data uploaded to website of holiday and travel association . Hackers used a flaw in the web server running the website of ABTA , the UK 's largest holiday and travel association , to accessAttack.Databreachthe data of as many as 43,000 people . ABTA CEO Mark Tanzer says an `` external infiltrator '' used a vulnerability in the firm 's web server to accessAttack.Databreachdata provided by its members and some of those members ' customers . ABTA is the UK 's largest travel association , representing travel agents and tour operators that sell £32bn of holidays and other travel each year . It said the unauthorised accessAttack.Databreach-- on 27 February 2017 -- may have affected 43,000 individuals . Around 1,000 of the accessed files may include personal identity information relating to customers of ABTA members , submitted in support of their complaint about an ABTA member . These files relate to complaints uploaded to ABTA after 11 January 2017 . Additionally , around 650 files may include personal identity information of ABTA members . But Tanzer said : `` We are not aware of any information being sharedAttack.Databreachbeyond the infiltrator . '' The travel trade association said the vast majority of the 43,000 were people who had registered on abta.com , with email addresses and encrypted passwords , or have filled in an online form with basic contact details `` which are types of data at a very low exposure risk to identity theft or online fraud '' . Once it became aware of the intrusion , ABTA notified the third-party suppliers of the abta.com website , who immediately fixedVulnerability-related.PatchVulnerabilitythe vulnerability , and the association hired risk consultants to assess the potential extent of the incident . It has also alerted the Information Commissioner and the police . `` It is extremely disappointing that our web server , managed for ABTA through a third party web developer and hosting company , was compromised , and we are taking every step we can to help those affected , '' said Tanzer . ABTA saidVulnerability-related.DiscoverVulnerabilityits own systems remained secure and the vulnerability was in the web server for abta.com , which is managed for ABTA through a third-party web developer and hosting company . The association said that ABTA members or members of the public who have registered on abta.com should immediately change their password and , if they used this password or any variation of it for other accounts , they should change that too . It said ABTA members who have used ABTA 's online self-service facility to upload supporting documentation relating to their membership may have had their data accessedAttack.Databreach, and `` should remain vigilant regarding online and identity fraud '' .
Yahoo , Adult Friend Finder , LinkedIn , Tumblr and Daily Motion all have something in common : in 2016 , details of massive hacks perpetrated against the companies were disclosed . The firms represent a handful of the companies and public bodies around the world that suffered at the hands of hackers last year . Data compromisedAttack.Databreachusually included names , emails , and physical addresses , and even personal bank details , ethnicity data , and phone numbers . And the hacks aren ’ t stopping anytime soon . 2017 has already been dominated by numerous data breachesAttack.Databreachand the most recent affects the Association of British Travel Agents , commonly known as ABTA . To keep you in the loop on data breachesAttack.Databreachthis year , WIRED will keep a running tally of successful hacks . The abta.com web server for the Association of British Travel Agents ( ABTA ) was recently hackedAttack.Databreachby “ an external infiltrator ” who exposedAttack.Databreachthe details of 43,000 individuals . Around 1,000 of these included files that could include personal identity information of customers of ABTA members uploaded since 11 January 2017 , while around 650 may also include personal identity information of ABTA members . As the UK ’ s largest travel association , ABTA ’ s members include travel agents and tour operators . The unauthorised accessAttack.Databreachwas said to be possible due to a system vulnerability “ that the infiltrator exploited ” to accessAttack.Databreachsome data provided by some customers of ABTA Members and by ABTA Members themselves . On immediate investigation , ABTA saidVulnerability-related.DiscoverVulnerabilityit identifiedVulnerability-related.DiscoverVulnerabilitythat although ABTA ’ s own IT systems remained secure , there was a vulnerability to the web server managed for ABTA through a third-party web developer and hosting company . “ This , unfortunately , means some documentation uploaded to the website , as well as some information provided by customers , may have been accessedAttack.Databreach, ” ABTA ’ s CEO , Mark Tanzer said . As a precautionary measure , it has taken steps to warn its members and customers of ABTA members who have the potential to be affected . The group has also alerted the relevant authorities , including the Information Commissioner ( ICO ) and the police .
Due to the far reaching implications , Security Researchers will typically submitVulnerability-related.DiscoverVulnerabilityserious 0-day Windows exploits to Microsoft and give the company ample time to patchVulnerability-related.PatchVulnerabilitythe vulnerabilities before they can be used to create malware and do harm . A security researcher that goes by the Twitter handle SandboxEscaper , however , decided it would be a good idea to exposeVulnerability-related.DiscoverVulnerabilitya 0-day threat to the world on Twitter , without forewarningVulnerability-related.DiscoverVulnerabilityMicrosoft , and even linked to proof on concept code on GitHub that has since been verified as functional . The language in the original Tweet prevents me from directly embedding it here . SandboxEscaper essentially saidVulnerability-related.DiscoverVulnerability, “ Here is the alpc bug as 0day ... I do n't * * * * ing care about life anymore . Neither do I ever again want to submit to MSFT anyway ... ” The official post on the CERT/CC website explainsVulnerability-related.DiscoverVulnerability, “ The Microsoft Windows task scheduler SchRpcSetSecurity API containsVulnerability-related.DiscoverVulnerabilitya vulnerability in the handling of ALPC , which can allow a local user to gain SYSTEM privileges . We have confirmedVulnerability-related.DiscoverVulnerabilitythat the public exploit code works on 64-bit Windows 10 and Windows Server 2016 systems . We have also confirmedVulnerability-related.DiscoverVulnerabilitycompatibility with 32-bit Windows 10 with minor modifications to the public exploit code . Compatibility with other Windows versions is possible with further modifications. ” At this point , Microsoft does not have a patch at the ready , but according to reports a fix will be comingVulnerability-related.PatchVulnerabilityin the next batch of patch Tuesday updates . Because the exploit requires the local execution of code , it doesn ’ t necessarily warrant an out-of-band update . However , with proof of concept code readily available , it ’ s possible nefarious individuals could trick less savvy users into running the code and gain full access to their systems . As always , never execute any files from unknown or untrusted sources.The bug lies in the Windows Task Scheduler ’ s Advanced Local Procedure Call , or ALPC , interface . It allows a local user to gain system level privileges and have free reign over the system to do whatever they want , including overwriting / modifying system files . Will Dormann of CERT/CC verifiedVulnerability-related.DiscoverVulnerabilitythe original exploit code works on a fully patched Windows 10 x64 installation and later modified the code to work on 32-bit systems as well .
Mozilla releasedVulnerability-related.PatchVulnerabilitynine fixes in its Wednesday launch of Firefox 62 for Windows , Mac and Android – including one for a critical glitch that could enable attackers to run arbitrary code . Overall , the latest version of the Firefox browser includedVulnerability-related.PatchVulnerabilityfixes for the critical issue , three high-severity flaws , two moderate problems and three low-severity vulnerabilities . Topping the list is a memory safety bug ( CVE-2018-12376 ) , discoveredVulnerability-related.DiscoverVulnerabilityby a number of Mozilla developers and community members . A critical impact bug means the vulnerability can be used to run attacker code and install software , requiring no user interaction beyond normal browsing , according to Mozilla . The memory safety problem , which exists inVulnerability-related.DiscoverVulnerabilityFirefox 61 and Firefox ESR 60 , meets these criteria , researchers saidVulnerability-related.DiscoverVulnerability. Mozilla didn ’ t release further details , but it did assign one CVEVulnerability-related.DiscoverVulnerabilityto represent multiple similar issues . In addition to the memory safety bug ( s ) , Mozilla also fixedVulnerability-related.PatchVulnerabilitythree high-severity vulnerabilities in its latest update . These include a use-after-free glitch in refresh driver timers ( CVE-2018-12377 ) , which power browser-page refreshes . Another high-severity bug ( CVE-2018-12378 ) is a use-after-free vulnerability that occursVulnerability-related.DiscoverVulnerabilitywhen an IndexedDB index ( a low-level API for client-side storage of significant amounts of structured data ) is deleted while still in use by JavaScript code providing payload values . “ This results in a potentially exploitable crash , ” the advisory said . Mozilla developers and community members also foundVulnerability-related.DiscoverVulnerabilitya memory-safety bug ( CVE-2018-12375 ) in Firefox 61 , which showed evidence of memory corruption and could be exploitedVulnerability-related.DiscoverVulnerabilityto run arbitrary code , according to the advisory . The moderate and low-severity fixes that were deployedVulnerability-related.PatchVulnerabilityin Firefox 62 include patches for an out-of-bounds write flaw ( triggered when the Mozilla Updater opens a MAR format file that contains a very long item filename ) ; and a proxy bypass glitch in the browser ’ s proxy settings . Firefox 62 for desktop is availableVulnerability-related.PatchVulnerabilityfor download on Mozilla ’ s website .
Thousands , if not more , Jenkins servers are vulnerableVulnerability-related.DiscoverVulnerabilityto data theft , takeover , and cryptocurrency mining attacks . This is because hackers can exploit two vulnerabilities to gain admin rights or log in using invalid credentials on these servers . Both vulnerabilities were discoveredVulnerability-related.DiscoverVulnerabilityby security researchers from CyberArk , were privately reportedVulnerability-related.DiscoverVulnerabilityto the Jenkins team , and receivedVulnerability-related.PatchVulnerabilityfixes over the summer . But despite patches for both issues , there are still thousands of Jenkins servers availableVulnerability-related.PatchVulnerabilityonline . Jenkins is a web application for continuous integration built in Java that allows development teams to run automated tests and commands on code repositories based on test results , and even automate the process of deploying new code to production servers . Jenkins is a popular component in many companies ' IT infrastructure and these servers are very popular with both freelancers and enterprises alike . Over the summer , CyberArk researchers discoveredVulnerability-related.DiscoverVulnerabilitya vulnerability ( tracked asVulnerability-related.DiscoverVulnerabilityCVE-2018-1999001 ) that allows an attacker to provide malformed login credentials that cause Jenkins servers to move their config.xml file from the Jenkins home directory to another location . If an attacker can cause the Jenkins server to crash and restart , or if he waits for the server to restart on its own , the Jenkins server then boots in a default configuration that features no security . In this weakened setup , anyone can register on the Jenkins server and gain administrator access . With an administrator role in hand , an attacker can access private corporate source code , or even make code modifications to plant backdoors in a company 's apps . This lone issue would have been quite bad on its own , but CyberArk researchers also discoveredVulnerability-related.DiscoverVulnerabilitya second Jenkins vulnerability -- CVE-2018-1999043 . This second bug , they saidVulnerability-related.DiscoverVulnerability, allowed an attacker to create ephemeral user records in the server 's memory , allowing an attacker a short period when they could authenticate using ghost usernames and credentials . Both vulnerabilities were fixedVulnerability-related.PatchVulnerability, the first in July and the second in August , but as we 've gotten accustomed to in the past few years of covering security flaws , not all server owners have bothered to install these security updates .
Valve has patchedVulnerability-related.PatchVulnerabilitya critical vulnerability in the Steam client which has lurked undetected for at least 10 years . The vulnerability impactsVulnerability-related.DiscoverVulnerabilityall versions of the gaming platform . Tom Court , a security researcher hailing from Context Information Security , discoveredVulnerability-related.DiscoverVulnerabilitythe bug and disclosedVulnerability-related.DiscoverVulnerabilityhis findings on Thursday . In a blog post , the researcher saidVulnerability-related.DiscoverVulnerabilitythat left unpatchedVulnerability-related.PatchVulnerability, the bug permits threat actors to perform remote code execution ( RCE ) attacks . It was not until July last year that Valve added modern ASLR exploit protections to its Steam source code . However , this addition made sure that the vulnerability would only cause a client crash if exploitedVulnerability-related.DiscoverVulnerability-- unless a separate information leak vulnerability was also active in the exploit chain . Valve 's Steam software uses a custom protocol , known as the `` Steam Protocol , '' which is delivered on the top of UDP . The protocol registers packet length and the total reassembled datagram length ; however , the vulnerability was caused by a simple lack of checks to ensure that for the first packet of a fragmented datagram , the specified length was less than or equal to the total datagram length . All an attacker needed to do was to send a malformed UDP packet to trigger the exploit . `` This means that it is possible to supply a data_len smaller than packet_len and have up to 64kb of data ( due to the 2-byte width of the packet_len field ) copied to a very small buffer , resulting in an exploitable heap corruption , '' Court says . `` This seems like a simple oversight , given that the check was present for all subsequent packets carrying fragments of the datagram . '' The vulnerability was reportedVulnerability-related.DiscoverVulnerabilityto Valve on 20 February and was fixedVulnerability-related.PatchVulnerabilityin a beta release less than 12 hours later . This patch was then pushedVulnerability-related.PatchVulnerabilityto a stable release on 22 March . `` This was a very simple bug , made relatively straightforward to exploit due to a lack of modern exploit protections , '' Court says . `` The vulnerable code was probably very old , but as it was otherwise in good working order , the developers likely saw no reason to go near it or update their build scripts . '' `` The lesson here is that as a developer it is important to periodically include aging code and build systems in your reviews to ensure they conform to modern security standards , even if the actual functionality of the code has remained unchanged , '' the researcher added .
Apache Software Foundation has patchedVulnerability-related.PatchVulnerabilitya remote code execution vulnerability affectingVulnerability-related.DiscoverVulnerabilitythe Jakarta Multipart parser in Apache Struts . Administrators need to updateVulnerability-related.PatchVulnerabilitythe popular Java application framework or put workarounds in place because the vulnerability is actively being targeted in attacks . The issue affectsVulnerability-related.DiscoverVulnerabilityApache Struts versions 2.3.5 through 2.3.31 and versions 2.5 through 2.5.10 . The presence of vulnerable code is enough to expose the system to attack—the web application doesn ’ t need to implement file upload for attackers to exploitVulnerability-related.DiscoverVulnerabilitythe flaw , saidVulnerability-related.DiscoverVulnerabilityresearchers from Cisco Talos . Talos “ found a high number of exploitation events , ” said Cisco threat researcher Nick Biasini . “ With exploitation actively underway , Talos recommends immediate upgrading if possible or following the workaround referenced in the above security advisory ” . The remote code execution vulnerability ( CVE-2017-5638 ) in the Jakarta Multipart parser is the result of improper handling of the Content-Type header , Apache saidVulnerability-related.DiscoverVulnerabilityin its emergency security advisory . The header indicates the media type of the resource , such as when the client tells the server what type of data was sent as part of a POST or PUT request , or the server telling the client what type of content is being returned as part of the response . The flaw is triggered when Struts parses a malformed Content-Type HTTP header and lets attackers remotely take complete control of the system without needing any kind of authentication .
Apache Software Foundation has patchedVulnerability-related.PatchVulnerabilitya remote code execution vulnerability affectingVulnerability-related.DiscoverVulnerabilitythe Jakarta Multipart parser in Apache Struts . Administrators need to updateVulnerability-related.PatchVulnerabilitythe popular Java application framework or put workarounds in place because the vulnerability is actively being targeted in attacks . The issue affectsVulnerability-related.DiscoverVulnerabilityApache Struts versions 2.3.5 through 2.3.31 and versions 2.5 through 2.5.10 . The presence of vulnerable code is enough to expose the system to attack—the web application doesn ’ t need to implement file upload for attackers to exploitVulnerability-related.DiscoverVulnerabilitythe flaw , saidVulnerability-related.DiscoverVulnerabilityresearchers from Cisco Talos . Talos “ found a high number of exploitation events , ” said Cisco threat researcher Nick Biasini . “ With exploitation actively underway , Talos recommends immediate upgrading if possible or following the workaround referenced in the above security advisory ” . The remote code execution vulnerability ( CVE-2017-5638 ) in the Jakarta Multipart parser is the result of improper handling of the Content-Type header , Apache saidVulnerability-related.DiscoverVulnerabilityin its emergency security advisory . The header indicates the media type of the resource , such as when the client tells the server what type of data was sent as part of a POST or PUT request , or the server telling the client what type of content is being returned as part of the response . The flaw is triggered when Struts parses a malformed Content-Type HTTP header and lets attackers remotely take complete control of the system without needing any kind of authentication .
A severe WordPress vulnerability which has been left a year without being patchedVulnerability-related.PatchVulnerabilityhas the potential to disrupt countless websites running the CMS , researchers claimVulnerability-related.DiscoverVulnerability. At the BSides technical cybersecurity conference in Manchester on Thursday , Secarma researcher Sam Thomas saidVulnerability-related.DiscoverVulnerabilitythe bug permits attackers to exploit the WordPress PHP framework , resulting in a full system compromise . If the domain permits the upload of files , such as image formats , attackers can upload a crafted thumbnail file in order to trigger a file operation through the `` phar : // '' stream wrapper . In turn , the exploit triggers eXternal Entity ( XXE -- XML ) and Server Side Request Forgery ( SSRF ) flaws which cause unserialization in the platform 's code . While these flaws may only originally result in information disclosure and may be low risk , they can act as a pathway to a more serious remote code execution attack . The security researcher saysVulnerability-related.DiscoverVulnerabilitythe core vulnerability , which is yet to receive a CVEVulnerability-related.DiscoverVulnerabilitynumber , is within the wp_get_attachment_thumb_file function in /wpincludes/post.php and when attackers gain control of a parameter used in the `` file_exists '' call , '' the bug can be triggered . Unserialization occurs when serialized variables are converted back into PHP values . When autoloading is in place , this can result in code being loaded and executed , an avenue attackers may exploit in order to compromise PHP-based frameworks . `` Unserialization of attacker-controlled data is a known critical vulnerability , potentially resulting in the execution of malicious code , '' the company says . The issue of unserialization was first uncoveredVulnerability-related.DiscoverVulnerabilityback in 2009 , and since then , vulnerabilities have been recognizedVulnerability-related.DiscoverVulnerabilityin which the integrity of PHP systems can be compromised , such as CVE-2017-12934 , CVE-2017-12933 , and CVE-2017- 12932 . The WordPress content management system ( CMS ) is used by millions of webmasters to manage domains , which means the vulnerability potentially has a vast victim pool should the flaw being exploitedVulnerability-related.DiscoverVulnerabilityin the wild . `` I 've highlighted that the unserialization is exposed to a lot of vulnerabilities that might have previously been considered quite low-risk , '' Thomas explainde . `` Issues which they might have thought were fixedVulnerability-related.PatchVulnerabilitywith a configuration change or had been considered quite minor previously might need to be reevaluated in the light of the attacks I demonstrated . '' According to Secarma , the CMS provider was made awareVulnerability-related.DiscoverVulnerabilityof the security issue in February 2017 , but `` is yet to take action . '' TechRepublic : The need for speed : Why you should optimize your CMS Technical details have been provided in a white paper ( .PDF ) . `` This research continues a worrying recent trend , in demonstrating that object ( un ) serialization is an integral part of several modern languages , '' Thomas said . `` We must constantly be aware of the security impact of such mechanisms being exposed to attackers . '' No reports have been received which suggest the exploit is being actively used in the wild . The vulnerability was originally reportedVulnerability-related.DiscoverVulnerabilitythrough the WordPress HackerOne bug bounty program last year . The issue was confirmedVulnerability-related.DiscoverVulnerabilityafter several days and Thomas was credited for his findings . However , a Secarma spokesperson told ZDNet that while there was `` some attempt to fixVulnerability-related.PatchVulnerabilitythe issue '' in May 2017 , this did not addressVulnerability-related.PatchVulnerabilitythe problem . `` Communication then went dead for a number of months and has only recently begun again , '' the spokesperson added . ZDNet has reached out to WordPress and will update if we hear back .
Apple has posted the annual full overhaul of the Mac operating system , this time focusing on a redesign of the look and feel of the interface . The 10.14 incarnation of macOS , known as Mojave , has been releasedVulnerability-related.PatchVulnerabilityinto general availability . It includes new features , interface updates , and security patches – though at least one hole was left unpatchedVulnerability-related.PatchVulnerability. Apple is touting a set of interface improvements with the update , most notably the addition of a `` Dark Mode '' color scheme option and a Dynamic Desktop background that changes the image with the time of day . In more useful features , there 's the Stacks utility that organizes messy desktops by grouping files into categories . Apple also added a set of new News , Stocks , Voice Memos , and Home applications for macOS , porting the tools from iOS , while the Mac Continuity Camera app will let users snap and share pictures from their iOS device . Apple also redesigned the macOS version of the App Store service . Nestled into the Mojave update was a patch bundle that addressesVulnerability-related.PatchVulnerabilitymore than a half-dozen security holes . Mojave will include fixes for eight CVE-listed vulnerabilities . These include two remote code execution flaws in the kernel ( CVE-2018-4336 , CVE-2018-4344 ) and weak RC4 encryption ( CVE-2016-1777 ) . That '4344 flaw was discoveredVulnerability-related.DiscoverVulnerabilityby eggheads at the UK government 's eavesdropping nerve center , GCHQ . Other flaws include a traffic intercept flaw in Bluetooth ( CVE-2018-5383 ) , a sandbox escape in the operation firewall ( CVE-2018-4353 ) , a restricted memory access flaw in Crash Reporter ( CVE-2018-4333 ) , and flaws in both Auto Unlock ( CVE-2018-4321 ) and App Store ( CVE-2018-4324 ) that would allow an attacker to access the user 's Apple ID . Seemingly , these patches are only availableVulnerability-related.PatchVulnerabilityfor macOS 10.14 – however , previous versions of the operating system were fixedVulnerability-related.PatchVulnerabilityup last week . It did n't take long for at least one researcher to blast holes in the security features of the new operating system . Shortly after Mojave arrived , macOS guru Patrick Wardle dropped word of a vulnerability he discoveredVulnerability-related.DiscoverVulnerabilitythat would allow an attacker to bypass the privacy safeguards in Mojave that would normally prevent an unauthorized app from accessing things like users ' contact details . Here 's a video of the exploit ... Wardle saidVulnerability-related.DiscoverVulnerabilityhe has reportedVulnerability-related.DiscoverVulnerabilitythe bug to Apple , but will not release details beyond the proof-of-concept video until a fix can be releasedVulnerability-related.PatchVulnerability. More technical details are due to be released in November .
Overall , the chip giant patchedVulnerability-related.PatchVulnerabilityfive vulnerabilities across an array of its products . Intel on Tuesday patchedVulnerability-related.PatchVulnerabilitythree high-severity vulnerabilities that could allow the escalation of privileges across an array of products . Overall , the chip giant fixedVulnerability-related.PatchVulnerabilityfive bugs – three rated high-severity , and two medium-severity . The most concerning of these bugs is an escalation-of-privilege glitch in Intel ’ s PROset/Wireless Wi-Fi software , which is its wireless connection management tool . The vulnerability , CVE-2018-12177 , has a “ high ” CVSS score of 7.8 , according to Intel ’ s update . “ Intel is releasingVulnerability-related.PatchVulnerabilitysoftware updates to mitigateVulnerability-related.PatchVulnerabilitythis potential vulnerability , ” it said , urging users to updateVulnerability-related.PatchVulnerabilityto version 20.90.0.7 or later of the software . The vulnerability , reportedVulnerability-related.DiscoverVulnerabilityby Thomas Hibbert of Insomnia Security , stems from improper directory permissions plaguing the software ’ s ZeroConfig service in versions before 20.90.0.7 . The issue could allow an authorized user to potentially enable escalation of privilege via local access . The other high-severity bug exists inVulnerability-related.DiscoverVulnerabilitythe company ’ s System Support Utility for Windows , which offers support for Intel-packed Windows device users . This bug ( CVE-2019-0088 ) is due to insufficient path checking in the support utility , allowing an already-authenticated user to potentially gain escalation of privilege via local access . The vulnerability has a CVSS score of 7.5 . Versions of System Support Utility for Windows before 2.5.0.15 are impactedVulnerability-related.DiscoverVulnerability; Intel recommendsVulnerability-related.PatchVulnerabilityusers updateVulnerability-related.PatchVulnerabilityto versions 2.5.0.15 or later . Independent security researcher Alec Blance was credited with discoveringVulnerability-related.DiscoverVulnerabilitythe flaw . The chip-maker also patchedVulnerability-related.PatchVulnerabilitya high-severity and medium-severity flaw in its Software Guard Extensions ( SGX ) platform and software , which help application developers to protect select code and data from disclosure or modification . “ Multiple potential security vulnerabilities in Intel SGX SDK and Intel SGX Platform Software may allow escalation of privilege or information disclosure , ” saidVulnerability-related.DiscoverVulnerabilityIntel . The high-severity flaw in SGX ( CVE-2018-18098 ) has a CVSS score of 7.5 and could allow an attacker with local access to gain escalated privileges . The vulnerability is rooted inVulnerability-related.DiscoverVulnerabilityimproper file verification in the install routine for Intel ’ s SGX SDK and Platform Software for Windows before 2.2.100 . It was discoveredVulnerability-related.DiscoverVulnerabilityby researcher Saif Allah ben Massaoud . Another vulnerability in the platform ( CVE-2018-12155 ) is only medium in severity , but could allow an unprivileged user to cause information disclosure via local access . That ’ s due to data leakageAttack.Databreachin the cryptographic libraries of the SGX platform ’ s Integrated Performance Primitives , a function that provides developers with building blocks for image and data processing . And finally , a medium escalation of privilege vulnerability in Intel ’ s SSD data-center tool for Windows has been patchedVulnerability-related.PatchVulnerability. “ Improper directory permissions in the installer for the Intel SSD Data Center Tool for Windows before v3.0.17 may allow authenticated users to potentially enable an escalation of privilege via local access , ” saidVulnerability-related.DiscoverVulnerabilityIntel ’ s update . The company recommends users update to v3.0.17 or later . Intel ’ s patch comesVulnerability-related.PatchVulnerabilityduring a busy patch Tuesday week , which includes fixes from Adobe and Microsoft .
Overall , the chip giant patchedVulnerability-related.PatchVulnerabilityfive vulnerabilities across an array of its products . Intel on Tuesday patchedVulnerability-related.PatchVulnerabilitythree high-severity vulnerabilities that could allow the escalation of privileges across an array of products . Overall , the chip giant fixedVulnerability-related.PatchVulnerabilityfive bugs – three rated high-severity , and two medium-severity . The most concerning of these bugs is an escalation-of-privilege glitch in Intel ’ s PROset/Wireless Wi-Fi software , which is its wireless connection management tool . The vulnerability , CVE-2018-12177 , has a “ high ” CVSS score of 7.8 , according to Intel ’ s update . “ Intel is releasingVulnerability-related.PatchVulnerabilitysoftware updates to mitigateVulnerability-related.PatchVulnerabilitythis potential vulnerability , ” it said , urging users to updateVulnerability-related.PatchVulnerabilityto version 20.90.0.7 or later of the software . The vulnerability , reportedVulnerability-related.DiscoverVulnerabilityby Thomas Hibbert of Insomnia Security , stems from improper directory permissions plaguing the software ’ s ZeroConfig service in versions before 20.90.0.7 . The issue could allow an authorized user to potentially enable escalation of privilege via local access . The other high-severity bug exists inVulnerability-related.DiscoverVulnerabilitythe company ’ s System Support Utility for Windows , which offers support for Intel-packed Windows device users . This bug ( CVE-2019-0088 ) is due to insufficient path checking in the support utility , allowing an already-authenticated user to potentially gain escalation of privilege via local access . The vulnerability has a CVSS score of 7.5 . Versions of System Support Utility for Windows before 2.5.0.15 are impactedVulnerability-related.DiscoverVulnerability; Intel recommendsVulnerability-related.PatchVulnerabilityusers updateVulnerability-related.PatchVulnerabilityto versions 2.5.0.15 or later . Independent security researcher Alec Blance was credited with discoveringVulnerability-related.DiscoverVulnerabilitythe flaw . The chip-maker also patchedVulnerability-related.PatchVulnerabilitya high-severity and medium-severity flaw in its Software Guard Extensions ( SGX ) platform and software , which help application developers to protect select code and data from disclosure or modification . “ Multiple potential security vulnerabilities in Intel SGX SDK and Intel SGX Platform Software may allow escalation of privilege or information disclosure , ” saidVulnerability-related.DiscoverVulnerabilityIntel . The high-severity flaw in SGX ( CVE-2018-18098 ) has a CVSS score of 7.5 and could allow an attacker with local access to gain escalated privileges . The vulnerability is rooted inVulnerability-related.DiscoverVulnerabilityimproper file verification in the install routine for Intel ’ s SGX SDK and Platform Software for Windows before 2.2.100 . It was discoveredVulnerability-related.DiscoverVulnerabilityby researcher Saif Allah ben Massaoud . Another vulnerability in the platform ( CVE-2018-12155 ) is only medium in severity , but could allow an unprivileged user to cause information disclosure via local access . That ’ s due to data leakageAttack.Databreachin the cryptographic libraries of the SGX platform ’ s Integrated Performance Primitives , a function that provides developers with building blocks for image and data processing . And finally , a medium escalation of privilege vulnerability in Intel ’ s SSD data-center tool for Windows has been patchedVulnerability-related.PatchVulnerability. “ Improper directory permissions in the installer for the Intel SSD Data Center Tool for Windows before v3.0.17 may allow authenticated users to potentially enable an escalation of privilege via local access , ” saidVulnerability-related.DiscoverVulnerabilityIntel ’ s update . The company recommends users update to v3.0.17 or later . Intel ’ s patch comesVulnerability-related.PatchVulnerabilityduring a busy patch Tuesday week , which includes fixes from Adobe and Microsoft .
A flaw in popular messenger apps WhatsApp and Telegram , which could allow hackers to gain access to hundreds of millions of accounts using the very encryption software designed to keep them out , has been discoveredVulnerability-related.DiscoverVulnerabilityby cyber security firm Check Point . The Israeli multinational said it was concerned about vulnerabilities in the messaging apps , following WikiLeaks ’ ‘ Vault 7 ’ release of more than 8,500 CIA documents . “ One of the most concerning revelations arising from the recent WikiLeaks publication is the possibility that government organizations can compromise WhatsApp , Telegram and other end-to-end encrypted chat applications , ” the company said in a blog post . These online versions mirror all messages sent and received by a user ’ s mobile device , which deploys end-to-end encryption so that only those sending and receiving messages can view the content . Hackers could gain access to a user ’ s account , however , by booby-trapping a digital image with malicious code which would be activated once the image is viewed . The code could then spread like a virus by sending infected messages to a user 's contacts . “ This means that attackers could potentially download your photos and or post them online , send messages on your behalf , demand ransomAttack.Ransom, and even take over your friends ’ accounts , ” they added . Check Point saidVulnerability-related.DiscoverVulnerabilityit alertedVulnerability-related.DiscoverVulnerabilityboth companies to the problem last week and waited for the issues to be resolvedVulnerability-related.PatchVulnerabilitybefore making it public . Both companies have said they ’ ve since patched the problem . “ Thankfully , WhatsApp and Telegram responded quicklyVulnerability-related.DiscoverVulnerabilityand responsibly to deploy the mitigation against exploitation of this issue in all web clients , ” Check Point Head of Product Vulnerability Oded Vanunu said . The company has advised , however , that WhatsApp and Telegram web users should restart their browser to ensure they ’ re using the latest versions of the service
The mobile phone company Three has experienced a fresh data breachAttack.Databreachafter some customers logging into their accounts were presented with the names , addresses , phone numbers and call histories of strangers . Three saidVulnerability-related.DiscoverVulnerabilityit was investigatingVulnerability-related.DiscoverVulnerabilitya technical issue with its systems and urged those affected to contact its customer service department . One customer , Andy Fidler , told the Guardian he was presented with the data usage and full call and text history of another named customer when he logged in on Sunday night . Another , Mark Thompson , said on Facebook he received a call from a complete stranger who said she had logged on to her account and was shown his details . Thompson said it was a “ shocking breach of data privacyAttack.Databreach” . He wrote on Three UK ’ s Facebook page : “ Care to explain just how my details have been shared , how many people have had accessAttack.Databreachto my personal information , for how long , and how many of your other customers have had their details leakedAttack.Databreachby yourselves to other members of the public as well ? ” Other customers also wanted to know why they were being presented with other people ’ s information when they logged in . Three UK , which is owned by the telecoms giant Hutchinson and has 9 million customers in Britain , said it was investigating . “ We are aware of a small number of customers who may have been able to view the mobile account details of other Three users using My3 , ” a spokesman said . “ No financial details were viewable during this time and we are investigating the matter ” . The Information Commissioner ’ s Office said it “ will be looking into this potential incident involving Three ” . A spokeswoman for the regulator said : “ Data protection law requires organisations to keep any personal information they hold secure . It ’ s our job to act on behalf of consumers to see whether that ’ s happened and take appropriate action if it has not ” . The problem comes four months after three men were arrested after fraudsters accessedAttack.Databreachpersonal data of thousands of Three customers , including names and addresses , by using authorised logins to its database of customers eligible for an upgraded handset . Customer information from more than 133,000 users was compromisedAttack.Databreachin the incidentAttack.Databreach.
A severe vulnerability has been disclosedVulnerability-related.DiscoverVulnerabilityin libpurple , the library used in the development of a number of popular instant messaging clients , including Pidgin and Adium for the macOS platform . Adium 1.5.10.2 is vulnerableVulnerability-related.DiscoverVulnerabilityand can be exploitedVulnerability-related.DiscoverVulnerabilityto run arbitrary code remotely . A researcher who goes by the handle Erythronium submitted a postVulnerability-related.DiscoverVulnerabilityon March 15 to the Adium developers mailing list about the issue . While there ’ s been some discussion of a fix for CVE-2017-2640 , no Adium advisory or patches have been releasedVulnerability-related.PatchVulnerability. In the meantime , Erythronium told Threatpost that libpurple and Adium should no longer be used . “ Unless the [ Adium ] dev team comes outVulnerability-related.PatchVulnerabilitywith an advisory about this issue , a serious apology , a completely solid story about how they plan to handle future vulnerabilities in their codebase and its dependencies , and a way for people to reproduce their builds without depending on a creepy binary blob of libpurple , people should simply stop using it , ” the researcher said . “ It ’ s also very arguable that people should stop using libpurple completely , since it also lacks strong security practices in its development ” . A request for comment from two members of the Adium team was not returned in time for publication . “ Adium ’ s build process documentation does not seem to include steps for upgrading or rebuilding libpurple , and the copy of libpurple checked into Adium ’ s open-source repository as a binary blob of unknown provenance , ” Erythronium wrote in a post to the Full Disclosure mailing list . Adium is a freely available IM client for the Apple platform , and users may connect a number of other IM networks to it , including AIM , Google Talk , Yahoo Messenger and others . It ’ s written using the Cocoa API in macOS , and also supports Off the Record ( OTR ) encryption over XMPP . Libpurple is used in a number of IM programs , including Pidgin on Windows Linux and UNIX builds and Finch , a text-based IM program for Linux and UNIX . The vulnerability is an out-of-bounds write flaw that happens when invalid XML is sent by an attacker , Pidgin said in an advisory . “ Successfully exploiting this issue may allow an attacker to cause a denial-of-service condition , execute arbitrary code or perform unauthorized actions , ” saidVulnerability-related.DiscoverVulnerabilitya SecurityFocus advisory . The use of messaging apps that support encryption have been encouraged since the Snowden disclosures and other challenges to secure communication such as Apple vs. FBI . Adium specifically was included in a Privacy Pack recommended by the Electronic Frontier Foundation in the months following the Snowden leaks . The pack was a collection of tools for privacy conscious users , and included the Tor browser , encryption extensions for browsers , HTTPS Everywhere , and Pidgin and Adium for encrypted chats . Enterprise applications from Oracle and others could be becoming juicier targets for attackers . Developers using the Twilio platform to build enterprise mobile communications apps have put call and text data at risk for exposure . Between $ 150 million and $ 300 million in digital currency called ether remains inaccessible today after a user said he “ accidentally ” triggered a vulnerability that froze the funds in the popular Parity wallet
Microsoft Internet Information Services ( IIS ) 6.0 has a Zero Day vulnerability attackers leveraged last summer and is likely undergoing exploitation now , researchers saidVulnerability-related.DiscoverVulnerability. The vulnerability is a buffer overflow in a function in the WebDAV service in IIS 6.0 in Microsoft Windows Server 2003 R2 , and can end up triggered by attackers sending an overlong IF header in a PROPFIND request , saidVulnerability-related.DiscoverVulnerabilityresearchers at Trend Micro . Unfortunately , Microsoft won ’ t patchVulnerability-related.PatchVulnerabilitythe flaw because they stopped supporting Windows Server 2003 a few years ago ( IIS 6.0 was in the OS ) . There are a little over 600,000 publicly accessible IIS 6.0 servers on the Internet , and most of them are probably running on Windows Server 2003 , according to a search of Shodan . The risk of exploitation can end up mitigated by disabling the WebDAV service on the vulnerable IIS 6.0 installation , but not all administrators will want to do it . There is a fix out there from Mitja Kolsek , chief executive of Acros Security and co-founder at 0patch . The patch is free and its source code is open for inspection
Microsoft Internet Information Services ( IIS ) 6.0 has a Zero Day vulnerability attackers leveraged last summer and is likely undergoing exploitation now , researchers saidVulnerability-related.DiscoverVulnerability. The vulnerability is a buffer overflow in a function in the WebDAV service in IIS 6.0 in Microsoft Windows Server 2003 R2 , and can end up triggered by attackers sending an overlong IF header in a PROPFIND request , saidVulnerability-related.DiscoverVulnerabilityresearchers at Trend Micro . Unfortunately , Microsoft won ’ t patchVulnerability-related.PatchVulnerabilitythe flaw because they stopped supporting Windows Server 2003 a few years ago ( IIS 6.0 was in the OS ) . There are a little over 600,000 publicly accessible IIS 6.0 servers on the Internet , and most of them are probably running on Windows Server 2003 , according to a search of Shodan . The risk of exploitation can end up mitigated by disabling the WebDAV service on the vulnerable IIS 6.0 installation , but not all administrators will want to do it . There is a fix out there from Mitja Kolsek , chief executive of Acros Security and co-founder at 0patch . The patch is free and its source code is open for inspection
A broad array of Android phones are vulnerableVulnerability-related.DiscoverVulnerabilityto attacks that use booby-trapped Wi-Fi signals to achieve full device takeover , a researcher has demonstratedVulnerability-related.DiscoverVulnerability. The vulnerability resides inVulnerability-related.DiscoverVulnerabilitya widely used Wi-Fi chipset manufactured by Broadcom and used in both iOS and Android devices . Apple patchedVulnerability-related.PatchVulnerabilitythe vulnerability with Monday 's releaseVulnerability-related.PatchVulnerabilityof iOS 10.3.1 . `` An attacker within range may be able to execute arbitrary code on the Wi-Fi chip , '' Apple 's accompanying advisory warnedVulnerability-related.DiscoverVulnerability. In a highly detailed blog post publishedVulnerability-related.DiscoverVulnerabilityTuesday , the Google Project Zero researcher who discoveredVulnerability-related.DiscoverVulnerabilitythe flaw saidVulnerability-related.DiscoverVulnerabilityit allowed the execution of malicious code on a fully updated 6P `` by Wi-Fi proximity alone , requiring no user interaction . '' Google is in the process of releasingVulnerability-related.PatchVulnerabilityan update in its April security bulletin . The fix is availableVulnerability-related.PatchVulnerabilityonly to a select number of device models , and even then it can take two weeks or more to be available as an over-the-air update to those who are eligible . Company representatives did n't respond to an e-mail seeking comment for this post . The proof-of-concept exploit developed by Project Zero researcher Gal Beniamini uses Wi-Fi frames that contain irregular values . The values , in turn , cause the firmware running on Broadcom 's wireless system-on-chip to overflow its stack . By using the frames to target timers responsible for carrying out regularly occurring events such as performing scans for adjacent networks , Beniamini managed to overwrite specific regions of device memory with arbitrary shellcode . Beniamini 's code does nothing more than write a benign value to a specific memory address . Attackers could obviously exploit the same series of flaws to surreptitiously execute malicious code on vulnerable devices within range of a rogue access point . Besides the specific stack overflow bugs exploitedVulnerability-related.DiscoverVulnerabilityby the proof-of-concept attack , Beniamini saidVulnerability-related.DiscoverVulnerabilitya lack of security protections built into many software and hardware platforms made the Broadcom chipset a prime target . `` We ’ ve seen that while the firmware implementation on the Wi-Fi SoC is incredibly complex , it still lags behind in terms of security , '' he wrote . `` Specifically , it lacks all basic exploit mitigations—including stack cookies , safe unlinking and access permission protection ( by means of [ a memory protection unit . ] ) '' The Broadcom chipset contains an MPU , but the researcher found that it 's implemented in a way that effectively makes all memory readable , writeable , and executable . `` We can conveniently execute our code directly from the heap . '' He said that Broadcom has informed him that newer versions of the chipset implement the MPU more effectively and also add unspecified additional security mechanisms . Given the severity of the vulnerability , people with affectedVulnerability-related.DiscoverVulnerabilitydevices should installVulnerability-related.PatchVulnerabilitya patch as soon as it 's available . For those with vulnerable iPhones , that 's easy enough . As is all too often the case for Android users , there 's no easy way to getVulnerability-related.PatchVulnerabilitya fix immediately , if at all . That 's because Google continues to stagger the releaseVulnerability-related.PatchVulnerabilityof its monthly patch bundle for the minority of devices that are eligible to receive it . At the moment , it 's not clear if there are effective workarounds available for vulnerable devices . Turning off Wi-Fi is one possibility , but as revealed in recent research into an unrelated Wi-Fi-related weakness involving Android phones , devices often relay Wi-Fi frames even when Wi-Fi is turned off
A broad array of Android phones are vulnerableVulnerability-related.DiscoverVulnerabilityto attacks that use booby-trapped Wi-Fi signals to achieve full device takeover , a researcher has demonstratedVulnerability-related.DiscoverVulnerability. The vulnerability resides inVulnerability-related.DiscoverVulnerabilitya widely used Wi-Fi chipset manufactured by Broadcom and used in both iOS and Android devices . Apple patchedVulnerability-related.PatchVulnerabilitythe vulnerability with Monday 's releaseVulnerability-related.PatchVulnerabilityof iOS 10.3.1 . `` An attacker within range may be able to execute arbitrary code on the Wi-Fi chip , '' Apple 's accompanying advisory warnedVulnerability-related.DiscoverVulnerability. In a highly detailed blog post publishedVulnerability-related.DiscoverVulnerabilityTuesday , the Google Project Zero researcher who discoveredVulnerability-related.DiscoverVulnerabilitythe flaw saidVulnerability-related.DiscoverVulnerabilityit allowed the execution of malicious code on a fully updated 6P `` by Wi-Fi proximity alone , requiring no user interaction . '' Google is in the process of releasingVulnerability-related.PatchVulnerabilityan update in its April security bulletin . The fix is availableVulnerability-related.PatchVulnerabilityonly to a select number of device models , and even then it can take two weeks or more to be available as an over-the-air update to those who are eligible . Company representatives did n't respond to an e-mail seeking comment for this post . The proof-of-concept exploit developed by Project Zero researcher Gal Beniamini uses Wi-Fi frames that contain irregular values . The values , in turn , cause the firmware running on Broadcom 's wireless system-on-chip to overflow its stack . By using the frames to target timers responsible for carrying out regularly occurring events such as performing scans for adjacent networks , Beniamini managed to overwrite specific regions of device memory with arbitrary shellcode . Beniamini 's code does nothing more than write a benign value to a specific memory address . Attackers could obviously exploit the same series of flaws to surreptitiously execute malicious code on vulnerable devices within range of a rogue access point . Besides the specific stack overflow bugs exploitedVulnerability-related.DiscoverVulnerabilityby the proof-of-concept attack , Beniamini saidVulnerability-related.DiscoverVulnerabilitya lack of security protections built into many software and hardware platforms made the Broadcom chipset a prime target . `` We ’ ve seen that while the firmware implementation on the Wi-Fi SoC is incredibly complex , it still lags behind in terms of security , '' he wrote . `` Specifically , it lacks all basic exploit mitigations—including stack cookies , safe unlinking and access permission protection ( by means of [ a memory protection unit . ] ) '' The Broadcom chipset contains an MPU , but the researcher found that it 's implemented in a way that effectively makes all memory readable , writeable , and executable . `` We can conveniently execute our code directly from the heap . '' He said that Broadcom has informed him that newer versions of the chipset implement the MPU more effectively and also add unspecified additional security mechanisms . Given the severity of the vulnerability , people with affectedVulnerability-related.DiscoverVulnerabilitydevices should installVulnerability-related.PatchVulnerabilitya patch as soon as it 's available . For those with vulnerable iPhones , that 's easy enough . As is all too often the case for Android users , there 's no easy way to getVulnerability-related.PatchVulnerabilitya fix immediately , if at all . That 's because Google continues to stagger the releaseVulnerability-related.PatchVulnerabilityof its monthly patch bundle for the minority of devices that are eligible to receive it . At the moment , it 's not clear if there are effective workarounds available for vulnerable devices . Turning off Wi-Fi is one possibility , but as revealed in recent research into an unrelated Wi-Fi-related weakness involving Android phones , devices often relay Wi-Fi frames even when Wi-Fi is turned off
Six months of relative quiet around exploit kits recently changed when a public proof-of-concept attack disclosedVulnerability-related.DiscoverVulnerabilityby a Texas startup was integrated into the Sundown Exploit Kit . The proof-of-concept exploit was developedVulnerability-related.DiscoverVulnerabilityby Theori , a research and development firm in Austin , which opened its doors last spring . The PoC targets two vulnerabilities , CVE-2016-7200 and CVE-2016-7201 , in Microsoft Edge that were patchedVulnerability-related.PatchVulnerabilityin November in MS16-129 and privately disclosedVulnerability-related.DiscoverVulnerabilityto Microsoft by Google Project Zero researcher Natalie Silvanovich . French researcher Kafeine said on Saturday that he had spotted weaponized versions of the Theori exploits in Sundown two days after they were made public . The payload is most likely the Zloader DLL injector , but Sundown has also moved other malware in the past including banking Trojans such as Zeus Panda and Dreambot , and even Bitcoin mining software . Kafeine said this is the first significant exploit kit activity he ’ s seen in six months . This is the second time a Theori proof-of-concept exploit has ended up in an exploit kit , Kafeine saidVulnerability-related.DiscoverVulnerability, harkening back to CVE-2016-0189 , which was patchedVulnerability-related.PatchVulnerabilityin May by Microsoft and yet eventually found its way into Neutrino , RIG , Sundown and Magnitude . Kafeine said he expects other exploit kits to quickly integrate this attack as well , but activity could be slowed by Christmas and New Year holidays in the West , and the recently concluded Russian holiday season . A request for comment from researchers at Theori was not returned in time for publication . In the Readme for the exploits posted to Github , Theori said its PoC was tested on the latest version of Edge running on Windows 10 . The vulnerabilities are in the Chakra JavaScript engine developed for Microsoft in Internet Explorer 9 . The Theori exploits trigger information leak and type confusion vulnerabilities in the browser , leading to remote code execution . The bugs were patchedVulnerability-related.PatchVulnerabilityNov. 8 by Microsoft in a cumulative update for the Edge browser ; Microsoft characterizedVulnerability-related.DiscoverVulnerabilitythem as memory corruption flaws and rated them both critical for Windows clients and moderate for Windows server . An attacker could also embed an ActiveX control marked ‘ safe for initialization ’ in an application or Microsoft Office document that hosts the Edge rendering engine . The integration of new exploits , however , has slowed significantly since the erasure of Angler and other popular kits from the underground . Angler ’ s disappearance coincided with the June arrests of 50 people in Russia allegedly connected to the development and distribution of the Lurk Trojan . Researchers at Kaspersky Lab who investigated the infrastructure supporting Lurk said there was little doubt that the criminals behind Lurk were also responsible for Angler ’ s constant development and profit-making . Since the end of the summer , however , exploit kit development has all but ended while attackers have returned to large-scale spamming campaigns and a resurgence of macro malware to move attacks along . “ Regarding the why , I don ’ t know for sure , ” Kafeine said . “ Either it ’ s harder to code those , [ or ] those who were providing fully working exploits ( for Angler for instance ) are not anymore into this . “ I think [ exploit kits ] have not been so far behind in years ” . Microsoft patchedVulnerability-related.PatchVulnerabilitythis on Nov 8th , bug the huge problem is that whenever you buy a new computer , it doesn ’ t come with that pacth… You have to run the updates once you set up the new computer . And from what I have been finding over the last 6 months , is that the moment you open a brand new laptop with windows 10 and start to try to update it , the vulnerability is wide open for attack . The WORST part is that if you are a regular person not knowing anything about security , and you set up windows 10 with the “ express settings ” the computer is setup to connect to any open wifi hotspot and Bluetooth devices ! So if you live in NYC or any heavy populated area , or your home wifi is already infected by Miria Botnet , you are screwed instantly… I have proof that it is happening to everyone and no one knows it . The internet is going to implode within the next 3-4 months and the government will have to shut it down .
U.S. intelligence agencies recently identified a Russian cybersecurity firm , which has expertise in testing the network vulnerabilities of the electrical grid , financial markets and other critical infrastructure , as having close ties to Moscow ’ s Federal Security Service , the civilian intelligence service . The relationship between the company and the FSB , as the spy agency is known , has heightened fears among U.S. cyberintelligence officials that Moscow is stepping up covert efforts to infiltrate computer networks that control critical U.S. infrastructure such as oil and gas pipelines and transportation . The Russian company is taking steps to open a U.S. branch office as part of the intelligence-gathering , said officials familiar with reports of the effort who spoke on background . Officials familiar with reports about the company did not identify it by name . However , security officials are quietly alerting government security officials and industry cybersecurity chiefs about the Russian firm and its covert plans for operations in the United States . The Russian firm is saidVulnerability-related.DiscoverVulnerabilityto have extensive technical experience in security vulnerabilities of supervisory control and data acquisition systems that are used to remotely control critical infrastructure . These systems are employed by both government and private-sector system controllers for equipment running water treatment and distribution , wastewater collection and treatment , oil and gas pipelines , electrical power grids , wind farms and large communication systems .
Updated An independent researcher claims to have uncoveredVulnerability-related.DiscoverVulnerabilitya security flaw in Microsoft Edge . The issue enables any website to identify someone by their username from another website , according to Ariel Zelivansky . More specifically the bod allegesVulnerability-related.DiscoverVulnerabilitythat Edge exposes the URL of any JavaScript Fetch response , in contradiction to the specification . This is a problem because it 's possible to identify netizens by crafting a fetch request in a webpage that will redirect to a URL containing the visitor 's username ( e.g . requesting https : //facebook.com/me will pull in https : //facebook.com/username ) . Zelivansky alertedVulnerability-related.DiscoverVulnerabilityMicrosoft but the software giant saidVulnerability-related.DiscoverVulnerabilitythe issue was not a security problem . El Reg also prodded Redmond only to be told the tech giant had nothing to add beyond its response to Zelivansky . The researcher went publicVulnerability-related.DiscoverVulnerabilitywith his findings and tipped off The Reg earlier this month after Redmond decided the issue didn't meritVulnerability-related.PatchVulnerabilitya security fix . The privacy shortcoming has spawned a discussion thread on Reddit . ® Despite Microsoft 's silence , it turns out the Windows giant has decided to assign an engineer to look into the matter – but it is still not being treated as a security vulnerability .
Updated WhatsApp ’ s end-to-end encryption can be potentially exploitedVulnerability-related.DiscoverVulnerabilityby determined snoops to intercept and read encrypted messages , it was claimedVulnerability-related.DiscoverVulnerabilitytoday . Essentially , if an attacker can reroute a redelivered encrypted message , it is possible to decrypt the text . Facebook-owned WhatsApp stressesVulnerability-related.DiscoverVulnerabilitythis is not a serious flaw nor a deliberate backdoor in its code . Users can detect and stop the surveillance , if it happens , by activating security notifications in the application 's settings . At the heart of the matter is the exchange of cryptographic keys when two people start chatting to each other : their public keys are sent through Facebook 's servers , and ideally the two people need to verify outside of WhatsApp that their keys have n't been tampered with during the handover . If it 's not possible to verify the keys , or there is n't an opportunity to verify the keys , you 're potentially open to man-in-the-middle surveillance . For example , a snooper could stop a WhatsApp message from being sent , take over the recipient 's phone number , trigger a public key exchange between the sender and the snooper 's handset that 's now using the recipient 's hijacked number , receive the redelivered text before the sender has a chance to verify the new public key , and decrypt the message they 're not supposed to read . This is non-trivial to exploit and rather easy to detect when it happens , rendering it pointless . The problem – which is `` endemic to public key cryptography '' – was raised in April last year , and at the time WhatsApp said it was n't a serious enough design flaw to spend time fixing . Now allegations that WhatsApp deliberate knackered its security have flared up again , this time reported in The Guardian . In response , the Facebook-owned messaging service said it designed its app to redeliver messages as described above to allow texts to be sent in parts of the world where people frequently swap devices and SIM cards . At WhatsApp , we ’ ve always believed that people ’ s conversations should be secure and private . Last year , we gave all our users a better level of security by making every message , photo , video , file and call end-to-end encrypted by default . As we introduce features like end-to-end encryption , we focus on keeping the product simple and take into consideration how it 's used every day around the world . In WhatsApp 's implementation of the Signal Protocol , we have a “ Show Security Notifications ” setting ( option under Settings > Account > Security ) that notifies you when a contact 's security code has changed . We know the most common reasons this happens are because someone has switched phones or reinstalled WhatsApp . This is because in many parts of the world , people frequently change devices and SIM cards . In these situations , we want to make sure people 's messages are delivered , not lost in transit . The alleged weakness in WhatsApp ’ s encryption system was documentedVulnerability-related.DiscoverVulnerabilityby Tobias Boelter , a cryptography and security researcher at the University of California , and brandedVulnerability-related.DiscoverVulnerabilitya `` backdoor '' today in The Grauniad . The paper fears governments can abuse the messenger app 's design , which is based on Open Whisper 's Signal protocol , to snoop on people 's conversations . Some infosec bods are critical of Facebook ’ s design decisions in rolling out its end-to-end encryption in WhatsApp . Neil Cook , chief security architect at Open-Xchange , commented : “ WhatsApp has already broken their promise not to share user data with Facebook , and now it seems that their promise of end-to-end encrypted messaging isn ’ t quite as secure as everyone had hoped , particularly given the involvement of Open Whisper Systems . It ’ s worth noting that this error in the encryption protocol is not present in Signal , so the team at WhatsApp have made the change intentionally ” . Matthew Aldridge , solutions architect at Webroot , added : “ This flaw allows Facebook/WhatsApp to intercept messages if they choose to , by having the sender ’ s software automatically flip across to a second encryption key . The functionality is designed to create a seamless user experience for users who have connectivity issues or drop offline for a time during a conversation , but it has resulted in a situation where it could be used to intercept messages by WhatsApp . For those sending highly sensitive messages , or simply looking to avoid this , you should switch on the key change warnings in settings , and always check that the two ticks appear after sending messages in an active conversation ” . Others fault Facebook for failing to respond quickly enough . Jacob Ginsberg , senior director at Echoworx , an expert in end-to-end messaging encryption , saidVulnerability-related.DiscoverVulnerability: “ The fact that Facebook has knownVulnerability-related.DiscoverVulnerabilityabout this vulnerability since April is doubly damming . Not only could this be seen by many as supporting on-going government data collection interventions , it means their talk of encryption and privacy has been nothing more than lip service . The company needs to actively address its security measures ” . ® In a follow-up statement , WhatsApp deniedVulnerability-related.DiscoverVulnerabilityaccusations that it had insertedVulnerability-related.DiscoverVulnerabilitywhat amounted to a backdoor in its messaging code : The Guardian postedVulnerability-related.DiscoverVulnerabilitya story this morning claimingVulnerability-related.DiscoverVulnerabilitythat an intentional design decision in WhatsApp that prevents people from losing millions of messages is a “ backdoor ” allowing governments to force WhatsApp to decrypt message streams . WhatsApp does not give governments a “ backdoor ” into its systems and would fight any government request to create a backdoor . The design decision referenced in the Guardian story prevents millions of messages from being lost , and WhatsApp offers people security notifications to alert them to potential security risks . WhatsApp published a technical white paper on its encryption design , and has been transparent about the government requests it receives , publishing data about those requests in the Facebook Government Requests Report .
A zero-day vulnerability exists inVulnerability-related.DiscoverVulnerabilityWordPress Core that in some instances could allow an attacker to reset a user ’ s password and gain access to their account . Researcher Dawid Golunski of Legal Hackers disclosedVulnerability-related.DiscoverVulnerabilitythe vulnerability on Wednesday via his new ExploitBox service . All versions of WordPress , including the latest , 4.7.4 , are vulnerableVulnerability-related.DiscoverVulnerability, the researcher said . The vulnerability ( CVE-2017-8295 ) happens because WordPress uses what Golunski calls untrusted data by default when it creates a password reset email . In a proof-of-concept writeup , Golunski points out that WordPress uses a variable , SERVER_NAME , to get the hostname to create a From/Return-Path header for the password reset email . Since that variable , by its nature , can be customized , an attacker could insert a domain of his choosing and make it so an outgoing email could be sent to a malicious address , the researcher says . The attacker would then receive the reset email and be able to change the account password and take over . “ Depending on the configuration of the mail server , it may result in an email that gets sent to the victim WordPress user with such malicious From/Return-Path address set in the email headers , ” Golunski wrote . “ This could possibly allow the attacker to intercept the email containing the password reset link in some cases requiring user interaction as well as without user interaction. ” Golunski writes that there are three scenarios in which a user could be trickedAttack.Phishing, and only one of them relies on user interaction . In one , an attacker could perform a denial of service attack on the victim ’ s email account in order to prevent the password reset email from reaching the victim ’ s account . Instead , it could bounce back to the malicious sender address , pointed at the attacker . Second , Golunski says some auto-responders may attach a copy of the email sent in the body of the auto-replied message . Third , by sending multiple password reset emails , he says the attacker could trigger the victim to ask for an explanation , below , which could contain the malicious password link . Golunski saidVulnerability-related.DiscoverVulnerabilityhe reportedVulnerability-related.DiscoverVulnerabilitythe issue to WordPress ’ s security team multiple times , initially more than 10 months ago in July 2016 . The researcher told Threatpost that WordPress never outright rejected his claim – he says WordPress told him it was working on the issue – but acknowledged that too much time has passed without a clear resolution , something which prompted him to release detailsVulnerability-related.DiscoverVulnerabilityon the bug on Wednesday . Campbell said that it ’ s possible WordPress will patchVulnerability-related.PatchVulnerabilitythe issue , even if just for poorly configured servers , but acknowledged he didn ’ t have a timetable for the fix . Concerned WordPress users should follow a public ticket that was started for the issue last July , Campbell added . While there ’ s no official fix availableVulnerability-related.PatchVulnerabilityyet , Golunski says users can enable the UseCanonicalName setting on Apache to enforce a static SERVER_NAME value to ensure it doesn ’ t get modified . Golunski has had his hands full findingVulnerability-related.DiscoverVulnerabilityvulnerabilities related to PHP-based email platforms . He discoveredVulnerability-related.DiscoverVulnerabilitya remote code execution bug in SquirrelMail in January that disclosedVulnerability-related.DiscoverVulnerabilityand quickly patchedVulnerability-related.PatchVulnerabilitylast month and similar RCE bugs in PHPMailer and SwiftMailer , libraries used to send emails via PHP , at the end of 2016 .
Details on serious vulnerabilities in a number of routers freely distributed by a major Thai ISP were published onVulnerability-related.DiscoverVulnerabilityMonday after private disclosuresVulnerability-related.DiscoverVulnerabilitymade to the vendors in July went unanswered . Researcher Pedro Ribeiro of Agile Information Security foundVulnerability-related.DiscoverVulnerabilityaccessible admin accounts and command injection vulnerabilities in ZyXel and Billion routers distributed by TrueOnline , Thailand ’ s largest broadband company . Ribeiro saidVulnerability-related.DiscoverVulnerabilityhe disclosedVulnerability-related.DiscoverVulnerabilitythe vulnerabilities through Beyond Security ’ s SecuriTeam Secure Disclosure Program , which contacted the affected vendors last July . Ribeiro publishedVulnerability-related.DiscoverVulnerabilitya proof of concept exploit yesterday as well . Ribeiro toldVulnerability-related.DiscoverVulnerabilityThreatpost he ’ s unsure whether TrueOnline introducedVulnerability-related.DiscoverVulnerabilitythe vulnerabilities as it adds its own customization to the routers , or whether they came from the respective manufacturers . A ZyXel representative told Threatpost the router models are no longer supported and would not comment on whether patches were being developedVulnerability-related.PatchVulnerability. A request for comment from Billion was not returned in time for publication . The commonality between the routers appears to be that they ’ re all based on the TC3162U system-on-a-chip manufactured by TrendChip . Affected routers are the ZyXel P660HN-T v1 and P660HN-T v2 , and Billion 5200 W-T , currently in distribution to TrueOnline customers . The TC3162U chips run two different firmware variants , one called “ ras ” which includes the Allegro RomPage webserver vulnerable to the Misfortne Cookie attacks , and the other called tclinux . The tclinux variant contains the vulnerabilities foundVulnerability-related.DiscoverVulnerabilityby Ribeiro , in particular several ASP files , he saidVulnerability-related.DiscoverVulnerability, are vulnerableVulnerability-related.DiscoverVulnerabilityto command injection attacks . He also cautions that they could be also vulnerable to Misfortune Cookie , but he did not investigate this possibility . “ It should be noted that tclinux contains files and configuration settings in other languages ( for example in Turkish ) . Therefore it is likely that these firmware versions are not specific to TrueOnline , and other ISP customised routers in other countries might also be vulnerable , ” Ribeiro said in his advisory . “ It is also possible that other brands and router models that use the tclinux variant are also affectedVulnerability-related.DiscoverVulnerabilityby the command injection vulnerabilities ( the default accounts are likely to be TrueOnline specific ) ” . In addition to Ribeiro ’ s proof-of-concept , Metasploit modules are availableVulnerability-related.DiscoverVulnerabilityfor three of the vulnerabilities . Most of the vulnerabilities can be exploitedVulnerability-related.DiscoverVulnerabilityremotely , some without authentication . “ These vulnerabilities are present in the web interface . The default credentials are part of the firmware deployed by TrueOnline and they are authorized to perform remote access over the WAN , ” Ribeiro said . “ Due to time and lab constraints I was unable to test whether these routers expose the web interface over the WAN , but given the credentials , it is likely ” . The ZyXel P660HN-T v1 router is vulnerableVulnerability-related.DiscoverVulnerabilityto an unauthenticated command injection attack that can be exploited remotely . Ribeiro saidVulnerability-related.DiscoverVulnerabilityhe foundVulnerability-related.DiscoverVulnerabilitythe vulnerability in the remote system log forwarding function , specifically in the ViewLog.asp page . V2 of the same router containsVulnerability-related.DiscoverVulnerabilitythe same vulnerability , but can not be exploitedVulnerability-related.DiscoverVulnerabilitywithout authentication , he said . “ Unlike in the P660HN-Tv1 , the injection is authenticated and in the logSet.asp page . However , this router contains a hardcoded supervisor password that can be used to exploit this vulnerability , ” Ribeiro said . “ The injection is in the logSet.asp page that sets up remote forwarding of syslog logs , and the parameter vulnerable to injection is the serverIP parameter ” . The Billion 5200W-T is also vulnerableVulnerability-related.DiscoverVulnerabilityto unauthenticated and authenticated command injection attacks ; the vulnerability was foundVulnerability-related.DiscoverVulnerabilityin its adv_remotelog.asp page . “ The Billion 5200W-T router also has several other command injections in its interface , depending on the firmware version , such as an authenticated command injection in tools_time.asp ( uiViewSNTPServer parameter ) , ” Ribeiro said . It should be noted that this router contains several hardcoded administrative accounts that can be used to exploit this vulnerability ” . Ribeiro said default and weak admin credentials were found on the all of the versions and were accessible remotely . The researcher said it ’ s unknown whether the routers can be patched remotely . “ Again , given the existence of default credentials that have remote access , it is likely that it is possible to update the firmware remotely , ” Ribeiro said . Most of iBall baton routers in India are also vulnerableVulnerability-related.DiscoverVulnerabilityto unauthenticated and authenticated command injection attack , i have reason to believe default and weak admin credentials are on the all of the versions and were accessible remotely . i Have I “ Ball WRA150N ” ADSL2+ iBall baton Router.And IBall is never accepting not even taking response to complains and request for latest firmware patches . ASUS patchedVulnerability-related.PatchVulnerabilitya bug that allowed attackers to pair two vulnerabilities to gain direct router access and execute commands as root . Thanks to Meltdown and Spectre , January has already been an extremely busy month of patchingVulnerability-related.PatchVulnerabilityfor Microsoft .
Details on serious vulnerabilities in a number of routers freely distributed by a major Thai ISP were published onVulnerability-related.DiscoverVulnerabilityMonday after private disclosuresVulnerability-related.DiscoverVulnerabilitymade to the vendors in July went unanswered . Researcher Pedro Ribeiro of Agile Information Security foundVulnerability-related.DiscoverVulnerabilityaccessible admin accounts and command injection vulnerabilities in ZyXel and Billion routers distributed by TrueOnline , Thailand ’ s largest broadband company . Ribeiro saidVulnerability-related.DiscoverVulnerabilityhe disclosedVulnerability-related.DiscoverVulnerabilitythe vulnerabilities through Beyond Security ’ s SecuriTeam Secure Disclosure Program , which contacted the affected vendors last July . Ribeiro publishedVulnerability-related.DiscoverVulnerabilitya proof of concept exploit yesterday as well . Ribeiro toldVulnerability-related.DiscoverVulnerabilityThreatpost he ’ s unsure whether TrueOnline introducedVulnerability-related.DiscoverVulnerabilitythe vulnerabilities as it adds its own customization to the routers , or whether they came from the respective manufacturers . A ZyXel representative told Threatpost the router models are no longer supported and would not comment on whether patches were being developedVulnerability-related.PatchVulnerability. A request for comment from Billion was not returned in time for publication . The commonality between the routers appears to be that they ’ re all based on the TC3162U system-on-a-chip manufactured by TrendChip . Affected routers are the ZyXel P660HN-T v1 and P660HN-T v2 , and Billion 5200 W-T , currently in distribution to TrueOnline customers . The TC3162U chips run two different firmware variants , one called “ ras ” which includes the Allegro RomPage webserver vulnerable to the Misfortne Cookie attacks , and the other called tclinux . The tclinux variant contains the vulnerabilities foundVulnerability-related.DiscoverVulnerabilityby Ribeiro , in particular several ASP files , he saidVulnerability-related.DiscoverVulnerability, are vulnerableVulnerability-related.DiscoverVulnerabilityto command injection attacks . He also cautions that they could be also vulnerable to Misfortune Cookie , but he did not investigate this possibility . “ It should be noted that tclinux contains files and configuration settings in other languages ( for example in Turkish ) . Therefore it is likely that these firmware versions are not specific to TrueOnline , and other ISP customised routers in other countries might also be vulnerable , ” Ribeiro said in his advisory . “ It is also possible that other brands and router models that use the tclinux variant are also affectedVulnerability-related.DiscoverVulnerabilityby the command injection vulnerabilities ( the default accounts are likely to be TrueOnline specific ) ” . In addition to Ribeiro ’ s proof-of-concept , Metasploit modules are availableVulnerability-related.DiscoverVulnerabilityfor three of the vulnerabilities . Most of the vulnerabilities can be exploitedVulnerability-related.DiscoverVulnerabilityremotely , some without authentication . “ These vulnerabilities are present in the web interface . The default credentials are part of the firmware deployed by TrueOnline and they are authorized to perform remote access over the WAN , ” Ribeiro said . “ Due to time and lab constraints I was unable to test whether these routers expose the web interface over the WAN , but given the credentials , it is likely ” . The ZyXel P660HN-T v1 router is vulnerableVulnerability-related.DiscoverVulnerabilityto an unauthenticated command injection attack that can be exploited remotely . Ribeiro saidVulnerability-related.DiscoverVulnerabilityhe foundVulnerability-related.DiscoverVulnerabilitythe vulnerability in the remote system log forwarding function , specifically in the ViewLog.asp page . V2 of the same router containsVulnerability-related.DiscoverVulnerabilitythe same vulnerability , but can not be exploitedVulnerability-related.DiscoverVulnerabilitywithout authentication , he said . “ Unlike in the P660HN-Tv1 , the injection is authenticated and in the logSet.asp page . However , this router contains a hardcoded supervisor password that can be used to exploit this vulnerability , ” Ribeiro said . “ The injection is in the logSet.asp page that sets up remote forwarding of syslog logs , and the parameter vulnerable to injection is the serverIP parameter ” . The Billion 5200W-T is also vulnerableVulnerability-related.DiscoverVulnerabilityto unauthenticated and authenticated command injection attacks ; the vulnerability was foundVulnerability-related.DiscoverVulnerabilityin its adv_remotelog.asp page . “ The Billion 5200W-T router also has several other command injections in its interface , depending on the firmware version , such as an authenticated command injection in tools_time.asp ( uiViewSNTPServer parameter ) , ” Ribeiro said . It should be noted that this router contains several hardcoded administrative accounts that can be used to exploit this vulnerability ” . Ribeiro said default and weak admin credentials were found on the all of the versions and were accessible remotely . The researcher said it ’ s unknown whether the routers can be patched remotely . “ Again , given the existence of default credentials that have remote access , it is likely that it is possible to update the firmware remotely , ” Ribeiro said . Most of iBall baton routers in India are also vulnerableVulnerability-related.DiscoverVulnerabilityto unauthenticated and authenticated command injection attack , i have reason to believe default and weak admin credentials are on the all of the versions and were accessible remotely . i Have I “ Ball WRA150N ” ADSL2+ iBall baton Router.And IBall is never accepting not even taking response to complains and request for latest firmware patches . ASUS patchedVulnerability-related.PatchVulnerabilitya bug that allowed attackers to pair two vulnerabilities to gain direct router access and execute commands as root . Thanks to Meltdown and Spectre , January has already been an extremely busy month of patchingVulnerability-related.PatchVulnerabilityfor Microsoft .
Details on serious vulnerabilities in a number of routers freely distributed by a major Thai ISP were published onVulnerability-related.DiscoverVulnerabilityMonday after private disclosuresVulnerability-related.DiscoverVulnerabilitymade to the vendors in July went unanswered . Researcher Pedro Ribeiro of Agile Information Security foundVulnerability-related.DiscoverVulnerabilityaccessible admin accounts and command injection vulnerabilities in ZyXel and Billion routers distributed by TrueOnline , Thailand ’ s largest broadband company . Ribeiro saidVulnerability-related.DiscoverVulnerabilityhe disclosedVulnerability-related.DiscoverVulnerabilitythe vulnerabilities through Beyond Security ’ s SecuriTeam Secure Disclosure Program , which contacted the affected vendors last July . Ribeiro publishedVulnerability-related.DiscoverVulnerabilitya proof of concept exploit yesterday as well . Ribeiro toldVulnerability-related.DiscoverVulnerabilityThreatpost he ’ s unsure whether TrueOnline introducedVulnerability-related.DiscoverVulnerabilitythe vulnerabilities as it adds its own customization to the routers , or whether they came from the respective manufacturers . A ZyXel representative told Threatpost the router models are no longer supported and would not comment on whether patches were being developedVulnerability-related.PatchVulnerability. A request for comment from Billion was not returned in time for publication . The commonality between the routers appears to be that they ’ re all based on the TC3162U system-on-a-chip manufactured by TrendChip . Affected routers are the ZyXel P660HN-T v1 and P660HN-T v2 , and Billion 5200 W-T , currently in distribution to TrueOnline customers . The TC3162U chips run two different firmware variants , one called “ ras ” which includes the Allegro RomPage webserver vulnerable to the Misfortne Cookie attacks , and the other called tclinux . The tclinux variant contains the vulnerabilities foundVulnerability-related.DiscoverVulnerabilityby Ribeiro , in particular several ASP files , he saidVulnerability-related.DiscoverVulnerability, are vulnerableVulnerability-related.DiscoverVulnerabilityto command injection attacks . He also cautions that they could be also vulnerable to Misfortune Cookie , but he did not investigate this possibility . “ It should be noted that tclinux contains files and configuration settings in other languages ( for example in Turkish ) . Therefore it is likely that these firmware versions are not specific to TrueOnline , and other ISP customised routers in other countries might also be vulnerable , ” Ribeiro said in his advisory . “ It is also possible that other brands and router models that use the tclinux variant are also affectedVulnerability-related.DiscoverVulnerabilityby the command injection vulnerabilities ( the default accounts are likely to be TrueOnline specific ) ” . In addition to Ribeiro ’ s proof-of-concept , Metasploit modules are availableVulnerability-related.DiscoverVulnerabilityfor three of the vulnerabilities . Most of the vulnerabilities can be exploitedVulnerability-related.DiscoverVulnerabilityremotely , some without authentication . “ These vulnerabilities are present in the web interface . The default credentials are part of the firmware deployed by TrueOnline and they are authorized to perform remote access over the WAN , ” Ribeiro said . “ Due to time and lab constraints I was unable to test whether these routers expose the web interface over the WAN , but given the credentials , it is likely ” . The ZyXel P660HN-T v1 router is vulnerableVulnerability-related.DiscoverVulnerabilityto an unauthenticated command injection attack that can be exploited remotely . Ribeiro saidVulnerability-related.DiscoverVulnerabilityhe foundVulnerability-related.DiscoverVulnerabilitythe vulnerability in the remote system log forwarding function , specifically in the ViewLog.asp page . V2 of the same router containsVulnerability-related.DiscoverVulnerabilitythe same vulnerability , but can not be exploitedVulnerability-related.DiscoverVulnerabilitywithout authentication , he said . “ Unlike in the P660HN-Tv1 , the injection is authenticated and in the logSet.asp page . However , this router contains a hardcoded supervisor password that can be used to exploit this vulnerability , ” Ribeiro said . “ The injection is in the logSet.asp page that sets up remote forwarding of syslog logs , and the parameter vulnerable to injection is the serverIP parameter ” . The Billion 5200W-T is also vulnerableVulnerability-related.DiscoverVulnerabilityto unauthenticated and authenticated command injection attacks ; the vulnerability was foundVulnerability-related.DiscoverVulnerabilityin its adv_remotelog.asp page . “ The Billion 5200W-T router also has several other command injections in its interface , depending on the firmware version , such as an authenticated command injection in tools_time.asp ( uiViewSNTPServer parameter ) , ” Ribeiro said . It should be noted that this router contains several hardcoded administrative accounts that can be used to exploit this vulnerability ” . Ribeiro said default and weak admin credentials were found on the all of the versions and were accessible remotely . The researcher said it ’ s unknown whether the routers can be patched remotely . “ Again , given the existence of default credentials that have remote access , it is likely that it is possible to update the firmware remotely , ” Ribeiro said . Most of iBall baton routers in India are also vulnerableVulnerability-related.DiscoverVulnerabilityto unauthenticated and authenticated command injection attack , i have reason to believe default and weak admin credentials are on the all of the versions and were accessible remotely . i Have I “ Ball WRA150N ” ADSL2+ iBall baton Router.And IBall is never accepting not even taking response to complains and request for latest firmware patches . ASUS patchedVulnerability-related.PatchVulnerabilitya bug that allowed attackers to pair two vulnerabilities to gain direct router access and execute commands as root . Thanks to Meltdown and Spectre , January has already been an extremely busy month of patchingVulnerability-related.PatchVulnerabilityfor Microsoft .
UPDATE At DEFCON 22 in 2014 , researchers demonstrated hacks against the Samsung Smartcam that allowed an attacker to remotely take over the device . Samsung ’ s reaction at the time was to remove the web interface enabling the attack rather than patch the code in question . The Exploitee.rs , formerly the GTVHacker group , said users weren ’ t pleased with the response and in turn , decided to take another crack at analyzingVulnerability-related.DiscoverVulnerabilitythe device for vulnerabilities . On Saturday , the group publicly disclosedVulnerability-related.DiscoverVulnerabilitya remote code execution bug it foundVulnerability-related.DiscoverVulnerabilityin the SNH-1011 Smartcam , and cautioned that it likely existsVulnerability-related.DiscoverVulnerabilityin all Samsung Smartcam devices . “ The vulnerability occursVulnerability-related.DiscoverVulnerabilitybecause of improper sanitization of the iWatch firmware update filename , ” the group wroteVulnerability-related.DiscoverVulnerabilityin a technical description of the vulnerability that also included a proof-of-concept exploit and instructions on how to patchVulnerability-related.PatchVulnerabilitythe flaw . “ A specially crafted request allows an attacker the ability to inject his own command providing the attacker remote root command execution ” . A request for comment from Samsung was not returned in time for publication . A Samsung contact told Threatpost that the vulnerability affectsVulnerability-related.DiscoverVulnerabilityonly the SNH-1011 model and it will be removedVulnerability-related.PatchVulnerabilityin an upcoming firmware update . The Exploitee.rs said they were motivated to look further at the cameras because of Samsung ’ s response to their first disclosureVulnerability-related.DiscoverVulnerability. “ This angered a number of users and crippled the device from being used in any DIY monitoring solutions . So , we decided to audit the device once more to see if there is a way we can give users back access to their cameras while at the same time verifying the security of the devices new firmware ” . The original response looks especially weak in a climate where connected devices are being especially scrutinized for their security . “ While this flaw by default would not directly allow attacks from the Internet suitable for something like Mirai , it would be pretty trivial to use CSRF to infect devices on home networks , ” Tripwire principal security researcher Craig Young said . “ It is always disappointing when a vendor eliminates features rather than fixingVulnerability-related.PatchVulnerabilityvulnerabilities as was the case in this camera ” . While the original issue from 2014 has been addressed , the Exploitee.rs wrote that what remains of the web interface includes a set of PHP scripts that allow the camera ’ s firmware to be updated through the iWatch webcam monitoring service . “ These scripts contain a command injection bug that can be leveraged for root remote command execution to an unprivileged user , ” they said . The researchers saidVulnerability-related.DiscoverVulnerabilitythe flaw in iWatch can be exploitedVulnerability-related.DiscoverVulnerabilitythrough a special filename stored in a tar command that is passed to a php system call . “ Because the web-server runs as root , the filename is user supplied , and the input is used without sanitization , we are able to inject our own commands within to achieve root remote command execution , ” they said . ASUS patchedVulnerability-related.PatchVulnerabilitya bug that allowed attackers to pair two vulnerabilities to gain direct router access and execute commands as root
Insecure backend databases and mobile apps are making for a dangerous combination , exposingAttack.Databreachan estimated 280 million records that include a treasure-trove of private user data . According to a report by Appthority , more than 1,000 apps it looked at on mobile devices leakedAttack.Databreachpersonally identifiable information that included passwords , location , VPN PINs , emails and phone numbers . Appthority Mobile Threat Team calledVulnerability-related.DiscoverVulnerabilitythe vulnerability HospitalGown and saidVulnerability-related.DiscoverVulnerabilitythe culprit behind the threat are misconfigured backend storage platforms including Elasticsearch , Redis , MongoDB and MySQL . “ HospitalGown is a vulnerability to data exposure caused , not by any code in the app , but by the app developers ’ failure to properly secure the backend servers with which the app communicates , ” wrote the authors of the report releasedVulnerability-related.DiscoverVulnerabilityWednesday . According to Seth Hardy , director of security research , the problem is a byproduct of insecure database instillations that made headlinesVulnerability-related.DiscoverVulnerabilityin February . That ’ s when misconfigured and insecure MongoDB , Hadoop and CouchDB installations became popular extortionAttack.Ransomtargets for hackers who were scanning for vulnerable servers to attack . The weak link in the chain when it comes to HospitalGown are the insecure servers that apps connect to , Hardy said . During the course of Appthority ’ s investigation , it foundVulnerability-related.DiscoverVulnerability21,000 open Elasticsearch servers , revealing more than 43 terabytes of exposed data . In one scenario , the attacker looks for vulnerabilities in the space between the vendor ’ s mobile application and the app ’ s server side components , according to researchers . “ The servers for most mobile applications are cloud based and accessible via the Internet , this allows a bad actor to skip the long and potentially many-layered ‘ compromise ’ stage of an attack , accessingAttack.Databreachcompany data directly from a database that is impossible for the enterprise to see or secure , ” they wrote . Researchers saidVulnerability-related.DiscoverVulnerabilityvulnerable mobile apps it foundVulnerability-related.DiscoverVulnerabilityran the gamut , from office productivity , enterprise access management , games , dating to travel , flight and hotel applications . Any personal identifiable data a user shared with the app was vulnerableVulnerability-related.DiscoverVulnerabilityto possible exfiltrationAttack.Databreachby a hacker . “ These servers were accessible from the Internet , lacked any means of authentication to prevent unwanted accessAttack.Databreachto the data they contained , and failed to secure transport of data , including PII , using HTTPS : conventions , ” according to the report . While this is a strictly a data security issue , Appthority saidVulnerability-related.DiscoverVulnerability, attacks can quickly escalate and personal information could easily be leveraged in a spear phishing attackAttack.Phishingor brute force attack . In its report , AppThority showed how a mobile VPN app called Pulse Workspace , used by enterprises , government agencies and service providers , leakedAttack.Databreachdata . While Pulse Workspace created an API to secure front-end Elasticsearch access , the backend , and all of the app ’ s data records , were exposed and leakedAttack.DatabreachPulse customer data . AppThority notifiedVulnerability-related.DiscoverVulnerabilityPulse Workspace and its customers of the vulnerability , which have since been fixedVulnerability-related.PatchVulnerability. Appthority is careful to point out that of the platforms it examined – Elasticsearch , Redis , MongoDB , and MySQL – each had plugins to allow for proper public exposure on the internet . “ Best practices on secure data stores is just not being adopted in too many cases , ” Hardy said . Elasticsearch , for example , has a bevy of security and data protection capabilities , such as being able to encrypt all the data that ’ s on the platform . Increasing the risk of HospitalGown type-attacks is that fact that many apps Appthority looked at seemed benign in terms of shared user data . But , increasingly apps have advertising components that collectAttack.Databreachpersonal identifiable data that can be mined by hackers for phishingAttack.Phishingor ransomware attacksAttack.Ransom. App developers and system administrators need to know where their data is stored and make sure it is secured , Hardy told Threatpost .
Insecure backend databases and mobile apps are making for a dangerous combination , exposingAttack.Databreachan estimated 280 million records that include a treasure-trove of private user data . According to a report by Appthority , more than 1,000 apps it looked at on mobile devices leakedAttack.Databreachpersonally identifiable information that included passwords , location , VPN PINs , emails and phone numbers . Appthority Mobile Threat Team calledVulnerability-related.DiscoverVulnerabilitythe vulnerability HospitalGown and saidVulnerability-related.DiscoverVulnerabilitythe culprit behind the threat are misconfigured backend storage platforms including Elasticsearch , Redis , MongoDB and MySQL . “ HospitalGown is a vulnerability to data exposure caused , not by any code in the app , but by the app developers ’ failure to properly secure the backend servers with which the app communicates , ” wrote the authors of the report releasedVulnerability-related.DiscoverVulnerabilityWednesday . According to Seth Hardy , director of security research , the problem is a byproduct of insecure database instillations that made headlinesVulnerability-related.DiscoverVulnerabilityin February . That ’ s when misconfigured and insecure MongoDB , Hadoop and CouchDB installations became popular extortionAttack.Ransomtargets for hackers who were scanning for vulnerable servers to attack . The weak link in the chain when it comes to HospitalGown are the insecure servers that apps connect to , Hardy said . During the course of Appthority ’ s investigation , it foundVulnerability-related.DiscoverVulnerability21,000 open Elasticsearch servers , revealing more than 43 terabytes of exposed data . In one scenario , the attacker looks for vulnerabilities in the space between the vendor ’ s mobile application and the app ’ s server side components , according to researchers . “ The servers for most mobile applications are cloud based and accessible via the Internet , this allows a bad actor to skip the long and potentially many-layered ‘ compromise ’ stage of an attack , accessingAttack.Databreachcompany data directly from a database that is impossible for the enterprise to see or secure , ” they wrote . Researchers saidVulnerability-related.DiscoverVulnerabilityvulnerable mobile apps it foundVulnerability-related.DiscoverVulnerabilityran the gamut , from office productivity , enterprise access management , games , dating to travel , flight and hotel applications . Any personal identifiable data a user shared with the app was vulnerableVulnerability-related.DiscoverVulnerabilityto possible exfiltrationAttack.Databreachby a hacker . “ These servers were accessible from the Internet , lacked any means of authentication to prevent unwanted accessAttack.Databreachto the data they contained , and failed to secure transport of data , including PII , using HTTPS : conventions , ” according to the report . While this is a strictly a data security issue , Appthority saidVulnerability-related.DiscoverVulnerability, attacks can quickly escalate and personal information could easily be leveraged in a spear phishing attackAttack.Phishingor brute force attack . In its report , AppThority showed how a mobile VPN app called Pulse Workspace , used by enterprises , government agencies and service providers , leakedAttack.Databreachdata . While Pulse Workspace created an API to secure front-end Elasticsearch access , the backend , and all of the app ’ s data records , were exposed and leakedAttack.DatabreachPulse customer data . AppThority notifiedVulnerability-related.DiscoverVulnerabilityPulse Workspace and its customers of the vulnerability , which have since been fixedVulnerability-related.PatchVulnerability. Appthority is careful to point out that of the platforms it examined – Elasticsearch , Redis , MongoDB , and MySQL – each had plugins to allow for proper public exposure on the internet . “ Best practices on secure data stores is just not being adopted in too many cases , ” Hardy said . Elasticsearch , for example , has a bevy of security and data protection capabilities , such as being able to encrypt all the data that ’ s on the platform . Increasing the risk of HospitalGown type-attacks is that fact that many apps Appthority looked at seemed benign in terms of shared user data . But , increasingly apps have advertising components that collectAttack.Databreachpersonal identifiable data that can be mined by hackers for phishingAttack.Phishingor ransomware attacksAttack.Ransom. App developers and system administrators need to know where their data is stored and make sure it is secured , Hardy told Threatpost .
Insecure backend databases and mobile apps are making for a dangerous combination , exposingAttack.Databreachan estimated 280 million records that include a treasure-trove of private user data . According to a report by Appthority , more than 1,000 apps it looked at on mobile devices leakedAttack.Databreachpersonally identifiable information that included passwords , location , VPN PINs , emails and phone numbers . Appthority Mobile Threat Team calledVulnerability-related.DiscoverVulnerabilitythe vulnerability HospitalGown and saidVulnerability-related.DiscoverVulnerabilitythe culprit behind the threat are misconfigured backend storage platforms including Elasticsearch , Redis , MongoDB and MySQL . “ HospitalGown is a vulnerability to data exposure caused , not by any code in the app , but by the app developers ’ failure to properly secure the backend servers with which the app communicates , ” wrote the authors of the report releasedVulnerability-related.DiscoverVulnerabilityWednesday . According to Seth Hardy , director of security research , the problem is a byproduct of insecure database instillations that made headlinesVulnerability-related.DiscoverVulnerabilityin February . That ’ s when misconfigured and insecure MongoDB , Hadoop and CouchDB installations became popular extortionAttack.Ransomtargets for hackers who were scanning for vulnerable servers to attack . The weak link in the chain when it comes to HospitalGown are the insecure servers that apps connect to , Hardy said . During the course of Appthority ’ s investigation , it foundVulnerability-related.DiscoverVulnerability21,000 open Elasticsearch servers , revealing more than 43 terabytes of exposed data . In one scenario , the attacker looks for vulnerabilities in the space between the vendor ’ s mobile application and the app ’ s server side components , according to researchers . “ The servers for most mobile applications are cloud based and accessible via the Internet , this allows a bad actor to skip the long and potentially many-layered ‘ compromise ’ stage of an attack , accessingAttack.Databreachcompany data directly from a database that is impossible for the enterprise to see or secure , ” they wrote . Researchers saidVulnerability-related.DiscoverVulnerabilityvulnerable mobile apps it foundVulnerability-related.DiscoverVulnerabilityran the gamut , from office productivity , enterprise access management , games , dating to travel , flight and hotel applications . Any personal identifiable data a user shared with the app was vulnerableVulnerability-related.DiscoverVulnerabilityto possible exfiltrationAttack.Databreachby a hacker . “ These servers were accessible from the Internet , lacked any means of authentication to prevent unwanted accessAttack.Databreachto the data they contained , and failed to secure transport of data , including PII , using HTTPS : conventions , ” according to the report . While this is a strictly a data security issue , Appthority saidVulnerability-related.DiscoverVulnerability, attacks can quickly escalate and personal information could easily be leveraged in a spear phishing attackAttack.Phishingor brute force attack . In its report , AppThority showed how a mobile VPN app called Pulse Workspace , used by enterprises , government agencies and service providers , leakedAttack.Databreachdata . While Pulse Workspace created an API to secure front-end Elasticsearch access , the backend , and all of the app ’ s data records , were exposed and leakedAttack.DatabreachPulse customer data . AppThority notifiedVulnerability-related.DiscoverVulnerabilityPulse Workspace and its customers of the vulnerability , which have since been fixedVulnerability-related.PatchVulnerability. Appthority is careful to point out that of the platforms it examined – Elasticsearch , Redis , MongoDB , and MySQL – each had plugins to allow for proper public exposure on the internet . “ Best practices on secure data stores is just not being adopted in too many cases , ” Hardy said . Elasticsearch , for example , has a bevy of security and data protection capabilities , such as being able to encrypt all the data that ’ s on the platform . Increasing the risk of HospitalGown type-attacks is that fact that many apps Appthority looked at seemed benign in terms of shared user data . But , increasingly apps have advertising components that collectAttack.Databreachpersonal identifiable data that can be mined by hackers for phishingAttack.Phishingor ransomware attacksAttack.Ransom. App developers and system administrators need to know where their data is stored and make sure it is secured , Hardy told Threatpost .
There are plenty of examples of why organizations need to update technology and apply patches . It is taking advantage of outdated versions of applications such as Flash , Internet Explorer , or Microsoft Edge to distribute the Cerber ransomware , researchers saidVulnerability-related.DiscoverVulnerability. The attack leverages malicious domains to launch drive-by attacks against unsuspecting visitors and preys on their failure to update applications in a timely manner , said Andra Zaharia , a security evangelist at Heimdal Security , in a blog post . As long as they use outdated browsers or plugins that containVulnerability-related.DiscoverVulnerabilityknown vulnerabilities , they are likely to end up infected with malware . Only outdated versions of Flash Player , Silverlight , Internet Explorer and Microsoft Edge are the focus of the attack , Zaharia saidVulnerability-related.DiscoverVulnerability. RIG exploits one of eight vulnerabilities , including CVE-2015-8651 ( CVSS Score : 9.1 ) , CVE-2015-5122 ( CVSS Score : 10 , affects nearly 100 Flash versions ) , CVE-2016-4117 ( CVSS Score : 10 ) , CVE-2016-1019 ( CVSS Score : 10 ) , CVE-2016-7200 and CVE-2016-7201 ( both CVSS Score : 7.6 , affecting Microsoft Edge ) , CVE-2016-3298 ( CVSS Score : 3.6 , affects Internet Explorer versions 9 , 10 , 11 ) , and CVE-2016-0034 ( CVSS Score : 9.3 ) . After compromising a user ’ s computer , the exploit kit proceeds to downloading and installing the Cerber ransomware , one of the most prolific threats last year . The malware encrypts a user ’ s files and demands a ransomAttack.Ransomfor the decryption key . Zaharia said the one thing users must do to ensure increased protection is to keep their software updated at all times . Applying security updates in a timely manner is at the heart of prevention when it comes to exploit kit attacks .