A new version of Git has been emitted to ward off attempts to exploitVulnerability-related.DiscoverVulnerabilitya potential arbitrary code execution vulnerability – which can be triggered by merely cloning a malicious repository . The security hole , CVE-2018-11235 , reportedVulnerability-related.DiscoverVulnerabilityby Etienne Stalmans , stems from a flaw in Git whereby sub-module names supplied by the .gitmodules file are not properly validated when appended to $ GIT_DIR/modules . Including `` .. / '' in a name could result in directory hopping . Post-checkout hooks could then be executed , potentially causing all manner of mayhem to ensue on the victim 's system . Another vulnerability , CVE-2018-11233 , describesVulnerability-related.DiscoverVulnerabilitya flaw in the processing of pathnames in Git on NTFS-based systems , allowing the reading of memory contents . In a change from normal programming , the vulnerability appears to be cross platform . Fear not , however , because a patch is availableVulnerability-related.PatchVulnerability. The Git team releasedVulnerability-related.PatchVulnerabilitythe update in 2.13.7 of the popular coding , collaboration and control tool and forward-ported it to versions 2.14.4 , 2.15.2 , 2.16.4 and 2.13.7 . For its part , Microsoft has urged users to download 2.17.1 ( 2 ) of Git for Windows and has blocked the malicious repositories from being pushed to Visual Studio Team Services users . The software giant has also promised a hotfix will `` shortly '' be availableVulnerability-related.PatchVulnerabilityfor its popular Visual Studio 2017 platform . Other vendors , such as Debian , have been updatingVulnerability-related.PatchVulnerabilitytheir Linux and software distributions to include the patched code and recommend that users upgradeVulnerability-related.PatchVulnerabilityto thwart ne'er-do-wells seeking to exploitVulnerability-related.DiscoverVulnerabilitythe vulnerability .
Kubernetes has12 become the most popular cloud container orchestration system by far , so it was only a matter of time until its first major security hole was discoveredVulnerability-related.DiscoverVulnerability. And the bug , CVE-2018-1002105 , aka the Kubernetes privilege escalation flaw , is a doozy . It 's a CVSS 9.8 critical security hole . With a specially crafted network request , any user can establish a connection through the Kubernetes application programming interface ( API ) server to a backend server . Once established , an attacker can send arbitrary requests over the network connection directly to that backend . Adding insult to injury , these requests are authenticated with the Kubernetes API server 's Transport Layer Security ( TLS ) credentials . Worse still , `` In default configurations , all users ( authenticated and unauthenticated ) are allowed to perform discovery API calls that allow this escalation . '' So , yes , anyone who knows about this hole can take command of your Kubernetes cluster . Oh , and for the final jolt of pain : `` There is no simple way to detect whether this vulnerability has been used . Because the unauthorized requests are made over an established connection , they do not appear in the Kubernetes API server audit logs or server log . The requests do appear in the kubelet or aggregated API server logs , but are indistinguishable from correctly authorized and proxied requests via the Kubernetes API server . '' In other words , Red Hat said , `` The privilege escalation flaw makes it possible for any user to gain full administrator privileges on any compute node being run in a Kubernetes pod . This is a big deal . Not only can this actor stealAttack.Databreachsensitive data or inject malicious code , but they can also bring down production applications and services from within an organization 's firewall . '' The only real fix is to upgradeVulnerability-related.PatchVulnerabilityKubernetes . Any program , which includes Kubernetes , is vulnerable . Kubernetes distributors are already releasingVulnerability-related.PatchVulnerabilityfixes . Red Hat reports all its `` Kubernetes-based services and products -- including Red Hat OpenShift Container Platform , Red Hat OpenShift Online , and Red Hat OpenShift Dedicated -- are affected . '' Red Hat has begun deliveringVulnerability-related.PatchVulnerabilitypatches and service updates to affected users . As far as anyone knows , no one has used the security hole to attack anyone yet . Darren Shepard , chief architect and co-founder at Rancher Labs , discoveredVulnerability-related.DiscoverVulnerabilitythe bug and reportedVulnerability-related.DiscoverVulnerabilityit using the Kubernetes vulnerability reporting processVulnerability-related.DiscoverVulnerability. But -- and it 's a big but -- abusing the vulnerability would have left no obvious traces in the logs . And , now that news of the Kubernetes privilege escalation flaw is out , it 's only a matter of time until it 's abused . So , once more and with feeling , upgrade your Kubernetes systems now before your company ends up in a world of trouble .
Cisco patchesVulnerability-related.PatchVulnerabilitya severe flaw in switch deployment software that can be attacked with crafted messages sent to a port that 's open by default . Cisco has releasedVulnerability-related.PatchVulnerabilitypatches for 34 vulnerabilities mostly affectingVulnerability-related.DiscoverVulnerabilityits IOS and IOS XE networking software , including three critical remote code execution security bugs . Perhaps the most serious issue Cisco has releasedVulnerability-related.PatchVulnerabilitya patch for is critical bug CVE-2018-0171 affectingVulnerability-related.DiscoverVulnerabilitySmart Install , a Cisco client for quickly deploying new switches for Cisco IOS Software and Cisco IOS XE Software . A remote unauthenticated attacker can exploit a flaw in the client to reload an affected device and cause a denial of service or execute arbitrary code . Embedi , the security firm that foundVulnerability-related.DiscoverVulnerabilitythe flaw , initially believed it could only be exploitedVulnerability-related.DiscoverVulnerabilitywithin an enterprise 's network . However , it foundVulnerability-related.DiscoverVulnerabilitymillions of affected devices exposed on the internet . `` Because in a securely configured network , Smart Install technology participants should not be accessible through the internet . But scanning the internet has shown that this is not true , '' wrote Embedi . `` During a short scan of the internet , we detected 250,000 vulnerable devices and 8.5 million devices that have a vulnerable port open . '' Smart Install is supported by a broad range of Cisco routers and switches . The high number of devices with an open port is probably because the Smart Install client 's port TCP 4786 is open by default . This situation is overlooked by network admins , Embedi said . The company has also publishedVulnerability-related.DiscoverVulnerabilityproof-of-concept exploit code , so it probably will be urgent for admins to patchVulnerability-related.PatchVulnerability. An attacker can exploit the bug by sendingAttack.Phishinga crafted Smart Install message to these devices on TCP port 4786 , according to Cisco . Embedi discoveredVulnerability-related.DiscoverVulnerabilitythe flaw last year , landing it an award at the GeekPwn conference in Hong Kong last May , and reportedVulnerability-related.DiscoverVulnerabilityit to Cisco in September . Cisco 's internal testing also turned upVulnerability-related.DiscoverVulnerabilitya critical issue in its IOS XE software , CVE-2018-0150 , due to an undocumented user account that has a default username and password . Cisco warnsVulnerability-related.DiscoverVulnerabilitythat an attacker could use this account to remotely connect to a device running the software . Cisco engineers also foundVulnerability-related.DiscoverVulnerabilityCVE-2018-0151 , a remote code execution bug in the QoS subsystem of IOS and IOS XE . `` The vulnerability is due to incorrect bounds checking of certain values in packets that are destined for UDP port 18999 of an affected device . An attacker could exploit this vulnerability by sending malicious packets to an affected device , '' writes Cisco . All three bugs were given a CVSS score of 9.8 out of 10 .
Virgin Media has – perhaps rather belatedly – fixedVulnerability-related.PatchVulnerabilitya series of vulnerabilities in its Super Hub 3.0 home broadband router modem , after they were reportedVulnerability-related.DiscoverVulnerabilitymore than 18 months ago . Balazs Bucsay , managing security consultant at NCC Group , says that after receiving one of the devices as a home customer and examining it for a few hours , he was quickly able to findVulnerability-related.DiscoverVulnerabilitya remote command execution bug . He uncovered many others during the following days . Eventually , he says , he was able to create a full chain of exploits that made it possible to perform a remote authentication as an administrator on the router . This could potentially allow a hacker to take control of millions of these devices , installing backdoors in a way that would be extremely hard to find and investigate . “ After hacking into my own Super Hub 3.0 , I was able to findVulnerability-related.DiscoverVulnerabilitymultiple security flaws within the router ’ s firmware and combine these to create an exploit that could have been hidden within webpages and sent to other unsuspecting owners via scam emails or other methods , ” Bucsay tells The Daily Swig . “ If customers had opened the webpages and activated the exploit , hackers could have gained unauthorized access to their modems and other devices on the victim ’ s home network , enabling them to spy on online activity and even execute their own commands on the devices. ” Bucsay reportedVulnerability-related.DiscoverVulnerabilitythe vulnerabilities to Virgin Media in March 2017 , but says they weren't fixedVulnerability-related.PatchVulnerabilityuntil the end of July this year . “ The proposed roll-out date was postponed many times , ” he says . However , a Virgin Media spokeswoman defended the company ’ s actions . “ The online security of our customers is a top priority for Virgin Media and the issues describedVulnerability-related.DiscoverVulnerabilityby NCC have been fixedVulnerability-related.PatchVulnerability, ” she told The Daily Swig . “ We have seen no evidence that these advanced technical exploits , carried out by NCC as a proof of concept , were used maliciously to impact customers. ” With the patch rolled outVulnerability-related.PatchVulnerabilityin August , Super Hub 3.0 users don ’ t need to do anything extra to protect themselves . “ However , this research should remind consumers that no connected device is inherently secure , and that they should consider additional security measures around their home network , such as using password managers and different passwords for each device and service , ” Bucsay warns . He also urged internet service providers to be more proactive in checking the security of any third-party devices they use .
Logitech Options is an app that controls all of Logitech ’ s mice and keyboards . It offers several different configurations like Changing function key shortcuts , Customizing mouse buttons , Adjusting point and scroll behavior and etc . This app containedVulnerability-related.DiscoverVulnerabilitya huge security flaw that was discoveredVulnerability-related.DiscoverVulnerabilityby Tavis Ormandy who is a Google security researcher . It was foundVulnerability-related.DiscoverVulnerabilitythat Logitech Options was opening a WebSocket server on each individual computer Logitech Options was run on . This WebSocket server would open on port 10134 on which any website could connect and send several various commands which would be JSON-encoded . PID Exploit Through this any attacker can get in and run commands just by setting up a web page . The attacker only needs the Process Identifier ( PID ) . However the PID can be guessed as the software has no limit on the amount of try ’ s conducted . Once the attacker has obtained the PID and is in , consequently he can then completely control the Computer and run it remotely . This can also be used for keystroke injection or Rubber Ducky attacks which have been used to take over PC ’ s in the past . After Ormandy got a hold of Logitech ’ s engineers , he reportedVulnerability-related.DiscoverVulnerabilitythe vulnerability privately to them in a meeting between the Logitech ’ s engineering team and Ormandy on the 18th of September . After waiting a total of 90 days , Ormandy saw the company ’ s failure in addressingVulnerability-related.PatchVulnerabilitythe issue publicly or through a patch for the app , Thus Ormandy himself posted his findingVulnerability-related.DiscoverVulnerabilityon the 11th of December making the issue public . As the story gained attention Accordingly Logitech responded with an update for Logitech Options . Logitech releasedVulnerability-related.PatchVulnerabilityOptions version 7.00.564 on the 13th of December . They claim to have fixedVulnerability-related.PatchVulnerabilitythe origin and type checking bugs along with a patch for the security vulnerability . However they have not mentionedVulnerability-related.PatchVulnerabilitythe Security Vulnerability patch on their own website . They told German magazine heise.de that the new version does indeed fixVulnerability-related.PatchVulnerabilitythe vulnerability Travis Ormandy and his team are currently checking the new version of Logitech Options for any signs of Security Vulnerabilities . Everyone with the old version of Logitech Options are advised to upgradeVulnerability-related.PatchVulnerabilityto the new 7.00.564 .
Admins can now grab Cisco 's updates for 13 high-severity flaws affectingVulnerability-related.DiscoverVulnerabilitygear that uses its IOS and IOS XE networking software . All the bugs have been rated as having a high security impact because they could be used to gain elevated privileges or jam a device with denial-of-service ( DoS ) attacks . The company also has fixes availableVulnerability-related.PatchVulnerabilityfor 11 more flaws outlined in 10 advisories with a medium-severity rating , most of which also addressVulnerability-related.PatchVulnerabilityissues in IOS and IOS XE , the Linux-based train of Cisco 's popular networking operating system . The updates for the 13 high-severity IOS and IOS XE flaws are part of Cisco 's scheduled twice-yearly patch bundle for this software targeted for September . The company reportedVulnerability-related.DiscoverVulnerabilitythis week that some IOS XE releases were among 88 Cisco products vulnerable to the DoS attack on Linux systems known as FragmentSmack . And earlier this month it pluggedVulnerability-related.PatchVulnerabilitya critical hard-coded password bug in its video surveillance software . None of the flaws in the latest advisory is known to have been used in attacks and Cisco is n't aware of any public disclosures . Some of the higher severity flaws include a DoS flaw affectingVulnerability-related.DiscoverVulnerabilitythe IOS XE Web UI , which could allow a remote attacker to trigger a reload of the device by sending special HTTP requests to the UI . An unauthenticated attacker could exploit this bug in IOS XE releases prior to 16.2.2 , while 16.2.2 and later require authentication . Another DoS flaw is rooted in the IPsec driver code of multiple Cisco IOS XE platforms and the Cisco ASA 5500-X Series Adaptive Security Appliance ( ASA ) . The buggy code improperly processes malformed IPsec Authentication Header ( AH ) or Encapsulating Security Payload ( ESP ) packets . `` An attacker can exploit this vulnerability by using a crafted ESP or AH packet that meets several other conditions , such as matching the IPsec SA SPI and being within the correct sequence window , '' notes Cisco . This flaw affectsVulnerability-related.DiscoverVulnerabilitysix ASR 1000 Series Aggregation Services Routers , and two 4000 Series Integrated Routers . Cisco notesVulnerability-related.DiscoverVulnerabilitythat its software is affectedVulnerability-related.DiscoverVulnerabilityif the system has been modified from its default state and configured to terminate IPsec VPN connections , such as LAN-to-LAN VPN , and remote access VPN , but not SSL VPN .
A severe WordPress vulnerability which has been left a year without being patchedVulnerability-related.PatchVulnerabilityhas the potential to disrupt countless websites running the CMS , researchers claimVulnerability-related.DiscoverVulnerability. At the BSides technical cybersecurity conference in Manchester on Thursday , Secarma researcher Sam Thomas saidVulnerability-related.DiscoverVulnerabilitythe bug permits attackers to exploit the WordPress PHP framework , resulting in a full system compromise . If the domain permits the upload of files , such as image formats , attackers can upload a crafted thumbnail file in order to trigger a file operation through the `` phar : // '' stream wrapper . In turn , the exploit triggers eXternal Entity ( XXE -- XML ) and Server Side Request Forgery ( SSRF ) flaws which cause unserialization in the platform 's code . While these flaws may only originally result in information disclosure and may be low risk , they can act as a pathway to a more serious remote code execution attack . The security researcher saysVulnerability-related.DiscoverVulnerabilitythe core vulnerability , which is yet to receive a CVEVulnerability-related.DiscoverVulnerabilitynumber , is within the wp_get_attachment_thumb_file function in /wpincludes/post.php and when attackers gain control of a parameter used in the `` file_exists '' call , '' the bug can be triggered . Unserialization occurs when serialized variables are converted back into PHP values . When autoloading is in place , this can result in code being loaded and executed , an avenue attackers may exploit in order to compromise PHP-based frameworks . `` Unserialization of attacker-controlled data is a known critical vulnerability , potentially resulting in the execution of malicious code , '' the company says . The issue of unserialization was first uncoveredVulnerability-related.DiscoverVulnerabilityback in 2009 , and since then , vulnerabilities have been recognizedVulnerability-related.DiscoverVulnerabilityin which the integrity of PHP systems can be compromised , such as CVE-2017-12934 , CVE-2017-12933 , and CVE-2017- 12932 . The WordPress content management system ( CMS ) is used by millions of webmasters to manage domains , which means the vulnerability potentially has a vast victim pool should the flaw being exploitedVulnerability-related.DiscoverVulnerabilityin the wild . `` I 've highlighted that the unserialization is exposed to a lot of vulnerabilities that might have previously been considered quite low-risk , '' Thomas explainde . `` Issues which they might have thought were fixedVulnerability-related.PatchVulnerabilitywith a configuration change or had been considered quite minor previously might need to be reevaluated in the light of the attacks I demonstrated . '' According to Secarma , the CMS provider was made awareVulnerability-related.DiscoverVulnerabilityof the security issue in February 2017 , but `` is yet to take action . '' TechRepublic : The need for speed : Why you should optimize your CMS Technical details have been provided in a white paper ( .PDF ) . `` This research continues a worrying recent trend , in demonstrating that object ( un ) serialization is an integral part of several modern languages , '' Thomas said . `` We must constantly be aware of the security impact of such mechanisms being exposed to attackers . '' No reports have been received which suggest the exploit is being actively used in the wild . The vulnerability was originally reportedVulnerability-related.DiscoverVulnerabilitythrough the WordPress HackerOne bug bounty program last year . The issue was confirmedVulnerability-related.DiscoverVulnerabilityafter several days and Thomas was credited for his findings . However , a Secarma spokesperson told ZDNet that while there was `` some attempt to fixVulnerability-related.PatchVulnerabilitythe issue '' in May 2017 , this did not addressVulnerability-related.PatchVulnerabilitythe problem . `` Communication then went dead for a number of months and has only recently begun again , '' the spokesperson added . ZDNet has reached out to WordPress and will update if we hear back .
US Postal Service website flaw was patchedVulnerability-related.PatchVulnerabilitythis week but reportedVulnerability-related.DiscoverVulnerabilityby a security researcher a year ago . The US Postal Service has fixedVulnerability-related.PatchVulnerabilitya security bug in its website that allowed anyone with an account to see the account details of the site 's 60 million users . The flaw was patchedVulnerability-related.PatchVulnerabilitythis week after USPS was informedVulnerability-related.DiscoverVulnerabilityof the issue by Krebs on Security , which reports that an unnamed independent researcher reportedVulnerability-related.DiscoverVulnerabilitythe bug a year ago but never received a response . According to Krebs , the flaw was caused by an authentication weakness in the application programming interface ( API ) on usps.com that supported the USPS 'Informed Visibility ' program , which offers business customers `` near real-time tracking data '' about mail campaigns and packages . The bug let anyone who was logged in to usps.com to see account details for others users , including email address , username , user ID , account number , street address , phone number , authorized users , mailing campaign data and more . Krebs notes that the `` API also let any user request account changes for any other user , such as email address , phone number or other key details '' . USPS said in a statement it had no information that the vulnerability had been used to access customer records . `` Computer networks are constantly under attackAttack.Databreachfrom criminals who try to exploit vulnerabilities to illegally obtainAttack.Databreachinformation . Similar to other companies , the Postal Service 's Information Security program and the Inspection Service uses industry best practices to constantly monitor our network for suspicious activity , '' USPS said . `` Any information suggesting criminals have tried to exploit potential vulnerabilities in our network is taken very seriously . Out of an abundance of caution , the Postal Service is further investigating to ensure that anyone who may have sought to access our systems inappropriately is pursued to the fullest extent of the law . '' However , a recent vulnerability assessment of the Informed Visibility program by the Office of Inspector General of the US Postal Service turned up weaknesses , including a lack of audit logs , in the Informed Visibility database . The partially redacted audit report , published in October , assessed 13 Informed Visibility ( IV ) servers . It found overall compliance with Postal Service server configuration baselines , but weakness in the IV database 's account-management systems . `` We identified weaknesses in account management controls , specifically with password complexity , disabling user accounts , and maintaining audit logs , '' the OIG report notes . `` Without account management controls , the IV system is at risk for [ redacted ] . Further , if expired accounts are not disabled in a timely manner , this increases the duration that Postal Service information resources are vulnerable to compromise . `` Additionally , without audit logs , the Postal Service would not be able to obtain sufficient detail to reconstruct activities in the event of a compromise or malfunction '' . USPS has faced scrutiny in the past , after a 2014 hack exposedAttack.Databreachpersonal information on 800,000 employees , 485,000 workers ' compensation records , and 2.9 million customer-inquiry records . The OIG in 2015 criticized the USPS for focusing on compliance and failing to foster a `` culture of effective cybersecurity across the enterprise '' .
US Postal Service website flaw was patchedVulnerability-related.PatchVulnerabilitythis week but reportedVulnerability-related.DiscoverVulnerabilityby a security researcher a year ago . The US Postal Service has fixedVulnerability-related.PatchVulnerabilitya security bug in its website that allowed anyone with an account to see the account details of the site 's 60 million users . The flaw was patchedVulnerability-related.PatchVulnerabilitythis week after USPS was informedVulnerability-related.DiscoverVulnerabilityof the issue by Krebs on Security , which reports that an unnamed independent researcher reportedVulnerability-related.DiscoverVulnerabilitythe bug a year ago but never received a response . According to Krebs , the flaw was caused by an authentication weakness in the application programming interface ( API ) on usps.com that supported the USPS 'Informed Visibility ' program , which offers business customers `` near real-time tracking data '' about mail campaigns and packages . The bug let anyone who was logged in to usps.com to see account details for others users , including email address , username , user ID , account number , street address , phone number , authorized users , mailing campaign data and more . Krebs notes that the `` API also let any user request account changes for any other user , such as email address , phone number or other key details '' . USPS said in a statement it had no information that the vulnerability had been used to access customer records . `` Computer networks are constantly under attackAttack.Databreachfrom criminals who try to exploit vulnerabilities to illegally obtainAttack.Databreachinformation . Similar to other companies , the Postal Service 's Information Security program and the Inspection Service uses industry best practices to constantly monitor our network for suspicious activity , '' USPS said . `` Any information suggesting criminals have tried to exploit potential vulnerabilities in our network is taken very seriously . Out of an abundance of caution , the Postal Service is further investigating to ensure that anyone who may have sought to access our systems inappropriately is pursued to the fullest extent of the law . '' However , a recent vulnerability assessment of the Informed Visibility program by the Office of Inspector General of the US Postal Service turned up weaknesses , including a lack of audit logs , in the Informed Visibility database . The partially redacted audit report , published in October , assessed 13 Informed Visibility ( IV ) servers . It found overall compliance with Postal Service server configuration baselines , but weakness in the IV database 's account-management systems . `` We identified weaknesses in account management controls , specifically with password complexity , disabling user accounts , and maintaining audit logs , '' the OIG report notes . `` Without account management controls , the IV system is at risk for [ redacted ] . Further , if expired accounts are not disabled in a timely manner , this increases the duration that Postal Service information resources are vulnerable to compromise . `` Additionally , without audit logs , the Postal Service would not be able to obtain sufficient detail to reconstruct activities in the event of a compromise or malfunction '' . USPS has faced scrutiny in the past , after a 2014 hack exposedAttack.Databreachpersonal information on 800,000 employees , 485,000 workers ' compensation records , and 2.9 million customer-inquiry records . The OIG in 2015 criticized the USPS for focusing on compliance and failing to foster a `` culture of effective cybersecurity across the enterprise '' .
Overall , the chip giant patchedVulnerability-related.PatchVulnerabilityfive vulnerabilities across an array of its products . Intel on Tuesday patchedVulnerability-related.PatchVulnerabilitythree high-severity vulnerabilities that could allow the escalation of privileges across an array of products . Overall , the chip giant fixedVulnerability-related.PatchVulnerabilityfive bugs – three rated high-severity , and two medium-severity . The most concerning of these bugs is an escalation-of-privilege glitch in Intel ’ s PROset/Wireless Wi-Fi software , which is its wireless connection management tool . The vulnerability , CVE-2018-12177 , has a “ high ” CVSS score of 7.8 , according to Intel ’ s update . “ Intel is releasingVulnerability-related.PatchVulnerabilitysoftware updates to mitigateVulnerability-related.PatchVulnerabilitythis potential vulnerability , ” it said , urging users to updateVulnerability-related.PatchVulnerabilityto version 20.90.0.7 or later of the software . The vulnerability , reportedVulnerability-related.DiscoverVulnerabilityby Thomas Hibbert of Insomnia Security , stems from improper directory permissions plaguing the software ’ s ZeroConfig service in versions before 20.90.0.7 . The issue could allow an authorized user to potentially enable escalation of privilege via local access . The other high-severity bug exists inVulnerability-related.DiscoverVulnerabilitythe company ’ s System Support Utility for Windows , which offers support for Intel-packed Windows device users . This bug ( CVE-2019-0088 ) is due to insufficient path checking in the support utility , allowing an already-authenticated user to potentially gain escalation of privilege via local access . The vulnerability has a CVSS score of 7.5 . Versions of System Support Utility for Windows before 2.5.0.15 are impactedVulnerability-related.DiscoverVulnerability; Intel recommendsVulnerability-related.PatchVulnerabilityusers updateVulnerability-related.PatchVulnerabilityto versions 2.5.0.15 or later . Independent security researcher Alec Blance was credited with discoveringVulnerability-related.DiscoverVulnerabilitythe flaw . The chip-maker also patchedVulnerability-related.PatchVulnerabilitya high-severity and medium-severity flaw in its Software Guard Extensions ( SGX ) platform and software , which help application developers to protect select code and data from disclosure or modification . “ Multiple potential security vulnerabilities in Intel SGX SDK and Intel SGX Platform Software may allow escalation of privilege or information disclosure , ” saidVulnerability-related.DiscoverVulnerabilityIntel . The high-severity flaw in SGX ( CVE-2018-18098 ) has a CVSS score of 7.5 and could allow an attacker with local access to gain escalated privileges . The vulnerability is rooted inVulnerability-related.DiscoverVulnerabilityimproper file verification in the install routine for Intel ’ s SGX SDK and Platform Software for Windows before 2.2.100 . It was discoveredVulnerability-related.DiscoverVulnerabilityby researcher Saif Allah ben Massaoud . Another vulnerability in the platform ( CVE-2018-12155 ) is only medium in severity , but could allow an unprivileged user to cause information disclosure via local access . That ’ s due to data leakageAttack.Databreachin the cryptographic libraries of the SGX platform ’ s Integrated Performance Primitives , a function that provides developers with building blocks for image and data processing . And finally , a medium escalation of privilege vulnerability in Intel ’ s SSD data-center tool for Windows has been patchedVulnerability-related.PatchVulnerability. “ Improper directory permissions in the installer for the Intel SSD Data Center Tool for Windows before v3.0.17 may allow authenticated users to potentially enable an escalation of privilege via local access , ” saidVulnerability-related.DiscoverVulnerabilityIntel ’ s update . The company recommends users update to v3.0.17 or later . Intel ’ s patch comesVulnerability-related.PatchVulnerabilityduring a busy patch Tuesday week , which includes fixes from Adobe and Microsoft .
A `` panic button '' distributed by the Colombian government to high-risk activists and journalists has a number of security flaws , at least one of which is by design , a security firm reportedVulnerability-related.DiscoverVulnerability. Rapid7 investigated the Eview EV-07S GPS tracker at the behest of The Associated Press . The site lists main applications of the EV-07S as elderly care , disabled and patient care , child protection , employee management , and pet and animal tracking . `` I would n't be worried about giving this to my grandma . But I would be more concerned giving it to anyone who might be at risk , '' said Deral Heiland , internet of things research lead at Rapid7 . The group foundVulnerability-related.DiscoverVulnerabilityanother six vulnerabilities not listed in the manual . Those include a web portal for the device that allows anyone ( even people without passwords ) to access GPS coordinates of any device . Anyone who logs into an account on the site has accessAttack.Databreachto other information from all accounts , including phone numbers and device configurations . The device also transmits data in `` clear , '' unencrypted text , allowing anyone to tamper or alter information in transit . Rapid7 spoke with the manufacturer in December to relay its findings . Eview has not informed Rapid7 of any intention to repair the security flaws . `` We thought we had a responsibility to alertVulnerability-related.DiscoverVulnerabilityusers that these vulnerabilities exist , '' said Heiland .
An unpatched vulnerability in the Magento e-commerce platform could allow hackers to upload and execute malicious code on web servers that host online shops . The flaw was discoveredVulnerability-related.DiscoverVulnerabilityby researchers from security consultancy DefenseCode and is located inVulnerability-related.DiscoverVulnerabilitya feature that retrieves preview images for videos hosted on Vimeo . Such videos can be added to product listings in Magento . The DefenseCode researchers determined that if the image URL points to a different file , for example a PHP script , Magento will download the file in order to validate it . If the file is not an image , the platform will return a `` Disallowed file type '' error , but wo n't actually remove it from the server . An attacker with access to exploit this flaw could achieve remote code execution by first tricking Magento to download an .htaccess configuration file that enables PHP execution inside the download directory and then downloading the malicious PHP file itself . Once on the server , the PHP script can act as a backdoor and can be accessed from an external location by pointing the browser to it . For example , attackers could use it to browse the server directories and read the database password from Magento 's configuration file . This can expose customer information stored in the database , which in the case of online shops , can be very sensitive . The only limitation is that this vulnerability can not be exploitedVulnerability-related.DiscoverVulnerabilitydirectly because the video-linking functionality requires authentication . This means attackers need to have access to an account on the targeted website , but this can be a lower-privileged user and not necessarily an administrator . The authentication obstacle can also be easily overcome if the website does n't have the `` Add Secret Key to URLs '' option turned on . This option is intended to prevent cross-site request forgery ( CSRF ) attacks and is enabled by default . CSRF is an attack technique that involves forcing a user ’ s browser to perform an unauthorized request on a website when visiting a different one . `` The attack can be constructed as simple as < img src=… in an email or a public message board , which will automatically trigger the arbitrary file upload if a user is currently logged into Magento , '' the DefenseCode researchers said in an advisory . `` An attacker can also entice the user to open a CSRF link using social engineering . '' This means that by simply clicking on a link in an email or by visiting a specifically crafted web page , users who have active Magento sessions in their browser might have their accounts abused to compromise websites . The DefenseCode researchers claimVulnerability-related.DiscoverVulnerabilitythat they 've reportedVulnerability-related.DiscoverVulnerabilitythese issues to the Magento developers back in November , but received no information regarding patching plansVulnerability-related.PatchVulnerabilitysince then . Several versions of the Magento Community Edition ( CE ) have been released since November , the most recent one being 2.1.6 on Tuesday . According to DefenseCode , all Magento CE versions continue to be vulnerableVulnerability-related.DiscoverVulnerability, which is what prompted them to go publicVulnerability-related.DiscoverVulnerabilityabout the flaw . “ We have been actively investigatingVulnerability-related.DiscoverVulnerabilitythe root cause of the reported issue and are not aware of any attacks in the wild , ” Magento , the company that oversees development of the e-commerce platform , said in an emailed statement . “ We will be addressingVulnerability-related.PatchVulnerabilitythe issue in our next patch release and continue to consistently work to improve our assurance processes. ” `` All users are strongly advised to enforce the use of 'Add Secret Key to URLs ' which mitigates the CSRF attack vector , '' the DefenseCode researchers said . `` To prevent remote code execution through arbitrary file upload the server should be configured to disallow .htaccess files in affected directories . '' Magento is used by over 250,000 online retailers , making it an attractive target for hackers . Last year , researchers found thousands of Magento-based online shops that had been compromisedAttack.Databreachand infected with malicious code that skimmedAttack.Databreachpayment card details .
On Friday , a cache of hacking tools allegedly developed by the US National Security Agency was dumped online . The news was explosive in the digital security community because the tools contained methods to hack computers running Windows , meaning millions of machines could be at risk . Security experts who tested the tools , leaked by a group called the Shadow Brokers , found that they worked . They were panicked : This is really bad , in about an hour or so any attacker can download simple toolkit to hack into Microsoft based computers around the globe . — Hacker Fantastic ( @ hackerfantastic ) April 14 , 2017 But just hours later , Microsoft announced that many of the vulnerabilities were addressedVulnerability-related.PatchVulnerabilityin a security update releasedVulnerability-related.PatchVulnerabilitya month ago . “ Today , Microsoft triaged a large release of exploits made publicly available by Shadow Brokers , ” Philip Misner , a Microsoft executive in charge of security wrote in a blog post . “ Our engineers have investigated the disclosed exploits , and most of the exploits are already patchedVulnerability-related.PatchVulnerability. ” Misner ’ s post showed that three of nine vulnerabilities from the leak were fixedVulnerability-related.PatchVulnerabilityin a March 14 security update . As Ars Technica pointed out , when security holes are discoveredVulnerability-related.DiscoverVulnerability, the individual or organization that foundVulnerability-related.DiscoverVulnerabilitythem is usually credited in the notes explaining the update . No such acknowledgment was found in the March 14 update . Here ’ s a list of acknowledgments for 2017 , showing credit for finding security problems in almost every update . One theory among security practitioners is that the NSA itself reportedVulnerability-related.DiscoverVulnerabilitythe vulnerabilities to Microsoft , knowing that the tools would be dumped publicly . Microsoft told ZDNet that it might not list individuals who discoverVulnerability-related.DiscoverVulnerabilityflaws for a number of reasons , including by request from the discoverer . The US government has not commented on this leak , though previous leaks by the Shadow Brokers claiming to be NSA hacking tools were confirmed at least in part by affected vendors and NSA whistleblower Edward Snowden .
Users of open source webmail software SquirrelMail are open to remote code execution due to a bug ( CVE-2017-7692 ) discoveredVulnerability-related.DiscoverVulnerabilityindependently by two researchers . “ If the target server uses Sendmail and SquirrelMail is configured to use it as a command-line program , it ’ s possible to trick sendmail into using an attacker-provided configuration file that triggers the execution of an arbitrary command , ” the explanation provided by MITRE reads . “ For exploitation , the attacker must upload a sendmail.cf file as an email attachment , and inject the sendmail.cf filename with the -C option within the ‘ Options > Personal Informations > Email Address ’ setting. ” The bug was foundVulnerability-related.DiscoverVulnerabilityby researchers Filippo Cavallarin and Dawid Golunski , independently of one another , and affects SquirrelMail versions 1.4.22 and below . Golunski reportedVulnerability-related.DiscoverVulnerabilityit to SquirrelMail ( sole ) developer Paul Lesniewski , who asked for a delay of publication of the details until he could fixVulnerability-related.PatchVulnerabilitythe flaw . But as Cavallarin publishedVulnerability-related.DiscoverVulnerabilitydetails about it last week ( after not receiving any reply by the SquirrelMail developer ) , Golunski did the same during the weekend . Both researchers providedVulnerability-related.DiscoverVulnerabilitya proof-of-concept exploit for the flaw , and Cavallarin even offeredVulnerability-related.PatchVulnerabilityan unofficial patch for pluggingVulnerability-related.PatchVulnerabilitythe hole . All this prompted Lesniewski to push outVulnerability-related.PatchVulnerabilitya patch on Monday , and new , patched version snapshots of the software ( 1.4.23-svn and 1.5.2-svn ) . He also told The Register that exploitation of the bug is difficult to pull off . “ In order to exploit the bug , a malicious user would need to have already gained control over a mail account by other means , SquirrelMail would need to be configured to allow users to change their outgoing email address ( we recommend keeping this disabled ) , the user would need to determine the location of the attachments directory ( by gaining shell access or making guesses ) , the permissions on said directory and files would need to allow access by other processes ( by default this will usually be the case , but prudent admins will exert more stringent access controls ) and of course , SquirrelMail needs to be configured to send via Sendmail and not SMTP ( default is SMTP ) , ” he explained . Still , according to Golunski , the 1.4.23 version snapshot offeredVulnerability-related.PatchVulnerabilityon Monday was still vulnerableVulnerability-related.DiscoverVulnerability. But another one was pushed outVulnerability-related.PatchVulnerabilitytoday , so it ’ s possible that the issue was finally , definitely fixedVulnerability-related.PatchVulnerability. Users can wait to update their installation until things become more clear , and in the meantime , they can protect themselves by configuring their systems not to use Sendmail .
Hundreds of thousands of internet gateway devices around the world , primarily residential cable modems , are vulnerableVulnerability-related.DiscoverVulnerabilityto hacking because of a serious weakness in their Simple Network Management Protocol implementation . SNMP is used for automated network device identification , monitoring and remote configuration . It is supported and enabled by default in many devices , including servers , printers , networking hubs , switches and routers . Independent researchers Ezequiel Fernandez and Bertin Bervis recently foundVulnerability-related.DiscoverVulnerabilitya way to bypass SNMP authentication on 78 models of cable modems that ISPs from around the world have provided to their customers . Their internet scans revealedVulnerability-related.DiscoverVulnerabilityhundreds of thousands of devices whose configurations could be changed remotely through the SNMP weakness that they foundVulnerability-related.DiscoverVulnerabilityand dubbed StringBleed . The leakingAttack.Databreachof sensitive configuration data through the default `` public '' SNMP community string is a known problem that has affectedVulnerability-related.DiscoverVulnerabilitymany devices over the years . The two researchers first locatedVulnerability-related.DiscoverVulnerabilitya small number of vulnerable devices , including the Cisco DPC3928SL cable modem that 's now part of Technicolor 's product portfolio following the company 's acquisition of Cisco 's Connected Devices division in 2015 . The researchers claimVulnerability-related.DiscoverVulnerabilitythat when they reportedVulnerability-related.DiscoverVulnerabilitythe issue to Technicolor , the company told them that it was the result of an access misconfiguration by a single ISP in Mexico rather than a problem with the device itself . This prompted the researchers to perform a wider internet scan that resulted in the discoveryVulnerability-related.DiscoverVulnerabilityof 78 vulnerable cable modem models from 19 manufacturers , including Cisco , Technicolor , Motorola , D-Link and Thomson . Regardless of the cause , the problem is serious , as attackers could exploit this flaw to extract administrative and Wi-Fi passwords or to hijack devices by modifying their configurations . There 's not much that users can do if their ISP supplied them with a vulnerable device , other than ask for a different model or install their own modem . Unfortunately , not many ISPs allow their residential customers to use their own gateway devices , because they want uniformity and remote management capabilities on their networks . Determining if a particular device is vulnerableVulnerability-related.DiscoverVulnerabilityto this issue is possible , but requires a bit of work . An online port scanner like ShieldsUp can be used to determine if the device responds to SNMP requests over its public IP address . If SNMP is open , a different online tool can be used to check if the device 's SNMP server returns valid responses when the `` public '' or random community strings are used . At the very least this would indicate an information leak problem .
A zero-day vulnerability exists inVulnerability-related.DiscoverVulnerabilityWordPress Core that in some instances could allow an attacker to reset a user ’ s password and gain access to their account . Researcher Dawid Golunski of Legal Hackers disclosedVulnerability-related.DiscoverVulnerabilitythe vulnerability on Wednesday via his new ExploitBox service . All versions of WordPress , including the latest , 4.7.4 , are vulnerableVulnerability-related.DiscoverVulnerability, the researcher said . The vulnerability ( CVE-2017-8295 ) happens because WordPress uses what Golunski calls untrusted data by default when it creates a password reset email . In a proof-of-concept writeup , Golunski points out that WordPress uses a variable , SERVER_NAME , to get the hostname to create a From/Return-Path header for the password reset email . Since that variable , by its nature , can be customized , an attacker could insert a domain of his choosing and make it so an outgoing email could be sent to a malicious address , the researcher says . The attacker would then receive the reset email and be able to change the account password and take over . “ Depending on the configuration of the mail server , it may result in an email that gets sent to the victim WordPress user with such malicious From/Return-Path address set in the email headers , ” Golunski wrote . “ This could possibly allow the attacker to intercept the email containing the password reset link in some cases requiring user interaction as well as without user interaction. ” Golunski writes that there are three scenarios in which a user could be trickedAttack.Phishing, and only one of them relies on user interaction . In one , an attacker could perform a denial of service attack on the victim ’ s email account in order to prevent the password reset email from reaching the victim ’ s account . Instead , it could bounce back to the malicious sender address , pointed at the attacker . Second , Golunski says some auto-responders may attach a copy of the email sent in the body of the auto-replied message . Third , by sending multiple password reset emails , he says the attacker could trigger the victim to ask for an explanation , below , which could contain the malicious password link . Golunski saidVulnerability-related.DiscoverVulnerabilityhe reportedVulnerability-related.DiscoverVulnerabilitythe issue to WordPress ’ s security team multiple times , initially more than 10 months ago in July 2016 . The researcher told Threatpost that WordPress never outright rejected his claim – he says WordPress told him it was working on the issue – but acknowledged that too much time has passed without a clear resolution , something which prompted him to release detailsVulnerability-related.DiscoverVulnerabilityon the bug on Wednesday . Campbell said that it ’ s possible WordPress will patchVulnerability-related.PatchVulnerabilitythe issue , even if just for poorly configured servers , but acknowledged he didn ’ t have a timetable for the fix . Concerned WordPress users should follow a public ticket that was started for the issue last July , Campbell added . While there ’ s no official fix availableVulnerability-related.PatchVulnerabilityyet , Golunski says users can enable the UseCanonicalName setting on Apache to enforce a static SERVER_NAME value to ensure it doesn ’ t get modified . Golunski has had his hands full findingVulnerability-related.DiscoverVulnerabilityvulnerabilities related to PHP-based email platforms . He discoveredVulnerability-related.DiscoverVulnerabilitya remote code execution bug in SquirrelMail in January that disclosedVulnerability-related.DiscoverVulnerabilityand quickly patchedVulnerability-related.PatchVulnerabilitylast month and similar RCE bugs in PHPMailer and SwiftMailer , libraries used to send emails via PHP , at the end of 2016 .
A remote hijacking flaw that lurked in Intel chips for seven years was more severe than many people imagined , because it allowed hackers to remotely gain administrative control over huge fleets of computers without entering a password . This is according to technical analyses published Friday . Further ReadingIntel patchesVulnerability-related.PatchVulnerabilityremote hijacking vulnerability that lurked in chips for 7 years . As Ars reportedVulnerability-related.DiscoverVulnerabilityMonday , the authentication bypass vulnerability resides inVulnerability-related.DiscoverVulnerabilitya feature known as Active Management Technology . AMT , as it 's usually called , allows system administrators to perform a variety of powerful tasks over a remote connection . Among the capabilities : changing the code that boots up computers , accessing the computer 's mouse , keyboard , and monitor , loading and executing programs , and remotely powering on computers that are turned off . In short , AMT makes it possible to log into a computer and exercise the same control enjoyed by administrators with physical access . AMT , which is available with many vPro processors , was set up to require a password before it could be remotely accessed over a Web browser interface . But , remarkably , that authentication mechanism can be bypassed by entering no text at all . According to a blog post published Friday by Tenable Network Security , the cryptographic hash that the interface 's digest access authentication requires to verify someone is authorized to log in can be anything at all , including no string at all . `` Authentication still worked '' even when the wrong hash was entered , Tenable Director of Reverse Engineering Carlos Perez wrote . `` We had discovered a complete bypass of the authentication scheme . '' A separate technical analysis from Embedi , the security firm Intel credited with first disclosingVulnerability-related.DiscoverVulnerabilitythe vulnerability , arrived at the same conclusion . Embedi e-mailed the analysis to reporters , but did n't publish it online . Making matters worse , unauthorized accesses typically are n't logged by the PC because AMT has direct access to the computer 's network hardware . When AMT is enabled , all network packets are redirected to the Intel Management Engine and from there to the AMT . The packets bypass the OS completely . The vulnerable management features were made available in some but not all Intel chipsets starting in 2010 , Embedi has said . In a blog post published Friday , Intel officials said they expect PC makers to releaseVulnerability-related.PatchVulnerabilitya patch next week . The releases will updateVulnerability-related.PatchVulnerabilityIntel firmware , meaning patchingVulnerability-related.PatchVulnerabilitywill require that each vulnerable chip set is reflashed . In the meantime , Intel is urging customers to download and run this discovery tool to diagnose potentially vulnerable computers . Systems that test positive should be temporarily secured using this mitigation guide until a patch is suppliedVulnerability-related.PatchVulnerability. Computer makers Fujitsu , HP , and Lenovo , have also issued advisories for specific models they sell .
ClaimsVulnerability-related.DiscoverVulnerabilityof a backdoor in WhatsApp that could be used for third-party snooping were shot down by WhatsApp , which called the allegations false . On Friday , news outlet The Guardian reportedVulnerability-related.DiscoverVulnerabilitythat a cryptography researcher had discoveredVulnerability-related.DiscoverVulnerabilitya backdoor in WhatsApp ’ s messaging service that could “ allow Facebook and others to intercept and read encrypted messages ” . In a short statement , WhatsApp said the claim was false : “ WhatsApp does not give governments a ‘ backdoor ’ into its systems and would fight any government request to create a backdoor . The design decision referenced in The Guardian story prevents millions of messages from being lost , and WhatsApp offers people security notifications to alert them to potential security risks . WhatsApp published a technical white paper on its encryption design , and has been transparent about the government requests it receives , publishing data about those requests in the Facebook Government Requests Report ” . The Guardian reportVulnerability-related.DiscoverVulnerabilitycited researchVulnerability-related.DiscoverVulnerabilityby Tobias Boelter , a cryptography and security researcher at the University of California , Berkeley . Last April , Boelter disclosedVulnerability-related.DiscoverVulnerabilityhis findings to WhatsApp and published a reportVulnerability-related.DiscoverVulnerabilityon what he posited could be either a backdoor or a flaw in WhatsApp ’ s messaging platform . Boelter later toldVulnerability-related.DiscoverVulnerabilityThe Guardian the “ backdoor ” gave WhatsApp the ability to read messages because of the way the company had implemented its end-to-end encryption protocol . Reporters quoted Kirstie Ball , co-director and founder of the Centre for Research into Information , Surveillance and Privacy who verified Boelter ’ s research and stated the “ backdoor ” made WhatsApp an “ an extremely insecure platform ” . The Guardian explains Boelter ’ s alleged backdoor like this : WhatsApp ’ s end-to-end encryption relies on the generation of unique security keys , using the acclaimed Signal protocol , developed by Open Whisper Systems , that are traded and verified between users to guarantee communications are secure and can not be intercepted by a middleman . However , WhatsApp has the ability to force the generation of new encryption keys for offline users , unbeknown to the sender and recipient of the messages , and to make the sender re-encrypt messages with new keys and send them again for any messages that have not been marked as delivered . The recipient is not made aware of this change in encryption , while the sender is only notified if they have opted-in to encryption warnings in settings , and only after the messages have been re-sent . This re-encryption and rebroadcasting effectively allows WhatsApp to intercept and read users ’ messages . WhatsApp , acquired by Facebook in 2014 , supports end-to-end encryption and is considered a secure messaging platform based on the highly regarded Signal protocol , developed by Open Whisper Systems . The app boasts one billion users and has been endorsed by the likes of Edward Snowden for keeping private messages private . ClaimsVulnerability-related.DiscoverVulnerabilityof a WhatsApp backdoor have been staunchly dismissedVulnerability-related.DiscoverVulnerabilityby a number security researchers and cryptography experts . Moxie Marlinspike , the founder of Open Whisper Systems also agrees with WhatsApp telling Threatpost , “ The Guardian reporting is inaccurate , there is no ‘ backdoor ’ in WhatsApp encryption . Unfortunately it appears that they did not speak with any cryptography experts in order to verify their claims ” . Marlinspike also posted a more technical explanation behind what Boelter found . In a nutshell , he explains what Boelter saysVulnerability-related.DiscoverVulnerabilityis a backdoor is actually something all public key cryptography system have to deal with . “ WhatsApp gives users the option to be notified when those changes occur , ” he wrote . Frederic Jacobs , a key developer of the private messaging app Signal , called the claims of a backdoor “ ridiculous ” . In a tweet he said “ It ’ s ridiculous that this is presented as a backdoor . If you don ’ t verify keys , authenticity of keys is not guaranteed . It 's ridiculous that this is presented as a backdoor . If you do n't verify keys , authenticity of keys is not guaranteed . — Frederic Jacobs ( @ FredericJacobs ) January 13 , 2017 Jacobs and other security researchers explainVulnerability-related.DiscoverVulnerabilitythe “ backdoor ” is a feature designed to allow WhatsApp users who obtain a new phone to reinstall the WhatsApp app and continue a preexisting conversation thread . There is a renegotiation of encryption keys allows for the continuity of WhatsApp conversations . The WhatsApp sender is only notified of the change in encryption if they have opted-in to an encryption warning setting within settings . Marlinspike and other security experts say snooping on WhatsApp ’ s re-encrypting of messages by Facebook or any other agency would be extremely difficult and improbable . In post to his personal site Friday he doubled-down on his assertion that what he foundVulnerability-related.DiscoverVulnerabilitywas a flaw . “ WhatsApp has stated recently that this is not a bug , it is a feature . Because now senders don ’ t have to press an extra ‘ OK ’ button in the rare case they sent a message , the receiver is offline and has a new phone when coming back online , ” he said . I agree that it ’ s a flaw , but calling it a backdoor is hyperbole . Remember , Moxie removed SMS encryption from his previous app TextSecure because of the same reasons that the current flaw exists : it is difficult to have secure conversations with people wtih changing phones , changing apps , etc .
Using an SSL proxy that simplistically stored certificates , Kaspersky Anti-Virus left its users open to TLS certificate collisions . By Chris Duckett Google 's Project Zero has foundVulnerability-related.DiscoverVulnerabilitythat it was previously trivial to create an SSL certificate collision thanks to Kaspersky using only the first 32 bits of an MD5 hash in its SSL proxy packaged with its Anti-Virus product . `` You do n't have to be a cryptographer to understand a 32-bit key is not enough to prevent brute-forcing a collision in seconds , '' Tavis Ormandy of Project Zero said in its issue tracker . `` They effectively proxy SSL connections , inserting their own certificate as a trusted authority in the system store and then replace all leaf certificates on the fly . This is why if you examine a certificate when using Kaspersky Anti-Virus , the issuer appears to be 'Kaspersky Anti-Virus Personal Root ' , '' he said . `` It seems incredible that Kaspersky have n't noticed that they sometimes get certificate errors for mismatching commonNames just by random chance . After Ormandy reportedVulnerability-related.DiscoverVulnerabilitythe bug and received acknowledgementVulnerability-related.DiscoverVulnerabilityfrom Kaspersky on November 1 , despite learning the security vendor was doing some commonName checks , the bug was still able to be exploitedVulnerability-related.DiscoverVulnerability. `` If you 're not being attacked , you would see random errors . A MITM [ man in the middle ] can send you packets from where you were expecting , '' Ormandy said on Twitter . Ormandy also foundVulnerability-related.DiscoverVulnerabilityanother bug on November 12 that allowed any unprivileged user to become a local certificate authority . In May last year , the Project Zero security researcher discoveredVulnerability-related.DiscoverVulnerabilitythat Symantec Antivirus Engine was vulnerable to buffer overflow when parsing malformed portable-executable header files that resulted in instant blue-screening and kernel memory corruption without user action on Windows . `` This is about as bad as it can possibly get , '' Ormandy said at the time . Because Symantec use a filter driver to intercept all system I/O , just emailing a file to a victim or sending them a link is enough to exploit it .
Skirt Club is a place for lesbian and bisexual women to play out their fantasies , and it ’ s known for being discreet . But that doesn ’ t seem to apply when it comes to the online privacy component , according to Vice Germany . All the data collected by us is stored on a secure server . Not enough , according to Vice , which reported that Skirt Club kept members ’ photos easily accessible online . With more than 5,000 members worldwide – many of whom are not open about this part of their lives – the potential privacy violations are significant . Vice included an example of those compromised : a 39-year-old woman who had been married for 15 years and said in her profile that “ No one knows that I am bi in my environment . Vice Germany investigated after anonymous sources contacted the publication to voice concerns with the site , which went dark around 1 pm . Vice published a feature on Skirt Club in October 2016 , which is probably why it was contacted about this . After they looked into those claims , the editors found that at that time , thousands of personal images that members had uploaded in order to join Skirt Club were accessible to non-members – photos of users partially or fully naked , often recognizable , sometimes even with their names mentioned in the image . You didn ’ t need to hack the site to see – they weren ’ t password protected and anyone curious enough to make a bit of an effort could view and download the photos . Vice was particularly critical of how Skirt Club dealt with the issue : After VICE Germany reportedVulnerability-related.DiscoverVulnerabilitythe security issues to Skirt Club in mid-December 2016 , it took Skirt Club more than three weeks to patchVulnerability-related.PatchVulnerabilitythe issue . The users ’ pictures and data aren ’ t accessible any more , but the security issue isn ’ t resolved completely – and at the time of publication , Skirt Club hasn ’ t informed users of the former problem . Naked Security reached out to Skirt Club , which directed press inquiries toward its attorney : Skirt Club is directing all media enquiries to its lawyer , Dr Sebastian Gorski at Schertz Bergmann Rechtsanwälte in Berlin .
The Internet Systems Consortium patchedVulnerability-related.PatchVulnerabilitythe BIND domain name system this week , addressingVulnerability-related.PatchVulnerabilitya remotely exploitable vulnerability it considers high severity and said could lead to a crash . The issue affectsVulnerability-related.DiscoverVulnerabilityservers that use both the DNS64 and RPZ function simultaneously . DNS64 is a mechanism for synthesizing AAAA records from A records . It ’ s traditionally used to allow IPv6-only clients to receive IPv6 addresses proxied to IPv4 addresses . The RPZ mechanism is used by Domain Name System recursive resolvers to allow for the customized handling of the resolution of collections of domain name information . Versions 9.8.8 , 9.9.3-S1 , 9.9.3 , 9.9.10b1 , 9.10.0 , and 9.10.5b1 , 9.11.0 are all considered vulnerableVulnerability-related.DiscoverVulnerability, according to the ISC . When servers use both mechanisms simultaneously , a vulnerability ( CVE-2017-3135 ) that stems from query processing could result in an inconsistent state , triggering either an INSIST assertion failure or an attempt to read through a NULL pointer , according to a security advisory publishedVulnerability-related.DiscoverVulnerabilityWednesday . The INSIST assertion failure could lead to a subsequent abort , ISC said , while the NULL pointer in some instances can lead to a segmentation fault , which causes the process to be terminated . Ramesh Damodaran and Aliaksandr Shubnik , engineers at Infoblox , a Silicon Valley firm that does DNS , DHCP and IP management , uncoveredVulnerability-related.DiscoverVulnerabilitythe vulnerability and reportedVulnerability-related.DiscoverVulnerabilityit to the ISC . Damodaran previously helped identifiedVulnerability-related.DiscoverVulnerabilityan unspecified packet processing remote denial of service vulnerability in BIND 9 . The Internet Systems Consortium patchedVulnerability-related.PatchVulnerabilitythe BIND domain name system this week , addressingVulnerability-related.PatchVulnerabilitywhat it calls a critical error condition in the software . Researchers find industrial control system malware similar to BlackEnergy , Havex , and Stuxnet going undetected on Google VirusTotal for years . The Internet Systems Consortium ( ISC ) announced it is planning to patchVulnerability-related.PatchVulnerabilityversions of its DHCP to mitigateVulnerability-related.PatchVulnerabilitya denial of service vulnerability .