 , it would be best for you to avoid any information not coming directly from CD PROJEKT RED. ” I applaud CD Projekt Red ’ s refusal to pay a ransomAttack.Ransom. PayingAttack.Ransomextortionists always runs the risk of encouraging blackmailers to strike again , putting not just your own company but others at further risk . No release date has yet been announced by the Polish game studio for Cyberpunk 2077 , which has been in development for years and is keenly anticipated by the game maker ’ s fans . For CD Projekt RED , the danger is not just whether assets belonging to the game leakingAttack.Databreachinto the public domain mess up its marketing strategy . There is also the risk that the gaming community will be unimpressed with any sneak previews of early versions of the game stolenAttack.Databreachby the hackers , and puncture the hype machine . Recent months have seen a rise in attacksAttack.Ransomwhere hackers have threatened to release a company ’ s intellectual property onto the net unless a ransom is paidAttack.Ransom. A month ago , for instance , The Dark Overlord hacking group attempted to blackmail moneyAttack.Ransomout of Netflix , before deciding to leak as-yet unaired episodes of hit TV show “ Orange is the New Black. ” The same hacking group has previously publishedAttack.Databreach180,000 medical records – including insurance and social security numbers , dates of birth , and payment information – after healthcare firms refused to give in to their demandsAttack.Ransom. Most recently , a chain of cosmetic surgeries in Lithuania warned that hackers were threatening to release the personal details of clients , including photographs . Readers with longer memories may recall that in September 2003 , a German hacker leakedAttack.Databreachthe source code of the game Half-Life 2 onto the internet , much to the delight of internet users who had become fed up with waiting for the long-awaited video game . It doesn ’ t matter that it ’ s not credit card data or passwords that are being stolenAttack.Databreach– theft is theftAttack.Databreach. Just because it ’ s a video game ’ s plans and designs that are being held for ransomAttack.Ransomby the hackers doesn ’ t make any difference . The threat is real – and could have a commercial impact on the game ’ s producer . CD Projekt Red should be applauded for being so transparent about what has happened , as it ’ s easy to imagine many firms would rather sweep bad news like this under the carpet . What we need now is for game fanatics to exercise some patience and self-control , and resist the urge to hunt out a game before the manufacturer is ready to release it officially themselves .
As of June 2016 , more than 150 million active users interact with one another daily via Snapchat . Others are drawn by the service 's more recent features . Those include Snapcash , a method introduced for users to send mobile payments to their friends . Given the app 's popularity , it 's no wonder online criminals have set their sights on hacking users ' Snapchat accounts . For instance , back in late 2013 , a group of hackers publishedAttack.Databreacha database containing the usernames and phone numbers of approximately 4.6 million Snapchat users . Nefarious individuals could have used that information to profile targets across multiple web accounts . We also ca n't forget about the security incidentAttack.Phishingthat occurred back in February 2016 . In that attackAttack.Phishing, someone posed asAttack.Phishingthe company 's CEO and convinced a Snapchat employee to send over payroll information . The successful phish ultimately compromisedAttack.Databreachdozens of employees ' identities . To be fair , a mega breach on the scale of what affected LinkedIn , Tumblr , and Yahoo has yet to strike the messaging app . But that 's not to say criminals are n't trying to find a way into people 's accounts . Hackers clearly have Snapchat in their sights , which is why users need to learn how to spot the warning signs of a hack and how they can recover their accounts if someone compromises them .
Commonly used office printers and multi-function devices can be exploitedVulnerability-related.DiscoverVulnerabilityto leak information and execute code , presenting multiple attack vectors that are often overlooked , a security researcher has foundVulnerability-related.DiscoverVulnerability. Jens Müller from the Ruhr-Universität Bochum in Germany publishedVulnerability-related.DiscoverVulnerabilitymultiple advisories on vulnerabilities that he had discoveredVulnerability-related.DiscoverVulnerabilityas part of his Master 's degree thesis on the security of printers . The vulnerabilites stem from vendors not separating page description languages such as PostScript and PJL/PCL used to generate the output from printer control . `` Potentially harmful commands can be executed by anyone who has the right to print , '' Müller said . Müller outlined multiple attacks on his Hacking Printers wiki , ranging from accessing print jobs to credentials disclosure and bypassing device security , and included proofs of concept . HP LaserJet 1200 , 4200N and 4250N as well as Dell 3130cn and Samsung Multipress 6345N have a vulnerableVulnerability-related.DiscoverVulnerabilityline printer daemon ( LPD ) service that can not handle usernames with 150 or more characters . Sending a long username to the LPD service on the above devices crashes the printer , requiring manual restart to bring it back up . Müller saidVulnerability-related.DiscoverVulnerabilitywith correct shellcode and return address , the vulnerability could be used for remote code execution . More printers than the above are likely to be vulnerable , he said . It is even possible to launch denial of service attacks against printers that support PJL , and permanently damage the non-volatile random access memory ( NVRAM ) that is used to persistently store settings for the devices , Müller found . He tested the NVRAM destruction attack on printers from Brother , Konica Minolta , Lexmark , Dell and HP , and verified that they are vulnerableVulnerability-related.DiscoverVulnerability. Printers can be attacked via networks or USB interfaces .
The Internet Systems Consortium patchedVulnerability-related.PatchVulnerabilitythe BIND domain name system this week , addressingVulnerability-related.PatchVulnerabilitya remotely exploitable vulnerability it considers high severity and said could lead to a crash . The issue affectsVulnerability-related.DiscoverVulnerabilityservers that use both the DNS64 and RPZ function simultaneously . DNS64 is a mechanism for synthesizing AAAA records from A records . It ’ s traditionally used to allow IPv6-only clients to receive IPv6 addresses proxied to IPv4 addresses . The RPZ mechanism is used by Domain Name System recursive resolvers to allow for the customized handling of the resolution of collections of domain name information . Versions 9.8.8 , 9.9.3-S1 , 9.9.3 , 9.9.10b1 , 9.10.0 , and 9.10.5b1 , 9.11.0 are all considered vulnerableVulnerability-related.DiscoverVulnerability, according to the ISC . When servers use both mechanisms simultaneously , a vulnerability ( CVE-2017-3135 ) that stems from query processing could result in an inconsistent state , triggering either an INSIST assertion failure or an attempt to read through a NULL pointer , according to a security advisory publishedVulnerability-related.DiscoverVulnerabilityWednesday . The INSIST assertion failure could lead to a subsequent abort , ISC said , while the NULL pointer in some instances can lead to a segmentation fault , which causes the process to be terminated . Ramesh Damodaran and Aliaksandr Shubnik , engineers at Infoblox , a Silicon Valley firm that does DNS , DHCP and IP management , uncoveredVulnerability-related.DiscoverVulnerabilitythe vulnerability and reportedVulnerability-related.DiscoverVulnerabilityit to the ISC . Damodaran previously helped identifiedVulnerability-related.DiscoverVulnerabilityan unspecified packet processing remote denial of service vulnerability in BIND 9 . The Internet Systems Consortium patchedVulnerability-related.PatchVulnerabilitythe BIND domain name system this week , addressingVulnerability-related.PatchVulnerabilitywhat it calls a critical error condition in the software . Researchers find industrial control system malware similar to BlackEnergy , Havex , and Stuxnet going undetected on Google VirusTotal for years . The Internet Systems Consortium ( ISC ) announced it is planning to patchVulnerability-related.PatchVulnerabilityversions of its DHCP to mitigateVulnerability-related.PatchVulnerabilitya denial of service vulnerability .