. The attack leverages malicious domains to launch drive-by attacks against unsuspecting visitors and preys on their failure to update applications in a timely manner , said Andra Zaharia , a security evangelist at Heimdal Security , in a blog post . As long as they use outdated browsers or plugins that containVulnerability-related.DiscoverVulnerabilityknown vulnerabilities , they are likely to end up infected with malware . Only outdated versions of Flash Player , Silverlight , Internet Explorer and Microsoft Edge are the focus of the attack , Zaharia saidVulnerability-related.DiscoverVulnerability. RIG exploits one of eight vulnerabilities , including CVE-2015-8651 ( CVSS Score : 9.1 ) , CVE-2015-5122 ( CVSS Score : 10 , affects nearly 100 Flash versions ) , CVE-2016-4117 ( CVSS Score : 10 ) , CVE-2016-1019 ( CVSS Score : 10 ) , CVE-2016-7200 and CVE-2016-7201 ( both CVSS Score : 7.6 , affecting Microsoft Edge ) , CVE-2016-3298 ( CVSS Score : 3.6 , affects Internet Explorer versions 9 , 10 , 11 ) , and CVE-2016-0034 ( CVSS Score : 9.3 ) . After compromising a user ’ s computer , the exploit kit proceeds to downloading and installing the Cerber ransomware , one of the most prolific threats last year . The malware encrypts a user ’ s files and demands a ransomAttack.Ransomfor the decryption key . Zaharia said the one thing users must do to ensure increased protection is to keep their software updated at all times . Applying security updates in a timely manner is at the heart of prevention when it comes to exploit kit attacks .
Developers are once again being blamedVulnerability-related.DiscoverVulnerabilityfor cloud back-end security vulnerabilities , this time in a new reportVulnerability-related.DiscoverVulnerabilityfrom Appthority . The company published investigation results that found nearly 43 TB of enterprise data was exposedAttack.Databreachon cloud back-ends , including personally identifiable information ( PII ) . This comes just shortly after a similar report from a different security company . In the new `` 2017 Q2 Enterprise Mobile Threat Report '' report ( free upon providing registration info ) , Appthority found `` data leakageAttack.Databreach`` from mobile apps that send data to unsecured cloud back-ends . While security concerns typically focus on a triad of other factors -- apps , device threats and network threats -- this data leakageAttack.Databreachon the back-end was dubbed the `` HospitalGown '' threat because of that garment 's open back-end . `` In total , we foundVulnerability-related.DiscoverVulnerabilityalmost 43 TB of data exposedAttack.Databreachand 1,000 apps affectedVulnerability-related.DiscoverVulnerabilityby the HospitalGown vulnerability , '' Appthority saidVulnerability-related.DiscoverVulnerabilityin a blog post last week . `` Looking at a subset of 39 apps , we still found 280 million records exposedAttack.Databreach, a total of about 163 GB of data . This is a staggering amount of leaked information , and in some cases represents the entirety of customer or operational data for an enterprise . '' The reportVulnerability-related.DiscoverVulnerabilityechoes the findings of an earlier reportVulnerability-related.DiscoverVulnerabilityby RedLock Inc. , which revealedVulnerability-related.DiscoverVulnerabilitymany security issues primarily caused by user misconfigurations on public cloud platforms . RedLock claimed it found 82 percent of hosted databases remain unencrypted , among many other problems . As with the RedLock reportVulnerability-related.DiscoverVulnerability, developers were blamedVulnerability-related.DiscoverVulnerabilityfor the HospitalGown vulnerabilities. `` HospitalGown is a vulnerability to data exposure caused , not by any code in the app , but by the app developers ' failure to properly secure the back-end ( hence its name ) servers with which the app communicates and where sensitive data is stored , '' Appthority said . Unsecured Elasticsearch servers and MongoDB databases were prime targets of a series of ransomware attacksAttack.Ransomearlier this year that generated widespread publicity in the security field . However , that publicity apparently was n't enough to significantly alleviate the issue . `` As our findings show , weakly secured back-ends in apps used by employees , partners and customers create a range of security risks including extensive data leaksAttack.Databreachof personally identifiable information ( PII ) and other sensitive data , '' the report states . `` They also significantly increase the risk of spear phishingAttack.Phishing, brute force login , social engineering , data ransomAttack.Ransom, and other attacks . And , HospitalGown makes data accessAttack.Databreachand exfiltrationAttack.Databreachfar easier than other types of attacks . '' Key findings of the report as listed by the company include : Affected apps are connecting to unsecured data stores on popular enterprise services , such as Elasticsearch and MySQL , which are leakingAttack.Databreachlarge amounts of sensitive data . Apps using just one of these services revealed almost 43TB of exposed data . Multiple affected apps leakedAttack.Databreachsome form of PII , including passwords , location , travel and payment details , corporate profile data ( including employees ' VPN PINs , emails , phone numbers ) , and retail customer data . Enterprise security teams do not have visibility into the risk due to the risk 's location in the mobile app vendor 's architecture stack . In multiple cases , data has already been accessedAttack.Databreachby unauthorized individuals and ransomedAttack.Ransom. Even apps that have been removed from devices and the app stores still pose an exposureAttack.Databreachrisk due to the sensitive data that remains stored on unsecured servers . The company saidVulnerability-related.DiscoverVulnerabilityits Mobile Threat Team identifiedVulnerability-related.DiscoverVulnerabilitythe HospitalGown vulnerabilities with a combination of its dynamic app analysis tool and a new back-end scanning method , looking at the network traffic on more than 1 million enterprise mobile apps , both iOS and Android . As with the misconfiguration problems identifiedVulnerability-related.DiscoverVulnerabilityin the RedLock reportVulnerability-related.DiscoverVulnerability, Appthority emphasizedVulnerability-related.DiscoverVulnerabilitythat all cases of HospitalGown vulnerabilities were caused by human errors , not malicious intent or inherent infrastructure problems . That human error was especially prevalent in two app implementations investigated by Appthority : Pulse Workspace ( for accessing enterprise network and Web applications ) and Jacto apps ( from an agricultural machinery company ) .
Developers are once again being blamedVulnerability-related.DiscoverVulnerabilityfor cloud back-end security vulnerabilities , this time in a new reportVulnerability-related.DiscoverVulnerabilityfrom Appthority . The company published investigation results that found nearly 43 TB of enterprise data was exposedAttack.Databreachon cloud back-ends , including personally identifiable information ( PII ) . This comes just shortly after a similar report from a different security company . In the new `` 2017 Q2 Enterprise Mobile Threat Report '' report ( free upon providing registration info ) , Appthority found `` data leakageAttack.Databreach`` from mobile apps that send data to unsecured cloud back-ends . While security concerns typically focus on a triad of other factors -- apps , device threats and network threats -- this data leakageAttack.Databreachon the back-end was dubbed the `` HospitalGown '' threat because of that garment 's open back-end . `` In total , we foundVulnerability-related.DiscoverVulnerabilityalmost 43 TB of data exposedAttack.Databreachand 1,000 apps affectedVulnerability-related.DiscoverVulnerabilityby the HospitalGown vulnerability , '' Appthority saidVulnerability-related.DiscoverVulnerabilityin a blog post last week . `` Looking at a subset of 39 apps , we still found 280 million records exposedAttack.Databreach, a total of about 163 GB of data . This is a staggering amount of leaked information , and in some cases represents the entirety of customer or operational data for an enterprise . '' The reportVulnerability-related.DiscoverVulnerabilityechoes the findings of an earlier reportVulnerability-related.DiscoverVulnerabilityby RedLock Inc. , which revealedVulnerability-related.DiscoverVulnerabilitymany security issues primarily caused by user misconfigurations on public cloud platforms . RedLock claimed it found 82 percent of hosted databases remain unencrypted , among many other problems . As with the RedLock reportVulnerability-related.DiscoverVulnerability, developers were blamedVulnerability-related.DiscoverVulnerabilityfor the HospitalGown vulnerabilities. `` HospitalGown is a vulnerability to data exposure caused , not by any code in the app , but by the app developers ' failure to properly secure the back-end ( hence its name ) servers with which the app communicates and where sensitive data is stored , '' Appthority said . Unsecured Elasticsearch servers and MongoDB databases were prime targets of a series of ransomware attacksAttack.Ransomearlier this year that generated widespread publicity in the security field . However , that publicity apparently was n't enough to significantly alleviate the issue . `` As our findings show , weakly secured back-ends in apps used by employees , partners and customers create a range of security risks including extensive data leaksAttack.Databreachof personally identifiable information ( PII ) and other sensitive data , '' the report states . `` They also significantly increase the risk of spear phishingAttack.Phishing, brute force login , social engineering , data ransomAttack.Ransom, and other attacks . And , HospitalGown makes data accessAttack.Databreachand exfiltrationAttack.Databreachfar easier than other types of attacks . '' Key findings of the report as listed by the company include : Affected apps are connecting to unsecured data stores on popular enterprise services , such as Elasticsearch and MySQL , which are leakingAttack.Databreachlarge amounts of sensitive data . Apps using just one of these services revealed almost 43TB of exposed data . Multiple affected apps leakedAttack.Databreachsome form of PII , including passwords , location , travel and payment details , corporate profile data ( including employees ' VPN PINs , emails , phone numbers ) , and retail customer data . Enterprise security teams do not have visibility into the risk due to the risk 's location in the mobile app vendor 's architecture stack . In multiple cases , data has already been accessedAttack.Databreachby unauthorized individuals and ransomedAttack.Ransom. Even apps that have been removed from devices and the app stores still pose an exposureAttack.Databreachrisk due to the sensitive data that remains stored on unsecured servers . The company saidVulnerability-related.DiscoverVulnerabilityits Mobile Threat Team identifiedVulnerability-related.DiscoverVulnerabilitythe HospitalGown vulnerabilities with a combination of its dynamic app analysis tool and a new back-end scanning method , looking at the network traffic on more than 1 million enterprise mobile apps , both iOS and Android . As with the misconfiguration problems identifiedVulnerability-related.DiscoverVulnerabilityin the RedLock reportVulnerability-related.DiscoverVulnerability, Appthority emphasizedVulnerability-related.DiscoverVulnerabilitythat all cases of HospitalGown vulnerabilities were caused by human errors , not malicious intent or inherent infrastructure problems . That human error was especially prevalent in two app implementations investigated by Appthority : Pulse Workspace ( for accessing enterprise network and Web applications ) and Jacto apps ( from an agricultural machinery company ) .
A breach of the Clash of Clans creator has exposed credentials for forum users . Supercell , the force behind that popular mobile game and others , saidVulnerability-related.DiscoverVulnerabilitythat a vulnerability in the software it uses to run its forums allowed third-party hackers to gain illegal access to some forum user information , including a number of emails and encrypted passwords . To provide its forum service , it uses software from vbulletin.com . The company said that its preliminary investigation suggests that the breach happened in September 2016—and that it has since been fixed . “ We take any such breaches very seriously and we follow very strict policies when it comes to security , ” Supercell said in a statement . “ Please note that this breach only affects our Forum service . Game accounts have not been affected. ” Avast Threat Labs senior malware analyst Jan Sirmer commented via email on the danger of attacks like these . “ The forum administrators in this case do bear some responsibility—the vBulletin software being used to host the Supercell forum was out-of-date , and it ’ s up to the administrators to keep software like that up-to-date , ” he said . “ Online gamers are vulnerable to these kind of hacks because they provide their data to third parties—but the same is true for everyone who uses any online service. ” Users should change the password they ’ re using on the forum as soon as possible , along with the password in any other systems they ’ re using with the same login . “ The information the hackers obtainedAttack.Databreachcan either be used by the hackers themselves or sold on the darknet for other hackers to abuse , ” Sirmir said . “ As many people use the same login credentials to log in to online services , hackers try to use login credentials they get to gain accessAttack.Databreachinto other accounts . ”
The industrial company on Tuesday releasedVulnerability-related.PatchVulnerabilitymitigations for eight vulnerabilities overall . Siemens AG on Tuesday issuedVulnerability-related.PatchVulnerabilitya slew of fixes addressingVulnerability-related.PatchVulnerabilityeight vulnerabilities spanning its industrial product lines . The most serious of the patched flaws include a cross-site scripting vulnerability in Siemens ’ SCALANCE firewall product . The flaw could allow an attacker to gain unauthorized accessAttack.Databreachto industrial networks and ultimately put operations and production at risk . The SCALANCE S firewall is used to protect secure industrial networks from untrusted network traffic , and allows filtering incoming and outgoing network connections in different ways . Siemens S602 , S612 , S623 , S627-2M SCALANCE devices with software versions prior to V4.0.1.1 are impactedVulnerability-related.DiscoverVulnerability. Researchers with Applied Risk , who discoveredVulnerability-related.DiscoverVulnerabilitythe flaw , saidVulnerability-related.DiscoverVulnerabilitythat vulnerability exists inVulnerability-related.DiscoverVulnerabilitythe web server of the firewall software . An attacker can carry out the attack by craftingAttack.Phishinga malicious link and trickingAttack.Phishingan administrator – who is logged into the web server – to click that link . Once an admin does so , the attacker can execute commands on the web server , on the administrator ’ s behalf . “ The integrated web server allows a cross-site scripting attack if an administrator is misledAttack.Phishinginto accessing a malicious link , ” Applied Risk researcher Nelson Berg said inVulnerability-related.DiscoverVulnerabilityan analysisVulnerability-related.DiscoverVulnerabilityof the flaw . “ Successful exploitation may lead to the ability to bypass critical security measures provided by the firewall. ” Exploitation of this vulnerability could ultimately enable threat actors to bypass critical security functions provided by the firewall , potentially providing access to industrial networks and putting operations and production at risk . The vulnerability , CVE-2018-16555 , has a CVSS score which Applied Risk researcher calculatesVulnerability-related.DiscoverVulnerabilityto be 8.2 ( or high severity ) . That said , researchers saidVulnerability-related.DiscoverVulnerabilitya successful exploit is not completely seamless and takes some time and effort to carry out – for an attacker to exploit the flaw , user interaction is required and the administrator must be logged into the web interface . Researchers saidVulnerability-related.DiscoverVulnerabilitythat no exploit of the vulnerability has been discoveredVulnerability-related.DiscoverVulnerabilitythus far . Siemens addressedVulnerability-related.PatchVulnerabilitythe reported vulnerability by releasingVulnerability-related.PatchVulnerabilitya software update ( V4.0.1.1 ) and also advised customers to “ only access links from trusted sources in the browser you use to access the SCALANCE S administration website. ” The industrial company also releasedVulnerability-related.PatchVulnerabilityan array of fixes for other vulnerabilities on Tuesday . Overall , eight advisories were released by the US CERT . Another serious vulnerability ( CVE-2018-16556 ) addressedVulnerability-related.PatchVulnerabilitywas an improper input validation flaw in certain Siemens S7-400 CPUs . Successful exploitation of these vulnerabilities could crash the device being accessed which may require a manual reboot or firmware re-image to bring the system back to normal operation , according to the advisory . “ Specially crafted packets sent to Port 102/TCP via Ethernet interface , via PROFIBUS , or via multi-point interfaces ( MPI ) could cause the affected devices to go into defect mode . Manual reboot is required to resume normal operation , ” according to US Cert . An improper access control vulnerability that is exploitableVulnerability-related.DiscoverVulnerabilityremotely in Siemens IEC 61850 system configurator , DIGSI 5 , DIGSI 4 , SICAM PAS/PQS , SICAM PQ Analyzer , and SICAM SCC , was also mitigatedVulnerability-related.PatchVulnerability. The vulnerability , CVE-2018-4858 , has a CVSS of 4.2 and exists inVulnerability-related.DiscoverVulnerabilitya service of the affected products listening on all of the host ’ s network interfaces on either Port 4884/TCP , Port 5885/TCP , or Port 5886/TCP . The service could allow an attacker to either exfiltrateAttack.Databreachlimited data from the system or execute code with Microsoft Windows user permissions . Also mitigatedVulnerability-related.PatchVulnerabilitywere an improper authentication vulnerability ( CVE-2018-13804 ) in SIMATIC IT Production Suite and a code injection vulnerability ( CVE-2018-13814 ) in SIMATIC Panels and SIMATIC WinCC that could allow an attacker with network access to the web server to perform a HTTP header injection attack .
The industrial company on Tuesday releasedVulnerability-related.PatchVulnerabilitymitigations for eight vulnerabilities overall . Siemens AG on Tuesday issuedVulnerability-related.PatchVulnerabilitya slew of fixes addressingVulnerability-related.PatchVulnerabilityeight vulnerabilities spanning its industrial product lines . The most serious of the patched flaws include a cross-site scripting vulnerability in Siemens ’ SCALANCE firewall product . The flaw could allow an attacker to gain unauthorized accessAttack.Databreachto industrial networks and ultimately put operations and production at risk . The SCALANCE S firewall is used to protect secure industrial networks from untrusted network traffic , and allows filtering incoming and outgoing network connections in different ways . Siemens S602 , S612 , S623 , S627-2M SCALANCE devices with software versions prior to V4.0.1.1 are impactedVulnerability-related.DiscoverVulnerability. Researchers with Applied Risk , who discoveredVulnerability-related.DiscoverVulnerabilitythe flaw , saidVulnerability-related.DiscoverVulnerabilitythat vulnerability exists inVulnerability-related.DiscoverVulnerabilitythe web server of the firewall software . An attacker can carry out the attack by craftingAttack.Phishinga malicious link and trickingAttack.Phishingan administrator – who is logged into the web server – to click that link . Once an admin does so , the attacker can execute commands on the web server , on the administrator ’ s behalf . “ The integrated web server allows a cross-site scripting attack if an administrator is misledAttack.Phishinginto accessing a malicious link , ” Applied Risk researcher Nelson Berg said inVulnerability-related.DiscoverVulnerabilityan analysisVulnerability-related.DiscoverVulnerabilityof the flaw . “ Successful exploitation may lead to the ability to bypass critical security measures provided by the firewall. ” Exploitation of this vulnerability could ultimately enable threat actors to bypass critical security functions provided by the firewall , potentially providing access to industrial networks and putting operations and production at risk . The vulnerability , CVE-2018-16555 , has a CVSS score which Applied Risk researcher calculatesVulnerability-related.DiscoverVulnerabilityto be 8.2 ( or high severity ) . That said , researchers saidVulnerability-related.DiscoverVulnerabilitya successful exploit is not completely seamless and takes some time and effort to carry out – for an attacker to exploit the flaw , user interaction is required and the administrator must be logged into the web interface . Researchers saidVulnerability-related.DiscoverVulnerabilitythat no exploit of the vulnerability has been discoveredVulnerability-related.DiscoverVulnerabilitythus far . Siemens addressedVulnerability-related.PatchVulnerabilitythe reported vulnerability by releasingVulnerability-related.PatchVulnerabilitya software update ( V4.0.1.1 ) and also advised customers to “ only access links from trusted sources in the browser you use to access the SCALANCE S administration website. ” The industrial company also releasedVulnerability-related.PatchVulnerabilityan array of fixes for other vulnerabilities on Tuesday . Overall , eight advisories were released by the US CERT . Another serious vulnerability ( CVE-2018-16556 ) addressedVulnerability-related.PatchVulnerabilitywas an improper input validation flaw in certain Siemens S7-400 CPUs . Successful exploitation of these vulnerabilities could crash the device being accessed which may require a manual reboot or firmware re-image to bring the system back to normal operation , according to the advisory . “ Specially crafted packets sent to Port 102/TCP via Ethernet interface , via PROFIBUS , or via multi-point interfaces ( MPI ) could cause the affected devices to go into defect mode . Manual reboot is required to resume normal operation , ” according to US Cert . An improper access control vulnerability that is exploitableVulnerability-related.DiscoverVulnerabilityremotely in Siemens IEC 61850 system configurator , DIGSI 5 , DIGSI 4 , SICAM PAS/PQS , SICAM PQ Analyzer , and SICAM SCC , was also mitigatedVulnerability-related.PatchVulnerability. The vulnerability , CVE-2018-4858 , has a CVSS of 4.2 and exists inVulnerability-related.DiscoverVulnerabilitya service of the affected products listening on all of the host ’ s network interfaces on either Port 4884/TCP , Port 5885/TCP , or Port 5886/TCP . The service could allow an attacker to either exfiltrateAttack.Databreachlimited data from the system or execute code with Microsoft Windows user permissions . Also mitigatedVulnerability-related.PatchVulnerabilitywere an improper authentication vulnerability ( CVE-2018-13804 ) in SIMATIC IT Production Suite and a code injection vulnerability ( CVE-2018-13814 ) in SIMATIC Panels and SIMATIC WinCC that could allow an attacker with network access to the web server to perform a HTTP header injection attack .
The industrial company on Tuesday releasedVulnerability-related.PatchVulnerabilitymitigations for eight vulnerabilities overall . Siemens AG on Tuesday issuedVulnerability-related.PatchVulnerabilitya slew of fixes addressingVulnerability-related.PatchVulnerabilityeight vulnerabilities spanning its industrial product lines . The most serious of the patched flaws include a cross-site scripting vulnerability in Siemens ’ SCALANCE firewall product . The flaw could allow an attacker to gain unauthorized accessAttack.Databreachto industrial networks and ultimately put operations and production at risk . The SCALANCE S firewall is used to protect secure industrial networks from untrusted network traffic , and allows filtering incoming and outgoing network connections in different ways . Siemens S602 , S612 , S623 , S627-2M SCALANCE devices with software versions prior to V4.0.1.1 are impactedVulnerability-related.DiscoverVulnerability. Researchers with Applied Risk , who discoveredVulnerability-related.DiscoverVulnerabilitythe flaw , saidVulnerability-related.DiscoverVulnerabilitythat vulnerability exists inVulnerability-related.DiscoverVulnerabilitythe web server of the firewall software . An attacker can carry out the attack by craftingAttack.Phishinga malicious link and trickingAttack.Phishingan administrator – who is logged into the web server – to click that link . Once an admin does so , the attacker can execute commands on the web server , on the administrator ’ s behalf . “ The integrated web server allows a cross-site scripting attack if an administrator is misledAttack.Phishinginto accessing a malicious link , ” Applied Risk researcher Nelson Berg said inVulnerability-related.DiscoverVulnerabilityan analysisVulnerability-related.DiscoverVulnerabilityof the flaw . “ Successful exploitation may lead to the ability to bypass critical security measures provided by the firewall. ” Exploitation of this vulnerability could ultimately enable threat actors to bypass critical security functions provided by the firewall , potentially providing access to industrial networks and putting operations and production at risk . The vulnerability , CVE-2018-16555 , has a CVSS score which Applied Risk researcher calculatesVulnerability-related.DiscoverVulnerabilityto be 8.2 ( or high severity ) . That said , researchers saidVulnerability-related.DiscoverVulnerabilitya successful exploit is not completely seamless and takes some time and effort to carry out – for an attacker to exploit the flaw , user interaction is required and the administrator must be logged into the web interface . Researchers saidVulnerability-related.DiscoverVulnerabilitythat no exploit of the vulnerability has been discoveredVulnerability-related.DiscoverVulnerabilitythus far . Siemens addressedVulnerability-related.PatchVulnerabilitythe reported vulnerability by releasingVulnerability-related.PatchVulnerabilitya software update ( V4.0.1.1 ) and also advised customers to “ only access links from trusted sources in the browser you use to access the SCALANCE S administration website. ” The industrial company also releasedVulnerability-related.PatchVulnerabilityan array of fixes for other vulnerabilities on Tuesday . Overall , eight advisories were released by the US CERT . Another serious vulnerability ( CVE-2018-16556 ) addressedVulnerability-related.PatchVulnerabilitywas an improper input validation flaw in certain Siemens S7-400 CPUs . Successful exploitation of these vulnerabilities could crash the device being accessed which may require a manual reboot or firmware re-image to bring the system back to normal operation , according to the advisory . “ Specially crafted packets sent to Port 102/TCP via Ethernet interface , via PROFIBUS , or via multi-point interfaces ( MPI ) could cause the affected devices to go into defect mode . Manual reboot is required to resume normal operation , ” according to US Cert . An improper access control vulnerability that is exploitableVulnerability-related.DiscoverVulnerabilityremotely in Siemens IEC 61850 system configurator , DIGSI 5 , DIGSI 4 , SICAM PAS/PQS , SICAM PQ Analyzer , and SICAM SCC , was also mitigatedVulnerability-related.PatchVulnerability. The vulnerability , CVE-2018-4858 , has a CVSS of 4.2 and exists inVulnerability-related.DiscoverVulnerabilitya service of the affected products listening on all of the host ’ s network interfaces on either Port 4884/TCP , Port 5885/TCP , or Port 5886/TCP . The service could allow an attacker to either exfiltrateAttack.Databreachlimited data from the system or execute code with Microsoft Windows user permissions . Also mitigatedVulnerability-related.PatchVulnerabilitywere an improper authentication vulnerability ( CVE-2018-13804 ) in SIMATIC IT Production Suite and a code injection vulnerability ( CVE-2018-13814 ) in SIMATIC Panels and SIMATIC WinCC that could allow an attacker with network access to the web server to perform a HTTP header injection attack .
Commonly used office printers and multi-function devices can be exploitedVulnerability-related.DiscoverVulnerabilityto leak information and execute code , presenting multiple attack vectors that are often overlooked , a security researcher has foundVulnerability-related.DiscoverVulnerability. Jens Müller from the Ruhr-Universität Bochum in Germany publishedVulnerability-related.DiscoverVulnerabilitymultiple advisories on vulnerabilities that he had discoveredVulnerability-related.DiscoverVulnerabilityas part of his Master 's degree thesis on the security of printers . The vulnerabilites stem from vendors not separating page description languages such as PostScript and PJL/PCL used to generate the output from printer control . `` Potentially harmful commands can be executed by anyone who has the right to print , '' Müller said . Müller outlined multiple attacks on his Hacking Printers wiki , ranging from accessing print jobs to credentials disclosure and bypassing device security , and included proofs of concept . HP LaserJet 1200 , 4200N and 4250N as well as Dell 3130cn and Samsung Multipress 6345N have a vulnerableVulnerability-related.DiscoverVulnerabilityline printer daemon ( LPD ) service that can not handle usernames with 150 or more characters . Sending a long username to the LPD service on the above devices crashes the printer , requiring manual restart to bring it back up . Müller saidVulnerability-related.DiscoverVulnerabilitywith correct shellcode and return address , the vulnerability could be used for remote code execution . More printers than the above are likely to be vulnerable , he said . It is even possible to launch denial of service attacks against printers that support PJL , and permanently damage the non-volatile random access memory ( NVRAM ) that is used to persistently store settings for the devices , Müller found . He tested the NVRAM destruction attack on printers from Brother , Konica Minolta , Lexmark , Dell and HP , and verified that they are vulnerableVulnerability-related.DiscoverVulnerability. Printers can be attacked via networks or USB interfaces .
A longtime Debian developer has recommendedVulnerability-related.DiscoverVulnerabilitythat the Cryptkeeper Linux encryption app be removed from the distribution . The advice came after the disclosureVulnerability-related.DiscoverVulnerabilityof a bug where the app sets the universal password “ p ” to decrypt any directory created with the program . Simon McVittie , a programmer at Collabora , confirmed the findingsVulnerability-related.DiscoverVulnerabilityof researcher Kirill Tkhai , who disclosedVulnerability-related.DiscoverVulnerabilitythe bug Jan. 26 . McVittie saidVulnerability-related.DiscoverVulnerabilityhe was able to reproduce the bug in the Stretch version ( Debian 9 , in testing ) , but not in the Jessie version ( Debian 8 ) . “ I have recommended that the release team remove this package from stretch : it currently gives a false sense of security that is worse than not encrypting at all , ” McVittie said in responseVulnerability-related.DiscoverVulnerabilityto the original bug report . Francesco Namuri , another Debian developer , agreed the Cryptkeeper packages should be yanked from Debian . Tkhai ’ s advisory said Cryptkeeper version 0.9.5-5.1 is affected . The problem appears when Cryptkeeper calls encfs , a command line interface for the encrypted file system . Encfs simulates a ‘ p ’ keystroke but the uses it instead as a universal password .
Will Strafach , CEO of Sudo Security Group , saidVulnerability-related.DiscoverVulnerabilityhe foundVulnerability-related.DiscoverVulnerability76 iOS apps that are vulnerableVulnerability-related.DiscoverVulnerabilityto an attack that can intercept protected data . TLS is used to secure an app ’ s communication over an internet connection . Without it , a hacker can essentially eavesdrop over a network to spy on whatever data the app sends , such as login information . “ This sort of attack can be conducted by any party within Wi-Fi range of your device while it is in use , ” Strafach said . “ This can be anywhere in public , or even within your home if an attacker can get within close range ” . Strafach discoveredVulnerability-related.DiscoverVulnerabilitythe vulnerability in the 76 apps by scanning them with his company-developed security service , verify.ly , which he 's promoting . It flagged “ hundreds of applications ” with a high likelihood of data interception . He ’ s so far confirmedVulnerability-related.DiscoverVulnerabilitythat these 76 apps possess the vulnerability . He did so by running them on an iPhone running iOS 10 and using a proxy to insert an invalid TLS certificate into the connection . Strafach declaredVulnerability-related.DiscoverVulnerabilitythat 43 of the apps were either a high or medium risk , because they risked exposing login information and authentication tokens . Some of them are from “ banks , medical providers , and other developers of sensitive applications , ” he said . He 's not disclosingVulnerability-related.DiscoverVulnerabilitytheir names , to give them time to patchVulnerability-related.PatchVulnerabilitythe problem . The remaining 33 apps were deemed low risks because they revealed only partially sensitive data , such as email addresses . They include the free messaging service ooVoo , video uploaders to Snapchat and lesser-known music streaming services , among many others . In all , the 76 apps have 18 million downloads , according to app market tracker Apptopia , Strafach said . It ’ ll be up to the app developers to fixVulnerability-related.PatchVulnerabilitythe problem , but it only involves changing a few lines of code , says Strafach , who ’ s been trying to contact the developers . He included some warnings for developers in the blog post . “ Be extremely careful when inserting network-related code and changing application behaviors , ” he wrote . “ Many issues like this arise from an application developer not fully understanding the code they ’ ve borrowed from the web ” . Users of affected apps can protect themselves by turning off the Wi-Fi when in a public location , Strafach says . That will force the phone to use a cellular connection to the internet , making it much harder for any hacker to eavesdrop unless they use expensive and illegal equipment , Strafach said
Robots with inadequate security could be hacked and cause physical harm or be used to spy on unsuspecting owners in the near future . Researchers at IOActive Labs released a reportVulnerability-related.DiscoverVulnerabilityWednesday warning that consumer , industrial and service robots in use today have serious security vulnerabilities making them easy targets for hackers or accidental breaches . In a review of 10 robots , which ranged from home , business , and industrial , IOActive saidVulnerability-related.DiscoverVulnerabilitythe risks ranged from insecure communications , authentication issues , weak cryptography and missing authorization . Cesar Cerrudo , CTO of IOActive Labs , said robots suffer from many of the same security shortcomings of as IoT , medical devices , smart cars and plush toys . “ We foundVulnerability-related.DiscoverVulnerabilitynearly 50 cybersecurity vulnerabilities in the robot ecosystem components , many of which were common problems , ” according to the IOActive Labs reportVulnerability-related.DiscoverVulnerability. As part of its investigation , IOActive analyzed some robot hardware as well as robot ecosystems . Some of the robots examined included SoftBank Robotics ’ NAO and Pepper robots , UBTECH Robotics ’ Alpha 1S and Alpha 2 robots and Rethink Robotics ’ Baxter and Sawyer robots . Underlying issues within the robots studied for the report , Cerrudo saidVulnerability-related.DiscoverVulnerability, included weak default configurations , a big security problem responsible for privacy breaches and DDoS attacks in other internet-connected devices . “ We foundVulnerability-related.DiscoverVulnerabilityrobots with insecure features that couldn ’ t be easily disabled or protected , as well as features with default passwords that were either difficult to change or could not be changed at all , ” according to the report . In a closer examination of the robot ecosystems , IOActive Labs saidVulnerability-related.DiscoverVulnerabilitymany of the robot platforms it analyzedVulnerability-related.DiscoverVulnerabilityuse open source frameworks and libraries that suffer from known vulnerabilities such as cleartext communication , authentication issues , and weak authorization schemes . “ In the robotics community , it seems common to share software frameworks , libraries , operating systems , etc. , for robot development and programming . This isn ’ t bad if the software is secure ; unfortunately , this isn ’ t the case here , ” according to IOActive Labs . Cerrudo said the threat of robots is unique in that many are semiautonomous and can wander and impact their immediate physical environment . “ The threat is limited today , compared to what robots will be capable of in the future , ” he said . Robot components such as microphones , cameras , network connectivity , remote control applications and mobility features that help robots navigate physical environments need better security , Cerrudo said . “ A hacked autonomous robot can move around as long as its battery continues to provide power . This allows hackers to control an ‘ insider threat ’ and stealAttack.Databreachinformation or cause harm to nearby objects or people , ” according to the report . When asked , Cerrudo could not point to any known cases of a hacked robot causing personal harm or posing a security risk . Nevertheless , he cited several robot-related accidents that he said demonstrate potential risks posed by a hacked robot . In one case cited by IOActive Labs , a woman was killed in an industrial accident in 2015 in Alabama when an industrial robot restarted abruptly . It cited additional loss of life incidents tied to robotic functions within computerized medical and military equipment . “ We aren ’ t aware of any robots that have been hacked . But security of the robots we tested are very poor . Eventually in the future , when robots are more mainstream , we expect cybercriminals will start seeing hacking robots as a way to make money , ” said Lucas Apa , senior security consultant with IOActive Labs . That timeline of mass robot adoption is still a little foggy , according to Apa . According to market research firm IDC , worldwide spending on robots will reach $ 188 billion by 2020 , up from $ 91.5 billion in 2016 . According to IDC many of those robots will include consumer , industrial , and service robots for industries such as healthcare and retail . “ The industry doesn ’ t appear to learn from it ’ s mistakes , ” Cerrudo said .
Robots with inadequate security could be hacked and cause physical harm or be used to spy on unsuspecting owners in the near future . Researchers at IOActive Labs released a reportVulnerability-related.DiscoverVulnerabilityWednesday warning that consumer , industrial and service robots in use today have serious security vulnerabilities making them easy targets for hackers or accidental breaches . In a review of 10 robots , which ranged from home , business , and industrial , IOActive saidVulnerability-related.DiscoverVulnerabilitythe risks ranged from insecure communications , authentication issues , weak cryptography and missing authorization . Cesar Cerrudo , CTO of IOActive Labs , said robots suffer from many of the same security shortcomings of as IoT , medical devices , smart cars and plush toys . “ We foundVulnerability-related.DiscoverVulnerabilitynearly 50 cybersecurity vulnerabilities in the robot ecosystem components , many of which were common problems , ” according to the IOActive Labs reportVulnerability-related.DiscoverVulnerability. As part of its investigation , IOActive analyzed some robot hardware as well as robot ecosystems . Some of the robots examined included SoftBank Robotics ’ NAO and Pepper robots , UBTECH Robotics ’ Alpha 1S and Alpha 2 robots and Rethink Robotics ’ Baxter and Sawyer robots . Underlying issues within the robots studied for the report , Cerrudo saidVulnerability-related.DiscoverVulnerability, included weak default configurations , a big security problem responsible for privacy breaches and DDoS attacks in other internet-connected devices . “ We foundVulnerability-related.DiscoverVulnerabilityrobots with insecure features that couldn ’ t be easily disabled or protected , as well as features with default passwords that were either difficult to change or could not be changed at all , ” according to the report . In a closer examination of the robot ecosystems , IOActive Labs saidVulnerability-related.DiscoverVulnerabilitymany of the robot platforms it analyzedVulnerability-related.DiscoverVulnerabilityuse open source frameworks and libraries that suffer from known vulnerabilities such as cleartext communication , authentication issues , and weak authorization schemes . “ In the robotics community , it seems common to share software frameworks , libraries , operating systems , etc. , for robot development and programming . This isn ’ t bad if the software is secure ; unfortunately , this isn ’ t the case here , ” according to IOActive Labs . Cerrudo said the threat of robots is unique in that many are semiautonomous and can wander and impact their immediate physical environment . “ The threat is limited today , compared to what robots will be capable of in the future , ” he said . Robot components such as microphones , cameras , network connectivity , remote control applications and mobility features that help robots navigate physical environments need better security , Cerrudo said . “ A hacked autonomous robot can move around as long as its battery continues to provide power . This allows hackers to control an ‘ insider threat ’ and stealAttack.Databreachinformation or cause harm to nearby objects or people , ” according to the report . When asked , Cerrudo could not point to any known cases of a hacked robot causing personal harm or posing a security risk . Nevertheless , he cited several robot-related accidents that he said demonstrate potential risks posed by a hacked robot . In one case cited by IOActive Labs , a woman was killed in an industrial accident in 2015 in Alabama when an industrial robot restarted abruptly . It cited additional loss of life incidents tied to robotic functions within computerized medical and military equipment . “ We aren ’ t aware of any robots that have been hacked . But security of the robots we tested are very poor . Eventually in the future , when robots are more mainstream , we expect cybercriminals will start seeing hacking robots as a way to make money , ” said Lucas Apa , senior security consultant with IOActive Labs . That timeline of mass robot adoption is still a little foggy , according to Apa . According to market research firm IDC , worldwide spending on robots will reach $ 188 billion by 2020 , up from $ 91.5 billion in 2016 . According to IDC many of those robots will include consumer , industrial , and service robots for industries such as healthcare and retail . “ The industry doesn ’ t appear to learn from it ’ s mistakes , ” Cerrudo said .
Robots with inadequate security could be hacked and cause physical harm or be used to spy on unsuspecting owners in the near future . Researchers at IOActive Labs released a reportVulnerability-related.DiscoverVulnerabilityWednesday warning that consumer , industrial and service robots in use today have serious security vulnerabilities making them easy targets for hackers or accidental breaches . In a review of 10 robots , which ranged from home , business , and industrial , IOActive saidVulnerability-related.DiscoverVulnerabilitythe risks ranged from insecure communications , authentication issues , weak cryptography and missing authorization . Cesar Cerrudo , CTO of IOActive Labs , said robots suffer from many of the same security shortcomings of as IoT , medical devices , smart cars and plush toys . “ We foundVulnerability-related.DiscoverVulnerabilitynearly 50 cybersecurity vulnerabilities in the robot ecosystem components , many of which were common problems , ” according to the IOActive Labs reportVulnerability-related.DiscoverVulnerability. As part of its investigation , IOActive analyzed some robot hardware as well as robot ecosystems . Some of the robots examined included SoftBank Robotics ’ NAO and Pepper robots , UBTECH Robotics ’ Alpha 1S and Alpha 2 robots and Rethink Robotics ’ Baxter and Sawyer robots . Underlying issues within the robots studied for the report , Cerrudo saidVulnerability-related.DiscoverVulnerability, included weak default configurations , a big security problem responsible for privacy breaches and DDoS attacks in other internet-connected devices . “ We foundVulnerability-related.DiscoverVulnerabilityrobots with insecure features that couldn ’ t be easily disabled or protected , as well as features with default passwords that were either difficult to change or could not be changed at all , ” according to the report . In a closer examination of the robot ecosystems , IOActive Labs saidVulnerability-related.DiscoverVulnerabilitymany of the robot platforms it analyzedVulnerability-related.DiscoverVulnerabilityuse open source frameworks and libraries that suffer from known vulnerabilities such as cleartext communication , authentication issues , and weak authorization schemes . “ In the robotics community , it seems common to share software frameworks , libraries , operating systems , etc. , for robot development and programming . This isn ’ t bad if the software is secure ; unfortunately , this isn ’ t the case here , ” according to IOActive Labs . Cerrudo said the threat of robots is unique in that many are semiautonomous and can wander and impact their immediate physical environment . “ The threat is limited today , compared to what robots will be capable of in the future , ” he said . Robot components such as microphones , cameras , network connectivity , remote control applications and mobility features that help robots navigate physical environments need better security , Cerrudo said . “ A hacked autonomous robot can move around as long as its battery continues to provide power . This allows hackers to control an ‘ insider threat ’ and stealAttack.Databreachinformation or cause harm to nearby objects or people , ” according to the report . When asked , Cerrudo could not point to any known cases of a hacked robot causing personal harm or posing a security risk . Nevertheless , he cited several robot-related accidents that he said demonstrate potential risks posed by a hacked robot . In one case cited by IOActive Labs , a woman was killed in an industrial accident in 2015 in Alabama when an industrial robot restarted abruptly . It cited additional loss of life incidents tied to robotic functions within computerized medical and military equipment . “ We aren ’ t aware of any robots that have been hacked . But security of the robots we tested are very poor . Eventually in the future , when robots are more mainstream , we expect cybercriminals will start seeing hacking robots as a way to make money , ” said Lucas Apa , senior security consultant with IOActive Labs . That timeline of mass robot adoption is still a little foggy , according to Apa . According to market research firm IDC , worldwide spending on robots will reach $ 188 billion by 2020 , up from $ 91.5 billion in 2016 . According to IDC many of those robots will include consumer , industrial , and service robots for industries such as healthcare and retail . “ The industry doesn ’ t appear to learn from it ’ s mistakes , ” Cerrudo said .
Having had more than a week to digest Cloudbleed ’ s causes and impact , Cloudflare CEO Matthew Prince assessed the damage yesterday in a lengthy post-mortem as relatively low . Prince saidVulnerability-related.DiscoverVulnerabilitythere is no evidence the vulnerability , which leaked customer data from memory , was exploitedVulnerability-related.DiscoverVulnerabilityby attackers . The bug , however , was triggered more than 1.2 million times from 6,500 sites that met the criteria under which it could be exploitedVulnerability-related.DiscoverVulnerability. In the meantime , Cloudflare continues to work with Google and other search engine providers to scrub cached sites that could contain any leaked data from memory . “ We ’ ve successfully removed more than 80,000 unique cached pages . That underestimates the total number because we ’ ve requested search engines purge and recrawl entire sites in some instances , ” Prince said . Prince said leaksAttack.Databreachhave included internal Cloudflare headers and customer cookies , but no evidence of passwords , encryption keys , payment card data or health records among the leaksAttack.Databreach. The vulnerability was privately disclosedVulnerability-related.DiscoverVulnerabilityFeb 17 by Google Project Zero researcher Tavis Ormandy , who reported that he did see crypto keys , passwords , POST data and HTTPS requests for other Cloudflare-hosted sites among data from other requests . Ormandy initially said in a tweet that Cloudflare was leakingAttack.Databreachcustomer HTTPS sessions for Uber , FitBit , OKCupid and others , all of which said the impact of Cloudbleed on their data was minimal . “ While the bug was very bad and had the potential to be much worse , ” Prince said . Prince explained that the bug was triggered only when a webpage moving through the Cloudflare network contained HTML ending with an un-terminated attribute , and if a number of Cloudflare features were turned on . Those features hand in hand with a Cloudflare stream parser used to scan and modify content in real time such as rewriting HTTP links to HTTPS—a feature called Automatic HTTPS Rewrites—or hiding email addresses on a page from spammers—a feature called Email Address Obfuscation . The need to end with an un-terminated attribute was key . “ When a page for a particular customer is being parsed it is stored in memory on one of the servers that is a part of our infrastructure . Contents of the other customers ’ requests are also in adjacent portions of memory on Cloudflare ’ s servers , ” Prince said . “ The bug caused the parser , when it encountered un-terminated attribute at the end of a page , to not stop when it reached the end of the portion of memory for the particular page being parsed . Instead , the parser continued to read from adjacent memory , which contained data from other customers ’ requests . The contents of that adjacent memory were then dumpedAttack.Databreachonto the page with the flawed HTML ” . Anyone accessing one of those pages would see the memory dump , looking a lot like random text , below , Prince said . An attacker would need to pound one of those sites with numerous requests to trigger the bug and then record the results , getting a mix of useless data and sensitive information , Prince said . “ The nightmare scenario we have been worried about is if a hacker had been aware of the bug and had been quietly mining data before we were notifiedVulnerability-related.DiscoverVulnerabilityby Google ’ s Project Zero team and were able to patchVulnerability-related.PatchVulnerabilityit , ” Prince said . “ For the last 12 days we ’ ve been reviewing our logs to see if there ’ s any evidence to indicate that a hacker was exploitingVulnerability-related.DiscoverVulnerabilitythe bug before it was patchedVulnerability-related.PatchVulnerability. We ’ ve found nothing so far to indicate that was the case ” . Prince said Cloudflare customers who find any leaked cached data can send a link to the caches to parserbug @ cloudflare [ . ] com . Over 2,000 WordPress sites are infected as part of a keylogger campaign that leverages an old malicious script .