The Federal Bureau of Investigation has issued a warning to healthcare organizations using File Transfer Protocol ( FTP ) servers . Medical and dental organizations have been advised to ensure FTP servers are configured to require users to be properly authenticated before access to stored data can be gained . Many FTP servers are configured to allow anonymous access using a common username such as ‘ FTP ’ or ‘ anonymous ’ . In some cases , a generic password is required , although security researchers have discovered Vulnerability-related.DiscoverVulnerability that in many cases , FTP servers can be accessed without a password . The FBI warning Vulnerability-related.DiscoverVulnerability cites research conducted by the University of Michigan in 2015 that revealed Vulnerability-related.DiscoverVulnerability more than 1 million FTP servers allowed anonymous access to stored data The FBI warns that hackers are targeting these anonymous FTP servers to gain access Attack.Databreach to the protected health information of patients . PHI carries a high value on the black market as it can be used for identity theft and fraud . Healthcare organizations could also be blackmailed Attack.Ransom if PHI is stolen Attack.Databreach . Last year , the hacker operating under the name TheDarkOverlord conducted a number of attacks Attack.Databreach on healthcare organizations . The protected health information of patients was stolen Attack.Databreach and organizations were threatened with the publication of data if a sizable ransom payment Attack.Ransom was not made . In some cases , patient data were published online when payment was not received Attack.Ransom . There are reasons why IT departments require FTP servers to accept anonymous requests ; however , if that is the case , those servers should not be used to store any protected health information of patients . If PHI must be stored on the servers , they can not be configured to run in anonymous mode . The FBI suggests all healthcare organizations should instruct their IT departments to check the configuration of their FTP servers to ensure they are not running in anonymous mode and to take immediate action to secure those servers and reduce risk if they are .

The researcher Ralf-Phillip Weinmann , managing director at security firm Comsecuris , has disclosed Vulnerability-related.DiscoverVulnerability a zero-day baseband vulnerability affecting Vulnerability-related.DiscoverVulnerability Huawei smartphones , laptop WWAN modules , and IoT components . Baseband is firmware used on smartphones to connect to cellular networks , to make voice calls , and transmit data . An attacker can exploit baseband flaws to eavesdrop Attack.Databreach mobile communications , take over the device making calls and sending SMS messages to premium numbers or to exfiltrate Attack.Databreach data . The expert revealed Vulnerability-related.DiscoverVulnerability the flaw this week at the Infiltrate Conference , the vulnerability could be exploited Vulnerability-related.DiscoverVulnerability by attackers to execute a memory-corruption attack against affected devices over the air . Fortunately , the attack is quite difficult to conduct . The baseband vulnerability resides in Vulnerability-related.DiscoverVulnerability the HiSilicon Balong integrated 4G LTE modems . The Balong application processor is called Kirin , it is produced by the Hisilicon Technologies , a subsidiary of Huawei Technologies . The affected firmware is present in several Huawei Honor smartphones , including the P10 , Huawei Mate 9 , Honor 9 , 7 , 5c and 6 . Weinmann believes that millions of Honor smartphones could be exposed to the to attack . Weinmann presented Vulnerability-related.DiscoverVulnerability multiple baseband vulnerabilities found in Vulnerability-related.DiscoverVulnerability the Kirin application processor . The expert also revealed that many laptops produced by IT vendors leverage the HiSilicon Balong integrated modem , such as a number IoT devices . “ This baseband is much easier to exploit than other basebands . Why ? I ’ m not sure if this was intentional , but the vendor actually published the source code for the baseband which is unusual , ” Weinmann said . “ Also , the malleability of this baseband implantation doesn ’ t just make it good for device experimenting , but also network testing. ” Weinmann speculates HiSilicon may have wrong released the Kirin source code as part of a developer tar archive associated with the Huawei H60 Linux kernel data . Weinmann demonstrated several attack scenarios against mobile phones . A first attack scenario presented by the researcher involves setting up a bogus base station using open-source software called OpenLTE that is used by an attacker to simulate a network operator . The attacker can send specially crafted packets over the air that trigger a stack buffer overflow in the LTE stack causing the phone crashing . Once the phone rebooted an attacker can gain persistence installing a rootkit . In a second attack scenario , the attacker with a physical access to the phone and private key pair data would install malicious tools on the firmware . “ It requires key material that is stored both by the carrier and on the SIM card in order to pass the mutual authentication between the phone and the network . Without this key material , a base station can not pose as a legit network towards the device. ” Weinmann used for its test his own VxWorks build environment using an evaluation version of VxWorks 7.0 that shipped with Intel Galileo several years ago . The expert explained that the existence of a Lua scripting interpreter running in the baseband gives him further offensive options . Weinmann did not disclose the technical details to avoid threat actors in the wild will abuse his technology . “ I have chosen to only disclose lower-severity findings for now . Higher severity findings are in the pipeline. ” Weinmann said .

For more than a month , at least ten groups of attackers have been compromising systems running applications built with Apache Struts and installing backdoors , DDoS bots , cryptocurrency miners , or ransomware , depending if the machine is running Linux or Windows . For their attacks , the groups are using a zero-day in Apache Struts , disclosed Vulnerability-related.DiscoverVulnerability and immediately fixed Vulnerability-related.PatchVulnerability last month by Apache . The vulnerability , CVE-2017-5638 , allows an attacker to execute commands on the server via content uploaded to the Jakarta Multipart parser component , deployed in some Struts installations . Attackers initially focused on Linux server . According to cyber-security firms F5 , attacks started as soon as Cisco Talos researchers revealed Vulnerability-related.DiscoverVulnerability the zero-day 's presence and several proof-of-concept exploits were published Vulnerability-related.DiscoverVulnerability online . Since early March , attacks have slowly evolved . F5 experts say that in the beginning , attackers targeted Struts instances running on Linux servers , where they would end up installing the PowerBot malware , an IRC-controlled DDoS bot also known as PerlBot or Shellbot . In later attacks , some groups switched to installing a cryptocurrency miner called `` minerd '' that mined for the Monero cryptocurrency . In other attacks reported by the SANS Technology Institute , some attackers installed Perl backdoors . Recent attacks also targeted Struts running on Windows Both SANS and F5 experts report that after March 20 , one of these groups switched to targeting Struts instances installed on Windows systems . Using a slightly modified exploit code , attackers executed various shell commands to run the BITSAdmin utility and then downloaded ( via Windows ' built-in FTP support ) the Cerber ransomware . From this point on , Cerber took over , encrypted files , and displayed its standard ransom note , leaving victims no choice but pay the ransom demand Attack.Ransom or recover data from backups . `` The attackers running this [ Cerber ] campaign are using the same Bitcoin ID for a number of campaigns , '' the F5 team said . `` This particular account has processed 84 bitcoins [ ~ $ 100,000 ] . '' F5 experts also noted that , on average , roughly 2.2 Bitcoin ( ~ $ 2,600 ) go in and out of this particular wallet on a daily basis . The most recent payments dates to today . It is worth mentioning that F5 published their findings last week , on March 29 . Today , SANS detailed similar findings , meaning the campaign spreading Cerber ransomware via Struts on Windows is still going strong . A patch for Apache Struts servers is available Vulnerability-related.PatchVulnerability on the Struts website . Struts is an open source MVC framework for creating modern Java web applications , and its widely used in enterprise environments , for both Intranets and public websites . Some of the initial attacks on Struts-based applications have been tracked by cyber-security firm AlienVault .

Intel revealed Vulnerability-related.DiscoverVulnerability that it will not be issuing Vulnerability-related.PatchVulnerability Spectre patches to a number of older Intel processor families , potentially leaving many customers vulnerable to the security exploit . Intel claims the processors affected are mostly implemented as closed systems , so they aren ’ t at risk from the Spectre exploit , and that the age of these processors means they have limited commercial availability . The processors which Intel won ’ t be patching Vulnerability-related.PatchVulnerability include four lines from 2007 , Penryn , Yorkfield , and Wolfdale , along with Bloomfield ( 2009 ) , Clarksfield ( 2009 ) , Jasper Forest ( 2010 ) and the Intel Atom SoFIA processors from 2015 . According to Tom ’ s Hardware , Intel ’ s decision not to patch Vulnerability-related.PatchVulnerability these products could stem from the relative difficulty of patching Vulnerability-related.PatchVulnerability the Spectre exploit on older systems . “ After a comprehensive investigation of the microarchitectures and microcode capabilities for these products , Intel has determined to not release Vulnerability-related.PatchVulnerability microcode updates for these products , ” Intel said . Because of the nature of the Spectre exploit , patches for it need to be delivered Vulnerability-related.PatchVulnerability as an operating system or BIOS update , and if Microsoft and motherboard OEMs aren ’ t going to distribute Vulnerability-related.PatchVulnerability the patches , developing Vulnerability-related.PatchVulnerability them isn ’ t much of a priority . “ However , the real reason Intel gave up on patching Vulnerability-related.PatchVulnerability these systems seems to be that neither motherboard makers nor Microsoft may be willing to update Vulnerability-related.PatchVulnerability systems sold a decade ago , ” Tom ’ s Hardware reports . It sounds bad , but as Intel pointed out , these are all relatively old processors — with the exception of the Intel Atom SoFIA processor , which came out in 2015 — and it ’ s unlikely they ’ re used in any high-security environments . The Spectre exploit is a serious security vulnerability to be sure , but as some commentators have pointed out in recent months , it ’ s not the kind of exploit the average user needs to worry about . “ We ’ ve now completed release Vulnerability-related.PatchVulnerability of microcode updates for Intel microprocessor products launched in the last 9+ years that required protection against the side-channel vulnerabilities discovered Vulnerability-related.DiscoverVulnerability by Google Project Zero , ” said an Intel spokseperson . “ However , as indicated in our latest microcode revision guidance , we will not be providing Vulnerability-related.PatchVulnerability updated microcode for a select number of older platforms for several reasons , including limited ecosystem support and customer feedback. ” If you have an old Penryn processor toiling away in an office PC somewhere , you ’ re probably more at risk for a malware infection arising from a bad download than you are susceptible to something as technically sophisticated as the Spectre or Meltdown vulnerabilities .

It was starting to feel like Intel was overdue for serious Management Engine ( ME ) vulnerabilities . But this week , researchers at Positive Technologies revealed Vulnerability-related.DiscoverVulnerability a new security flaw in the subsystem that could let attackers compromise its MFS file system . Intel has released Vulnerability-related.PatchVulnerability updates to address Vulnerability-related.PatchVulnerability the problem , though , so Intel CPU owners should make sure their firmware is up-to-date . ME has become a repeated source of problems for Intel and its customers . The utility is a chip-on-a-chip that allows IT managers to remotely access company PCs with tools like Intel 's Active Management Technology ( AMT ) . ME has its own network interface , memory , operating system and file system ( MFS ) that are kept separate from the main system in a bid to prevent it from allowing hackers to access ostensibly secure information . The problem is that researchers have discovered Vulnerability-related.DiscoverVulnerability numerous vulnerabilities in ME over the last few years ; Positive Technologies revealed Vulnerability-related.DiscoverVulnerability one in 2017 that allowed full takeover of ME via USB ( it 's since been fixed Vulnerability-related.PatchVulnerability ) . Now , it 's revealed Vulnerability-related.DiscoverVulnerability another one that allows someone with physical access to a system to compromise ME and `` manipulate the state of MFS and extract important secrets '' with the ability to `` add files , delete files and change their protection attributes . '' Positive Technologies said the attack can be used to learn four keys MFS uses to secure data -- the Intel Integrity Key , Non-Intel Integrity Key , Intel Confidentiality Key and Non-Intel Confidentiality Key -- that were supposed to be protected via a firmware update Intel released Vulnerability-related.PatchVulnerability in 2017 . Positive Technologies explained how someone with physical access to the system could bypass that patch to compromise those keys in its blog post : `` Positive Technologies expert Dmitry Sklyarov discovered Vulnerability-related.DiscoverVulnerability vulnerability CVE-2018-3655 , described in advisory Intel-SA-00125 . He found that Non-Intel Keys are derived from two values : the SVN and the immutable non-Intel root secret , which is unique to each platform . By using an earlier vulnerability to enable the JTAG debugger , it was possible to obtain the latter value . Knowing the immutable root secret enables calculating the values of both Non-Intel Keys even in the newer firmware version . ... Attackers could calculate the Non-Intel Integrity Key and Non-Intel Confidentiality Key for firmware that has the updated SVN value and therefore compromise the MFS security mechanisms that rely on these keys . '' Intel released Vulnerability-related.PatchVulnerability the Intel-SA-00125 firmware update to defend against this vulnerability on September 11 . But this is another point in favor of companies questioning -- or outright banning -- the use of ME in their systems . Purism avoids ME and the services it enables in its privacy-focused Librem notebooks , Google is working to remove ME from the Intel processors it uses and previous security flaws have raised concerns among consumers .

It was starting to feel like Intel was overdue for serious Management Engine ( ME ) vulnerabilities . But this week , researchers at Positive Technologies revealed Vulnerability-related.DiscoverVulnerability a new security flaw in the subsystem that could let attackers compromise its MFS file system . Intel has released Vulnerability-related.PatchVulnerability updates to address Vulnerability-related.PatchVulnerability the problem , though , so Intel CPU owners should make sure their firmware is up-to-date . ME has become a repeated source of problems for Intel and its customers . The utility is a chip-on-a-chip that allows IT managers to remotely access company PCs with tools like Intel 's Active Management Technology ( AMT ) . ME has its own network interface , memory , operating system and file system ( MFS ) that are kept separate from the main system in a bid to prevent it from allowing hackers to access ostensibly secure information . The problem is that researchers have discovered Vulnerability-related.DiscoverVulnerability numerous vulnerabilities in ME over the last few years ; Positive Technologies revealed Vulnerability-related.DiscoverVulnerability one in 2017 that allowed full takeover of ME via USB ( it 's since been fixed Vulnerability-related.PatchVulnerability ) . Now , it 's revealed Vulnerability-related.DiscoverVulnerability another one that allows someone with physical access to a system to compromise ME and `` manipulate the state of MFS and extract important secrets '' with the ability to `` add files , delete files and change their protection attributes . '' Positive Technologies said the attack can be used to learn four keys MFS uses to secure data -- the Intel Integrity Key , Non-Intel Integrity Key , Intel Confidentiality Key and Non-Intel Confidentiality Key -- that were supposed to be protected via a firmware update Intel released Vulnerability-related.PatchVulnerability in 2017 . Positive Technologies explained how someone with physical access to the system could bypass that patch to compromise those keys in its blog post : `` Positive Technologies expert Dmitry Sklyarov discovered Vulnerability-related.DiscoverVulnerability vulnerability CVE-2018-3655 , described in advisory Intel-SA-00125 . He found that Non-Intel Keys are derived from two values : the SVN and the immutable non-Intel root secret , which is unique to each platform . By using an earlier vulnerability to enable the JTAG debugger , it was possible to obtain the latter value . Knowing the immutable root secret enables calculating the values of both Non-Intel Keys even in the newer firmware version . ... Attackers could calculate the Non-Intel Integrity Key and Non-Intel Confidentiality Key for firmware that has the updated SVN value and therefore compromise the MFS security mechanisms that rely on these keys . '' Intel released Vulnerability-related.PatchVulnerability the Intel-SA-00125 firmware update to defend against this vulnerability on September 11 . But this is another point in favor of companies questioning -- or outright banning -- the use of ME in their systems . Purism avoids ME and the services it enables in its privacy-focused Librem notebooks , Google is working to remove ME from the Intel processors it uses and previous security flaws have raised concerns among consumers .

It was starting to feel like Intel was overdue for serious Management Engine ( ME ) vulnerabilities . But this week , researchers at Positive Technologies revealed Vulnerability-related.DiscoverVulnerability a new security flaw in the subsystem that could let attackers compromise its MFS file system . Intel has released Vulnerability-related.PatchVulnerability updates to address Vulnerability-related.PatchVulnerability the problem , though , so Intel CPU owners should make sure their firmware is up-to-date . ME has become a repeated source of problems for Intel and its customers . The utility is a chip-on-a-chip that allows IT managers to remotely access company PCs with tools like Intel 's Active Management Technology ( AMT ) . ME has its own network interface , memory , operating system and file system ( MFS ) that are kept separate from the main system in a bid to prevent it from allowing hackers to access ostensibly secure information . The problem is that researchers have discovered Vulnerability-related.DiscoverVulnerability numerous vulnerabilities in ME over the last few years ; Positive Technologies revealed Vulnerability-related.DiscoverVulnerability one in 2017 that allowed full takeover of ME via USB ( it 's since been fixed Vulnerability-related.PatchVulnerability ) . Now , it 's revealed Vulnerability-related.DiscoverVulnerability another one that allows someone with physical access to a system to compromise ME and `` manipulate the state of MFS and extract important secrets '' with the ability to `` add files , delete files and change their protection attributes . '' Positive Technologies said the attack can be used to learn four keys MFS uses to secure data -- the Intel Integrity Key , Non-Intel Integrity Key , Intel Confidentiality Key and Non-Intel Confidentiality Key -- that were supposed to be protected via a firmware update Intel released Vulnerability-related.PatchVulnerability in 2017 . Positive Technologies explained how someone with physical access to the system could bypass that patch to compromise those keys in its blog post : `` Positive Technologies expert Dmitry Sklyarov discovered Vulnerability-related.DiscoverVulnerability vulnerability CVE-2018-3655 , described in advisory Intel-SA-00125 . He found that Non-Intel Keys are derived from two values : the SVN and the immutable non-Intel root secret , which is unique to each platform . By using an earlier vulnerability to enable the JTAG debugger , it was possible to obtain the latter value . Knowing the immutable root secret enables calculating the values of both Non-Intel Keys even in the newer firmware version . ... Attackers could calculate the Non-Intel Integrity Key and Non-Intel Confidentiality Key for firmware that has the updated SVN value and therefore compromise the MFS security mechanisms that rely on these keys . '' Intel released Vulnerability-related.PatchVulnerability the Intel-SA-00125 firmware update to defend against this vulnerability on September 11 . But this is another point in favor of companies questioning -- or outright banning -- the use of ME in their systems . Purism avoids ME and the services it enables in its privacy-focused Librem notebooks , Google is working to remove ME from the Intel processors it uses and previous security flaws have raised concerns among consumers .

Tavis Ormandy , a Google Project Zero security researcher , has revealed Vulnerability-related.DiscoverVulnerability details about a new major vulnerability discovered Vulnerability-related.DiscoverVulnerability in Ghostscript , an interpreter for Adobe 's PostScript and PDF page description languages . Ghostscript is by far the most widely used solution of its kind . The Ghostscript interpreter is embedded in hundreds of software suites and coding libraries that allow desktop software and web servers to handle PostScript and PDF-based documents . Exploiting the bug Ormandy discovered Vulnerability-related.DiscoverVulnerability requires that an attacker sends a malformed PostScript , PDF , EPS , or XPS file to a victim . Once the file reaches the Ghostscript interpreter , the malicious code contained within will execute an attacker 's desired on that machine . The vulnerability , which has not received a CVE Vulnerability-related.DiscoverVulnerability identifier just yet , allows an attacker to take over applications and servers that use vulnerable versions of Ghostscript . At the time of writing , there is no fix available Vulnerability-related.PatchVulnerability . By far , the most affected projects are the ImageMagick image processing library , but also many Linux distros where this library ships by default . RedHat and Ubuntu have already confirmed they are affected , according to a CERT/CC security advisory released today . `` I * strongly * suggest that [ Linux ] distributions start disabling PS , EPS , PDF and XPS coders in [ ImageMagick 's ] policy.xml by default , '' Ormandy said . Because of Ghostscript 's broad adoption in the web dev and software dev communities , Ormandy has had his eyes set on Ghostscript for the past few years . He discovered Vulnerability-related.DiscoverVulnerability similar high severity issues affecting Vulnerability-related.DiscoverVulnerability Ghostscript in 2016 and again in 2017 . The vulnerability he found Vulnerability-related.DiscoverVulnerability in 2017 —CVE-2017-8291— was adopted by North Korean hackers , who used it to break into South Korean cryptocurrency exchanges , steal funds , and later plant false flags in an attempt to pin the hacks on Chinese-speaking threat actors . Because of Ghostscript 's wide adoption , any bugs , and especially those that lead to remote code execution , are highly sought-after by any threat actor .

Remember when the sky -- or at least Ryzen -- was falling ? You should , because it was only a few months ago , when the CTS Labs security company revealed Vulnerability-related.DiscoverVulnerability numerous vulnerabilities in AMD 's new Ryzen and EPYC processor lines . AMD has been largely quiet about these vulnerabilities in the time since , but the company assured Tom 's Hardware that it has n't forgotten about CTS Labs ' report or neglected to address Vulnerability-related.PatchVulnerability the flaws in its processors . A quick recap : In March , CTS Labs released information Vulnerability-related.DiscoverVulnerability on a collection of vulnerabilities in AMD 's latest chips that it dubbed `` Ryzenfall . '' These security flaws were said to be present in Vulnerability-related.DiscoverVulnerability the most basic aspects of the Ryzen and EPYC processors , and after consulting with other researchers , CTS Labs decided to publish Vulnerability-related.DiscoverVulnerability its findings without giving AMD the customary 90-day notice between a vulnerability's discovery Vulnerability-related.DiscoverVulnerability and its public disclosure Vulnerability-related.DiscoverVulnerability . Earlier this week , CTS Labs emailed us to express concern about the lack of updates Vulnerability-related.PatchVulnerability from AMD regarding these vulnerabilities . The company said it believed many of the vulnerabilities would take months to fix Vulnerability-related.PatchVulnerability , with the Chimera issues requiring a hardware change that could n't be implemented in products that have already shipped . AMD 's relative silence and lack of updates Vulnerability-related.PatchVulnerability apparently led CTS Labs to believe the company had stalled out . We reached out to AMD for comment and received the following in response : Within approximately 30 days of being notified Vulnerability-related.DiscoverVulnerability by CTS Labs , AMD released Vulnerability-related.PatchVulnerability patches to our ecosystem partners mitigating Vulnerability-related.PatchVulnerability all of the CTS identified vulnerabilities on our EPYC™ platform as well as patches mitigating Vulnerability-related.PatchVulnerability Chimera across all AMD platforms . These patches are in final testing with our ecosystem partners in advance of being released publicly Vulnerability-related.PatchVulnerability . We remain on track to begin releasing Vulnerability-related.PatchVulnerability patches to our ecosystem partners for the other products identified in the report this month . We expect these patches to be released publicly Vulnerability-related.PatchVulnerability as our ecosystem partners complete their validation work . That 's still vague -- we do n't know to what `` ecosystem partners '' these patches have been delivered Vulnerability-related.PatchVulnerability nor when they should be expected to roll out -- but it does show that AMD has n't simply forgotten about CTS Labs ' report . We expect to hear more about these patches and how AMD plans to address Vulnerability-related.PatchVulnerability them as the company and its partners get them ready to ship . In the meantime , it seems that much like the sky , Ryzen has yet to fall .

Microsoft has quickly reacted to the disclosure Vulnerability-related.DiscoverVulnerability of a previously unknown zero-day vulnerability in the Windows operating system . On Monday , Twitter user SandboxEscaper revealed Vulnerability-related.DiscoverVulnerability the existence of the bug on the microblogging platform . As reported by the Register , the user said : `` Here is the alpc bug as 0day . I do n't f * * king care about life anymore . Neither do I ever again want to submit to MSFT anyway . F * * k all of this shit . '' The user linked to a page on GitHub which appears to contain a proof-of-concept ( PoC ) for the vulnerability . Following the disclosure Vulnerability-related.DiscoverVulnerability , on Tuesday , Will Dormann , vulnerability analyst at CERT/CC verified Vulnerability-related.DiscoverVulnerability the bug , adding that the zero-day flaw works `` well in a fully-patched 64-bit Windows 10 system Vulnerability-related.PatchVulnerability . '' The Windows vulnerability is described as Vulnerability-related.DiscoverVulnerability a local privilege escalation security flaw in the Microsoft Windows task scheduler caused by errors in the handling of Advanced Local Procedure Call ( ALPC ) systems . If exploited Vulnerability-related.DiscoverVulnerability , the zero-day bug permits local users to obtain system privileges . As ALPC is a local system , the impact is limited , but the public disclosure Vulnerability-related.DiscoverVulnerability of a zero-day is still likely a headache for the Redmond giant . There are no known workarounds for the vulnerability , which has been awarded a CVSS score of 6.4 -- 6.8 . SandboxEscaper 's tweet has since been deleted . However , Microsoft has acknowledged Vulnerability-related.DiscoverVulnerability the zero-day flaw . This is likely to take place Vulnerability-related.PatchVulnerability on September 11 , the next scheduled Microsoft Patch Tuesday , unless the firm decides to issue Vulnerability-related.PatchVulnerability an out-of-schedule patch . `` Windows has a customer commitment to investigate reported security issues , and proactively update impacted devices as soon as possible . Our standard policy is to provide solutions via our current Update Tuesday schedule . ''

A critical vulnerability in open source automation tool Jenkins could allow permission checks to be bypassed through the use of specially-crafted URLs . Jenkins uses the Stapler web framework for HTTP request handling , which uses reflection to dispatch incoming web requests to controller code . This means that any public methods that start with get and include string and integer parameters are exposed to the web server . Because this is a common naming convention , this has led to multiple internal Jenkins methods being inadvertently exposed . The precise impact of this isn ’ t clear . The advisory notes that code execution could be a possible outcome – though on closer inspection , this seems to be a worst-case scenario . “ To clarify , the vulnerability we addressed Vulnerability-related.PatchVulnerability had nothing to do with arbitrary code execution , but was rather an issue discovered Vulnerability-related.DiscoverVulnerability by the Jenkins security team that allowed a small subset of existing Jenkins code to be invoked by a remote client , ” Daniel Beck , Jenkins security officer , told The Daily Swig in an email . “ While the known impact is pretty limited , we felt that the layer at which the vulnerability existed , and its potential warranted a higher score. ” These potential attacks include unauthenticated users being able to invalidate sessions when running with the built-in server , and users with overall/read permissions being able to create new user objects in memory . The advisory reads : “ Given the vast potential attack surface , we fully expect other attacks , that we are not currently aware of , to be possible on Jenkins releases that do not have this fix applied Vulnerability-related.PatchVulnerability . “ This is reflected in the high score we assigned Vulnerability-related.DiscoverVulnerability to this issue , rather than limiting the score to the impact through known issues. ” Beck added : “ Jenkins users should always keep their instances up to date . In this case , we released Vulnerability-related.PatchVulnerability updates for two LTS lines simultaneously for the first time , so admins could apply Vulnerability-related.PatchVulnerability the update without having to go through a major version jump . “ We strive to fix Vulnerability-related.PatchVulnerability all security vulnerabilities in Jenkins and plugins in a timely manner. ” Reflection is also used by Apache Struts , via the OGNL library . Struts has suffered Vulnerability-related.DiscoverVulnerability a number of serious security flaws in recent years . In 2017 , a vulnerability in the framework was exploited Vulnerability-related.DiscoverVulnerability to expose Attack.Databreach the details of up to 148 million Equifax customers . Another flaw , revealed Vulnerability-related.DiscoverVulnerability in August 2018 , could lead to remote code execution . These issues underline the dangers of using reflection with untrusted data , and application architects would do well to avoid this unsafe practice .

For the second time in roughly a year , D-Link has failed to act on warnings Vulnerability-related.DiscoverVulnerability from security researchers involving the company ’ s routers . The latest incident arose after Silesian University of Technology researcher Błazej Adamczyk contacted Vulnerability-related.DiscoverVulnerability D-Link last May about three vulnerabilities affecting Vulnerability-related.DiscoverVulnerability eight router models . Following the warning Vulnerability-related.DiscoverVulnerability , D-Link patched Vulnerability-related.PatchVulnerability two of the affected routers , but did not initially reveal Vulnerability-related.DiscoverVulnerability how it would proceed for the remaining six models . After further prompting Vulnerability-related.DiscoverVulnerability from Adamczyk , D-Link revealed Vulnerability-related.DiscoverVulnerability that the remaining six routers would not get Vulnerability-related.PatchVulnerability a security patch because they were considered end-of-life models , leaving affected owners out in the cold . “ The D-Link models affected Vulnerability-related.DiscoverVulnerability are the DWR-116 , DWR-140L , DWR-512 , DWR-640L , DWR-712 , DWR-912 , DWR-921 , and DWR-111 , six of which date from 2013 , with the DIR-640L first appearing Vulnerability-related.DiscoverVulnerability in 2012 and the DWR-111 in 2014 , ” Naked Security reported . Though these are not current models in D-Link ’ s portfolio , many of the listed models are still likely to be in use . As a result of this impasse , Adamczyk released details Vulnerability-related.DiscoverVulnerability about the security flaws , following responsible security protocols after giving D-Link notice and the opportunity to address Vulnerability-related.PatchVulnerability the issues . Of significance is that this is the second time in about a year that D-Link has failed to address Vulnerability-related.PatchVulnerability security vulnerabilities affecting Vulnerability-related.DiscoverVulnerability its products after being notified Vulnerability-related.DiscoverVulnerability by researchers . The security researcher noted Vulnerability-related.DiscoverVulnerability that the new flaw arose Vulnerability-related.DiscoverVulnerability after D-Link reported that it had fixed Vulnerability-related.PatchVulnerability a prior security flaw . Also known as “ directory traversal ” or “ dot dot slash ” attacks , these flaws allow a malicious attacker to gain access to system files with a simple HTTP request . Despite D-Link ’ s spotty history with supporting older router models , the manufacturer is not alone in leaving routers unpatched Vulnerability-related.PatchVulnerability . The American Consumer Institute reported Vulnerability-related.DiscoverVulnerability that of the 186 routers it had tested , 155 contained Vulnerability-related.DiscoverVulnerability firmware vulnerabilities . In total , ACI discovered Vulnerability-related.DiscoverVulnerability more than 32,000 known vulnerabilities in its study . “ Our analysis shows that , on average , routers contained Vulnerability-related.DiscoverVulnerability 12 critical vulnerabilities and 36 high-risk vulnerabilities , across the entire sample , ” ACI noted in its report . “ The most common vulnerabilities were medium-risk , with an average of 103 vulnerabilities per router. ” For shoppers who are in the market for a new router , it ’ s probably best to also check with the manufacturer to see what the supported lifespan of the router is . If the router is nearing its end of life , as in the case illustrated here , you may not get Vulnerability-related.PatchVulnerability patches , regardless of how serious a security vulnerability may be . If you have an older router , you may want to consider checking out our guide for the best router options before you decide to upgrade .

Researchers have discovered Vulnerability-related.DiscoverVulnerability some serious security flaws threatening Linux . These vulnerabilities exist in Vulnerability-related.DiscoverVulnerability Linux systemd component . According to the researchers , the vulnerabilities pose a risk to all systemd-based Linux distros . Allegedly , researchers at Qualys have disclosed Vulnerability-related.DiscoverVulnerability some bugs targeting the Linux systemd component . Systemd provides the core building blocks for Linux and handles major processes after booting . As revealed Vulnerability-related.DiscoverVulnerability , three vulnerabilities have targeted the systemd-journald , which is responsible for data collection and log storage . The vulnerabilities let an attacker gain root privileges on the target device . The researchers state Vulnerability-related.DiscoverVulnerability that these vulnerabilities threaten all Linux distros based on systemd except a few . As stated in their report , “ To the best of our knowledge , all systemd-based Linux distributions are vulnerable Vulnerability-related.DiscoverVulnerability , but SUSE Linux Enterprise 15 , openSUSE Leap 15.0 , and Fedora 28 and 29 are not exploitable because their user space is compiled with GCC ’ s -fstack-clash-protection. ” The three bugs include two different memory corruption flaws ( CVE-2018-16864 and CVE-2018-16865 ) , and an out-of-bounds flaw ( CVE-2018-16866 ) . At first , the researchers accidentally discovered Vulnerability-related.DiscoverVulnerability CVE-2018-16864 while working on an exploit for a previously disclosed vulnerability , Mutagen Astronomy . Then , when they were busy on its PoC , they spotted Vulnerability-related.DiscoverVulnerability the other two bugs . “ We developed Vulnerability-related.DiscoverVulnerability a proof of concept for CVE-2018-16864 that gains eip control on i386… We developed Vulnerability-related.DiscoverVulnerability an exploit for CVE-2018-16865 and CVE-2018-16866 that obtains a local root shell in 10 minutes on i386 and 70 minutes on amd64 , on average. ” Interestingly , the bugs had been around for quite a few years . For now , Red Hat has patched Vulnerability-related.PatchVulnerability the bugs CVE-2018-16864 and CVE-2018-16865 . Whereas , Debian has fixed Vulnerability-related.PatchVulnerability CVE-2018-16866 in the unstable systemd 240-1 release . Other distros will also supposedly release Vulnerability-related.PatchVulnerability the fixes soon . In November 2018 , a Google researcher also highlighted Vulnerability-related.DiscoverVulnerability a critical flaw in Systemd that induced system crashes and hacks .

The Bitcoin Core team yesterday released Vulnerability-related.PatchVulnerability a patch for a DDoS vulnerability that could prove fatal to the Bitcoin network . The patch note urged miners to shut down their older versions urgently and replace Vulnerability-related.PatchVulnerability them with the new version , Bitcoin Core 0.16.3 . The announcement , first reported on Hacked , revealed Vulnerability-related.DiscoverVulnerability that all the recent Bitcoin Core versions could be vulnerable Vulnerability-related.DiscoverVulnerability to Distributed Denial-of-Service attack . An attack of such kind typically involves multiple compromised systems to flood a single system ( or network ) – similar to zombies encircling an uninfected person and disabling his movements . DDoS perpetrators could attack a Bitcoin network by either flooding the block with duplicate transactions , thus jamming the transaction confirmation of other people , or by flooding the nodes on Bitcoin ’ s peer-to-peer network , thus over-utilizing the bandwidth through malicious transaction relays . The recent DDoS vulnerability , termed as Vulnerability-related.DiscoverVulnerability CVE-2018-17144 , tried to attempt the latter – flooding full node operators with traffic . Hacked reports : “ The way the potential exploit could work was by allowing anyone who was capable of mining a sufficient number of proof of work blocks to crash Bitcoin Cores running software versions 0.14.0 to 0.16.2. ” It also means that the miners who occasionally run Bitcoin Core were not vulnerable Vulnerability-related.DiscoverVulnerability to the attack . Still , developers recommended Vulnerability-related.PatchVulnerability all the miners to go ahead with the latest update to stay safe . Also , the patch fixed Vulnerability-related.PatchVulnerability some other minor bugs related to consensus , RPC , invalid flag errors , and documentation . It is worth noticing that Bitcoin is not the only cryptocurrency that is on the DDoS attackers ’ hitlist . Flaws have been found Vulnerability-related.DiscoverVulnerability in other cryptocurrency clients as well , including Bitcoin Cash and Ethereum . An effective attack on the Ethereum network lasted more than a month and created million of dead accounts . In response , developers had to go through two on-chain forks and one off-chain process to clean up the mess . In another DDoS attack that slowed down the Ethereum network , miners had to increase gas fees to repel the attackers . There was no consensus failure . DDoS continues to be a global problem that impacts all spheres of the internet . Europol in its latest investigative report noted : “ Criminals continue to use Distributed-Denial-of-Service ( DDoS ) attacks as a tool against private business and the public sector . Such attacks are used not only for financial gains but the ideological , political or purely malicious reason . This type of attack is not only one of the most frequent ( second only to malware in 2017 ) ; it is also becoming more accessible , low-cost and low-risk. ” Meanwhile , decentralized networks like Bitcoin are still more secure against such attacks purely because single entities would not be able to bring them down . Also , because the people , including the attackers themselves , are heavily invested in Bitcoin , a coordinated attack would just rip them off their bitcoin validation commissions .

EdgeWave , Inc.® , a leading provider in cybersecurity and compliance , today revealed Vulnerability-related.DiscoverVulnerability a new , malicious exploit embedded in popular URL shorteners , which are being mistaken as legitimate URLs . URL shorteners may be susceptible to this new exploit when a change is allowed to the long URL after the shortened URL is created . The malicious parties fabricate Attack.Phishing an email that appears to be Attack.Phishing a legitimate marketing email which includes the shortened URL -- - passing by any in-transit virus scanning and potentially other spam checking tools . `` Several days ago , we detected Vulnerability-related.DiscoverVulnerability this new exploit while performing our real-time , human analysis on spam campaigns , '' said Blake Tullysmith , Principal Engineer at EdgeWave . `` With over 100 million URLs being shortened per day , this new exploit can potentially impact billions of users across email and social media campaigns . '' Here is how the EdgeWave ePrism team explains the exploit : Some URL shorteners will allow users to change the long URL after they have already created the shortened URL . The malicious parties will then fabricate Attack.Phishing a seemingly legitimate email and include a shortened URL that passes in-transit virus scanning as well as other filtering solutions , which will allow the shortened URL to be delivered right into the inbox . Once the spam campaign is embedded in the message , the URL is redirected to a site that contains malicious content like a virus or malware . However , the delivered message is already in the inbox ; so unfortunately , there is no protection at this point . Attached is an image of a sample email message extracted from an email campaign while in-transit with a link from http : //tiny.cc pointing to a clean website . After the campaign was delivered , it points to a compromised website including malicious content . The EdgeWave team is still conducting further investigations on this exploit and recommends all URL shortening users utilize services that do not allow the URL to be edited after its creation . EdgeWave customers are being protected by its ePrism Email Security solution . EdgeWave ePrism is an award-winning , hosted cloud email security solution with Zero-Minute Defense against phishing , spam and malware campaigns using our unique combination of automated intelligence and 24/7/365 human analysis in a simple-to-use security suite for all email compliance and business needs .

Check Point researchers today revealed Vulnerability-related.DiscoverVulnerability a new vulnerability on WhatsApp and Telegram ’ s online platforms – WhatsApp Web & Telegram Web . By exploiting this vulnerability , attackers could completely take over user accounts , and access Attack.Databreach victims ’ personal and group conversations , photos , videos and other shared files , contact lists , and more . The vulnerability allows an attacker to send the victim malicious code , hidden within an innocent looking image . As soon as the user clicks on the image , the attacker can gain full access Attack.Databreach to the victim ’ s WhatsApp or Telegram storage data , thus giving full access to the victim ’ s account . The attacker can then send the malicious file to all the victim ’ s contacts , potentially enabling a widespread attack . Check Point disclosed Vulnerability-related.DiscoverVulnerability this information to the WhatsApp and Telegram security teams on March 8 , 2017 . WhatsApp and Telegram acknowledged Vulnerability-related.DiscoverVulnerability the security issue and developed Vulnerability-related.PatchVulnerability fixes for worldwide web clients . “ Thankfully , WhatsApp and Telegram responded quickly Vulnerability-related.DiscoverVulnerability and responsibly to deploy the mitigation against exploitation of this issue in all web clients , ” said Oded Vanunu , head of product vulnerability research at Check Point . WhatsApp Web users wishing to ensure that they are using the latest version are advised to restart their browser . WhatsApp and Telegram use end-to-end message encryption as a data security measure , to ensure that only the people communicating can read the messages , and nobody in between . Yet , the same end-to-end encryption was also the source of this vulnerability . Since messages were encrypted on the side of the sender , WhatsApp and Telegram were blind to the content , and were therefore unable to prevent malicious content from being sent . After fixing Vulnerability-related.PatchVulnerability this vulnerability , content will now be validated before the encryption , allowing malicious files to be blocked . Both web versions mirror all messages sent and received by the user on the mobile app , and are fully synced with users ’ devices

For their attacks , the groups are using a zero-day in Apache Struts , disclosed Vulnerability-related.DiscoverVulnerability and immediately fixed Vulnerability-related.PatchVulnerability last month by Apache . The vulnerability , CVE-2017-5638 , allows an attacker to execute commands on the server via content uploaded to the Jakarta Multipart parser component , deployed in some Struts installations . According to cyber-security firms F5 , attacks started as soon as Cisco Talos researchers revealed Vulnerability-related.DiscoverVulnerability the zero-day 's presence and several proof-of-concept exploits were published online Vulnerability-related.DiscoverVulnerability . F5 experts say Vulnerability-related.DiscoverVulnerability that in the beginning , attackers targeted Struts instances running on Linux servers , where they would end up installing the PowerBot malware , an IRC-controlled DDoS bot also known as PerlBot or Shellbot . In later attacks , some groups switched to installing a cryptocurrency miner called `` minerd '' that mined for the Monero cryptocurrency . In other attacks reported by the SANS Technology Institute , some attackers installed Perl backdoors . Both SANS and F5 experts report that after March 20 , one of these groups switched to targeting Struts instances installed on Windows systems . Using a slightly modified exploit code , attackers executed various shell commands to run the BITSAdmin utility and then downloaded ( via Windows ' built-in FTP support ) the Cerber ransomware . From this point on , Cerber took over , encrypted files , and displayed its standard ransom note , leaving victims no choice but pay the ransom demand Attack.Ransom or recover data from backups . `` The attackers running this [ Cerber ] campaign are using the same Bitcoin ID for a number of campaigns , '' the F5 team said . `` This particular account has processed 84 bitcoins [ ~ $ 100,000 ] . '' F5 experts also noted that , on average , roughly 2.2 Bitcoin ( ~ $ 2,600 ) go in and out of this particular wallet on a daily basis . It is worth mentioning that F5 published their findings last week , on March 29 . Today , SANS detailed similar findings , meaning the campaign spreading Cerber ransomware via Struts on Windows is still going strong . Some of the initial attacks on Struts-based applications have been tracked by cyber-security firm AlienVault