Another critical security hole has been found Vulnerability-related.DiscoverVulnerability in Apache Struts 2 , requiring an immediate update . The vulnerability – CVE-2018-11776 – affects Vulnerability-related.DiscoverVulnerability core code and allows miscreants to pull off remote code execution against vulnerable servers and websites . It affects Vulnerability-related.DiscoverVulnerability all versions of Struts 2 , the popular open-source framework for Java web apps . The Apache Software Foundation has `` urgently advised '' anyone using Struts to update Vulnerability-related.PatchVulnerability to the latest version immediately , noting that the last time a critical hole was found Vulnerability-related.DiscoverVulnerability , the holes were being exploited Vulnerability-related.DiscoverVulnerability in the wild just a day later . In other words , if you delay in patching Vulnerability-related.PatchVulnerability , your organization will be compromised in short order via this bug , if you are running vulnerable systems . It was that earlier flaw that led to a nightmare data breach Attack.Databreach from credit company Equifax after it failed to patch Vulnerability-related.PatchVulnerability swiftly enough . The details of nearly 150 million people were exposed Attack.Databreach , costing the company more than $ 600m , so this is not something to be taken lightly . The company that discovered Vulnerability-related.DiscoverVulnerability the vulnerability – Semmle Security Research Team – warns that this latest one is actually worse that the one last year , which it also found Vulnerability-related.DiscoverVulnerability . It has published a blog post with more information . Semmle found Vulnerability-related.DiscoverVulnerability the hole back in April and reported Vulnerability-related.DiscoverVulnerability it to Apache , which put out Vulnerability-related.PatchVulnerability a patch in June that it has now pulled Vulnerability-related.PatchVulnerability into formal updates ( 2.3.35 for those using version 2.3 and 2.5.17 for those on 2.5 ) . As mentioned , the vulnerability is in the core code and does n't require additional plugins to work . It is caused by insufficient validation of untrusted user data in the core of the Struts framework , and can be exploited in several different ways . Semmle says it has identified two different vectors but warns there may be others . Since it can be used remotely and due to the fact that Struts is typically used to create applications that are on the public internet , hackers are going to be especially focused on exploiting it so they can gain access to corporate networks . And there are some big targets out there : Apache Struts is extremely common with most large corporations using it somewhere in their systems for web apps . Semmle 's VP of engineering , Pavel Avgustinov , had this to say about the hole on Wednesday this week : `` Critical remote code execution vulnerabilities like the one that affected Vulnerability-related.DiscoverVulnerability Equifax and the one we announced today are incredibly dangerous for several reasons : Struts is used for publicly-accessible customer-facing websites , vulnerable systems are easily identified , and the flaw is easy to exploit Vulnerability-related.DiscoverVulnerability . A hacker can find their way in within minutes , and exfiltrate Attack.Databreach data or stage further attacks from the compromised system . It ’ s crucially important to update affected systems immediately ; to wait is to take an irresponsible risk . '' This is very far from the first time that big security holes have been found Vulnerability-related.DiscoverVulnerability in Struts , leading some to recommend that people simply stop using it .

A flaw in Safari – that allows an attacker to spoof Attack.Phishing websites and trick Attack.Phishing victims into handing over their credentials – has yet to be patched Vulnerability-related.PatchVulnerability . A browser address bar spoofing flaw was found Vulnerability-related.DiscoverVulnerability by researchers this week in Safari – and Apple has yet issue Vulnerability-related.PatchVulnerability a patch for the flaw . Researcher Rafay Baloch on Monday disclosed Vulnerability-related.DiscoverVulnerability two proof-of-concepts revealing Vulnerability-related.DiscoverVulnerability how vulnerabilities in Edge browser 42.17134.1.0 and Safari iOS 11.3.1 could be abused to manipulate the browsers ’ address bars , tricking victims into thinking they are visiting a legitimate website . Baloch told Threatpost Wednesday that Apple has promised to fix Vulnerability-related.PatchVulnerability the flaw in its next security update for Safari . “ Apple has told [ me ] that the latest beta of iOS 12 also addresses Vulnerability-related.PatchVulnerability the issue , however they haven ’ t provided any dates , ” he said . Apple did not respond to multiple requests for comment from Threatpost . Microsoft for its part has fixed Vulnerability-related.PatchVulnerability the vulnerability Baloch found Vulnerability-related.DiscoverVulnerability in the Edge browser , ( CVE-2018-8383 ) in its August Patch Tuesday release . According to Microsoft ’ s vulnerability advisory released Vulnerability-related.PatchVulnerability August 14 , the spoofing flaw exists because Edge does not properly parse HTTP content . Both flaws stem from the Edge and Safari browsers allowing JavaScript to update the address bar while the page is still loading . This means that an attacker could request data from a non-existent port and , due to the delay induced by the setInterval function , trigger the address bar spoofing . The browser would then preserve the address bar and load the content from the spoofed page , Baloch said in his blog breaking down both vulnerabilities . From there , the attacker could spoof Attack.Phishing the website , using it to lure Attack.Phishing in victims and potentially gather credentials or spread malware . For instance , the attacker could send Attack.Phishing an email message containing the specially crafted URL to the user , convince the user to click it , and take them to the link which could gather their credentials or sensitive information . “ As per Google , Address bar is the only reliable indicator for ensuring the identity of the website , if the Address bar points to Facebook.com and the content is hosted on attacker ’ s website , there is no reason why someone would not fall for this , ” Baloch told Threatpost . In a video demonstration , Baloch showed how he could visit a link for the vulnerable browser on Edge ( http : //sh3ifu [ . ] com/bt/Edge-Spoof.html ) , which would take him to a site purporting to be Attack.Phishing Gmail login . However , while the URL points to a Gmail address , the content is hosted on sh3ifu.com , said Baloch . The Safari proof-of-concept is similar , except for one constraint where it does not allow users to type their information into the input boxes while the page is in a loading state . However , Bolach said he was able to circumvent this restriction by injecting a fake keyboard using Javascript – a common practice in banking sites . No other browsers – including Chrome or Firefox – were discovered Vulnerability-related.DiscoverVulnerability to have the flaw , said Baloch . Baloch is known for discovering Vulnerability-related.DiscoverVulnerability similar vulnerabilities in Chrome , Firefox and other major browsers in 2016 , which also allowed attackers to spoof URLs in the address bar . The vulnerabilities were disclosed Vulnerability-related.DiscoverVulnerability to both Microsoft and Apple and Baloch gave both a 90-day deadline before he went public Vulnerability-related.DiscoverVulnerability with the flaws . Due to the Safari browser bug being unpatched Vulnerability-related.PatchVulnerability , Baloch said he has not yet released a Proof of Concept : “ However considering there is a slight difference between the Edge browser POC and Safari , anyone with decent knowledge of Javascript can make it work on Safari , ” he told us .

A flaw in certificate pinning exposed customers of a number of high-profile banks to man-in-the-middle attacks on both iOS and Android devices . A vulnerability in the mobile apps of major banks could have allowed attackers to steal Attack.Databreach customers ' credentials including usernames , passwords , and pin codes , according to researchers . The flaw was found Vulnerability-related.DiscoverVulnerability in apps by HSBC , NatWest , Co-op , Santander , and Allied Irish bank . The banks in question have now all updated Vulnerability-related.PatchVulnerability their apps to protect against the flaw . Uncovered Vulnerability-related.DiscoverVulnerability by researchers in the Security and Privacy Group at the University of Birmingham , the vulnerability allows an attacker who is on the same network as the victim to perform a man-in-the-middle attack and steal information . The vulnerability lay in Vulnerability-related.DiscoverVulnerability the certificate pinning technology , a security mechanism used to prevent impersonation attacks and use of fraudulent certificates by only accepting certificates signed by a single pinned CA root certificate . While certificate pinning usually improves security , a tool developed by the researchers to perform semi-automated security-testing of mobile apps found that a flaw in the technology meant standard tests failed to detect attackers trying to take control of a victim 's online banking . As a result , certificate pinning can hide the lack of proper hostname verification , enabling man-in-the-middle attacks . The findings have been outlined Vulnerability-related.DiscoverVulnerability in a research paper and presented Vulnerability-related.DiscoverVulnerability at the Annual Computer Security Applications Conference in Orlando , Florida . The tool was run on 400 security critical apps in total , leading to the discovery Vulnerability-related.DiscoverVulnerability of the flaw . Tests found Vulnerability-related.DiscoverVulnerability apps from some of the largest banks contained the flaw which , if exploited Vulnerability-related.DiscoverVulnerability , could have enabled attackers to decrypt , view , and even modify network traffic from users of the app . That could allow them to view information entered and perform any operation that app can usually perform -- such as making payments or transferring of funds . Other attacks allowed hackers to perform in-app phishing attacks Attack.Phishing against Santander and Allied Irish bank users , allowing attackers to take over part of the screen while the app was running and steal Attack.Databreach the entered credentials . The researchers have worked with the National Cyber Security Centre and all the banks involved to fix Vulnerability-related.PatchVulnerability the vulnerabilities , noting that the current version of all the apps affected Vulnerability-related.DiscoverVulnerability by the pinning vulnerability are now secure . A University of Birmingham spokesperson told ZDNet all the banks were highly cooperative : `` once this was flagged to them they did work with the team to amend it swiftly . ''

IBM has withdrawn Vulnerability-related.PatchVulnerability a patch for a significant security vulnerability in its WebSphere Application Server after the code knackered some systems . Just this week , Big Blue said it is working on Vulnerability-related.PatchVulnerability a new fix for CVE-2018-1567 , a remote-code execution vulnerability in versions 9.0 , 8.5 , 8.0 , and 7.0 of the platform . According to IBM , the vulnerability would potentially allow an attacker to remotely execute Java code on a vulnerable web-app server via its SOAP connector port . The bug was sealed up Vulnerability-related.PatchVulnerability on September 5 , when IBM made Vulnerability-related.PatchVulnerability the fix available Vulnerability-related.PatchVulnerability for download and installation . Unfortunately , the patch had been causing problems , forcing IBM to pull Vulnerability-related.PatchVulnerability the fix on Wednesday , more than a month . Big Blue said the patch was yanked Vulnerability-related.PatchVulnerability `` due to regression '' , which is the fancy way of saying it was mucking stuff up . `` There may be a failure after the security fix for PI95973 is installed , '' IBM tells customers . `` The fix has been removed Vulnerability-related.PatchVulnerability while it is being reworked by development . '' IBM did not say when the updated patch might be arriving Vulnerability-related.PatchVulnerability , putting some admins in the difficult position of either leaving a vulnerability open or risking crashes . We 've asked the New York-based IT giant for more details , following a tip off from an eagle-eyed reader – let us know if you also spot any strange goings on with patches and so forth . In Big Blue 's defense , this is far from the first time a company has had to pull Vulnerability-related.PatchVulnerability a security patch that was found Vulnerability-related.DiscoverVulnerability to pose stability concerns . Microsoft has to do this with some regularity . In fact , just today word surfaced that a number of HP users have been struggling with blue screen crashes affected Vulnerability-related.DiscoverVulnerability their PCs after installing Vulnerability-related.PatchVulnerability this week 's Patch Tuesday updates .

Logitech Options is an app that controls all of Logitech ’ s mice and keyboards . It offers several different configurations like Changing function key shortcuts , Customizing mouse buttons , Adjusting point and scroll behavior and etc . This app contained Vulnerability-related.DiscoverVulnerability a huge security flaw that was discovered Vulnerability-related.DiscoverVulnerability by Tavis Ormandy who is a Google security researcher . It was found Vulnerability-related.DiscoverVulnerability that Logitech Options was opening a WebSocket server on each individual computer Logitech Options was run on . This WebSocket server would open on port 10134 on which any website could connect and send several various commands which would be JSON-encoded . PID Exploit Through this any attacker can get in and run commands just by setting up a web page . The attacker only needs the Process Identifier ( PID ) . However the PID can be guessed as the software has no limit on the amount of try ’ s conducted . Once the attacker has obtained the PID and is in , consequently he can then completely control the Computer and run it remotely . This can also be used for keystroke injection or Rubber Ducky attacks which have been used to take over PC ’ s in the past . After Ormandy got a hold of Logitech ’ s engineers , he reported Vulnerability-related.DiscoverVulnerability the vulnerability privately to them in a meeting between the Logitech ’ s engineering team and Ormandy on the 18th of September . After waiting a total of 90 days , Ormandy saw the company ’ s failure in addressing Vulnerability-related.PatchVulnerability the issue publicly or through a patch for the app , Thus Ormandy himself posted his finding Vulnerability-related.DiscoverVulnerability on the 11th of December making the issue public . As the story gained attention Accordingly Logitech responded with an update for Logitech Options . Logitech released Vulnerability-related.PatchVulnerability Options version 7.00.564 on the 13th of December . They claim to have fixed Vulnerability-related.PatchVulnerability the origin and type checking bugs along with a patch for the security vulnerability . However they have not mentioned Vulnerability-related.PatchVulnerability the Security Vulnerability patch on their own website . They told German magazine heise.de that the new version does indeed fix Vulnerability-related.PatchVulnerability the vulnerability Travis Ormandy and his team are currently checking the new version of Logitech Options for any signs of Security Vulnerabilities . Everyone with the old version of Logitech Options are advised to upgrade Vulnerability-related.PatchVulnerability to the new 7.00.564 .

The bug was found Vulnerability-related.DiscoverVulnerability in the core infrastructure of Apache Struts 2 . The Apache Software Foundation has patched Vulnerability-related.PatchVulnerability a critical security vulnerability which affects Vulnerability-related.DiscoverVulnerability all versions of Apache Struts 2 . Uncovered Vulnerability-related.DiscoverVulnerability by researchers from cybersecurity firm Semmle , the security flaw is caused by the insufficient validation of untrusted user data in the core Struts framework . When Apache Struts uses results with no namespace and in the same time , upper actions have no wild namespace . The same opportunity for exploit exists when the URL tag is in use and there is no value or action set . As the bug , CVE-2018-11776 , has been discovered Vulnerability-related.DiscoverVulnerability in the Struts core , the team says there are multiple attack vectors threat actors could use to exploit the vulnerability . If the alwaysSelectFullNamespace flag is set to true in the Struts configuration , which is automatically the case when the Struts Convention plugin is in use , or if a user 's Struts configuration file contains a tag that does not specify the optional namespace attribute or specifies a wildcard namespace . Man Yue Mo from the Semmle Security Research Team first reported Vulnerability-related.DiscoverVulnerability the flaw . `` This vulnerability affects Vulnerability-related.DiscoverVulnerability commonly-used endpoints of Struts , which are likely to be exposed , opening up an attack vector to malicious hackers , '' Mo says Vulnerability-related.DiscoverVulnerability . `` On top of that , the weakness is related to the Struts OGNL language , which hackers are very familiar with , and are known to have been exploited Vulnerability-related.DiscoverVulnerability in the past . '' The vulnerability affects Vulnerability-related.DiscoverVulnerability all versions of Apache Struts 2 . Companies which use the popular open-source framework are urged to update their builds immediately . Users of Struts 2.3 are advised to upgrade Vulnerability-related.PatchVulnerability to 2.3.35 ; users of Struts 2.5 need to upgrade Vulnerability-related.PatchVulnerability to 2.5.17 . As the latest releases only contain Vulnerability-related.PatchVulnerability fixes for the vulnerability , Apache does not expect users to experience any backward compatibility issues . `` Previous disclosures Vulnerability-related.DiscoverVulnerability of similarly critical vulnerabilities have resulted in exploits being published Vulnerability-related.DiscoverVulnerability within a day , putting critical infrastructure and customer data at risk , '' Semmle says . `` All applications that use Struts are potentially vulnerable Vulnerability-related.DiscoverVulnerability , even when no additional plugins have been enabled . '' Mo first reported Vulnerability-related.DiscoverVulnerability the findings in April . By June , the Apache Struts team published the code which resolved Vulnerability-related.PatchVulnerability the problem , leading to the release Vulnerability-related.PatchVulnerability of official patches on August 22 .

Juniper Networks has released Vulnerability-related.PatchVulnerability its first cluster of security updates for 2019 , with the patches addressing Vulnerability-related.PatchVulnerability vulnerabilities in various products developed by the US networking equipment firm . Among the 19 security advisories released on Wednesday is a critical bug impacting Vulnerability-related.DiscoverVulnerability Junos OS , the FreeBSD-based operating system used in Juniper ’ s routers . CVE-2019-0006 affects Vulnerability-related.DiscoverVulnerability Junos OS versions 14.1X53 , 15.1 , 15.1X53 , where it was found Vulnerability-related.DiscoverVulnerability that a specially crafted HTTP packet could crash the fxpc daemon or could potentially lead to remote code execution ( RCE ) . Also marked as critical is CVE-2019-0007 , which addresses Vulnerability-related.PatchVulnerability a vulnerability in vMX series virtual routers running Junos OS 15.1 . “ The vMX series software uses a predictable IP ID Sequence Number , ” said Juniper . “ This leaves the system as well as clients connecting through the device susceptible to a family of attacks. ” Patches have also been released Vulnerability-related.PatchVulnerability for eight vulnerabilities in the libxml2 software library that impact Vulnerability-related.DiscoverVulnerability Junos OS . Eight additional security updates have been released Vulnerability-related.PatchVulnerability by Juniper that feature mitigations for high-level impact bugs , while a further six deal with less severe flaws . Multiple vulnerabilities were also discovered Vulnerability-related.DiscoverVulnerability in Juniper ’ s Advanced Threat Prevention ( ATP ) cloud security service . And finally , Juniper said nearly 40 vulnerabilities have been resolved Vulnerability-related.PatchVulnerability in the Junos Space Network Management Platform 18.3R1 and 18.4R1 by upgrading Vulnerability-related.PatchVulnerability third party components or fixing Vulnerability-related.PatchVulnerability internally discovered security vulnerabilities . Commenting on the advisories , the National Cybersecurity and Communications Integration Center ( NCCIC ) , said : “ Users and administrators should review Juniper ’ s Security Advisories webpage and apply the necessary updates . ”

Users of open source webmail software SquirrelMail are open to remote code execution due to a bug ( CVE-2017-7692 ) discovered Vulnerability-related.DiscoverVulnerability independently by two researchers . “ If the target server uses Sendmail and SquirrelMail is configured to use it as a command-line program , it ’ s possible to trick sendmail into using an attacker-provided configuration file that triggers the execution of an arbitrary command , ” the explanation provided by MITRE reads . “ For exploitation , the attacker must upload a sendmail.cf file as an email attachment , and inject the sendmail.cf filename with the -C option within the ‘ Options > Personal Informations > Email Address ’ setting. ” The bug was found Vulnerability-related.DiscoverVulnerability by researchers Filippo Cavallarin and Dawid Golunski , independently of one another , and affects SquirrelMail versions 1.4.22 and below . Golunski reported Vulnerability-related.DiscoverVulnerability it to SquirrelMail ( sole ) developer Paul Lesniewski , who asked for a delay of publication of the details until he could fix Vulnerability-related.PatchVulnerability the flaw . But as Cavallarin published Vulnerability-related.DiscoverVulnerability details about it last week ( after not receiving any reply by the SquirrelMail developer ) , Golunski did the same during the weekend . Both researchers provided Vulnerability-related.DiscoverVulnerability a proof-of-concept exploit for the flaw , and Cavallarin even offered Vulnerability-related.PatchVulnerability an unofficial patch for plugging Vulnerability-related.PatchVulnerability the hole . All this prompted Lesniewski to push out Vulnerability-related.PatchVulnerability a patch on Monday , and new , patched version snapshots of the software ( 1.4.23-svn and 1.5.2-svn ) . He also told The Register that exploitation of the bug is difficult to pull off . “ In order to exploit the bug , a malicious user would need to have already gained control over a mail account by other means , SquirrelMail would need to be configured to allow users to change their outgoing email address ( we recommend keeping this disabled ) , the user would need to determine the location of the attachments directory ( by gaining shell access or making guesses ) , the permissions on said directory and files would need to allow access by other processes ( by default this will usually be the case , but prudent admins will exert more stringent access controls ) and of course , SquirrelMail needs to be configured to send via Sendmail and not SMTP ( default is SMTP ) , ” he explained . Still , according to Golunski , the 1.4.23 version snapshot offered Vulnerability-related.PatchVulnerability on Monday was still vulnerable Vulnerability-related.DiscoverVulnerability . But another one was pushed out Vulnerability-related.PatchVulnerability today , so it ’ s possible that the issue was finally , definitely fixed Vulnerability-related.PatchVulnerability . Users can wait to update their installation until things become more clear , and in the meantime , they can protect themselves by configuring their systems not to use Sendmail .

The vulnerability was discovered Vulnerability-related.DiscoverVulnerability by researchers from the hacking collective the Exploiteers ( formerly GTVHacker ) , who have found Vulnerability-related.DiscoverVulnerability vulnerabilities in the Samsung SmartCam devices in the past . The flaw allows for command injection through a web script , even though the vendor has disabled the local web-based management interface in these devices . The Samsung SmartCam is a series of cloud-enabled network security cameras that were originally developed by Samsung Techwin . Samsung sold this division to South Korean business conglomerate Hanwha Group in 2015 and the company was renamed Hanwha Techwin . In response to vulnerabilities reported in Vulnerability-related.DiscoverVulnerability the web-based management interface of various SmartCam models over the past few years , Hanwha Techwin decided to completely disable the local administration panel and only allow users to access the cameras through the accompanying smartphone app and its My SmartCam cloud service . The Exploiteers researchers recently analyzed the Samsung SmartCam SNH-1011 and noticed that while accessing the web interface over the local network was no longer possible , the web server was still running on the device and hosted some PHP scripts related to a video monitoring system called iWatch . One of these scripts allows users to update the iWatch software by uploading a file , but has a vulnerability that stems from improper sanitization of the file name . The flaw can be exploited Vulnerability-related.DiscoverVulnerability by unauthenticated attackers to inject shell commands that will then be executed by the web server running with root privileges . `` The iWatch Install.php vulnerability can be exploited Vulnerability-related.DiscoverVulnerability by crafting a special filename which is then stored within a tar command passed to a php system ( ) call , '' the researchers explained Vulnerability-related.DiscoverVulnerability in a blog post Saturday . `` Because the web-server runs as root , the filename is user supplied , and the input is used without sanitization , we are able to inject our own commands within to achieve root remote command execution . '' While the flaw was found Vulnerability-related.DiscoverVulnerability in the SNH-1011 model , the researchers believe that it affects the entire Samsung SmartCam series . Ironically the vulnerability can be exploited Vulnerability-related.DiscoverVulnerability to turn on the disabled web management interface , whose removal was criticized by some users . The Exploiteers published Vulnerability-related.DiscoverVulnerability a proof-of-concept exploit that does just that .

Details on serious vulnerabilities in a number of routers freely distributed by a major Thai ISP were published on Vulnerability-related.DiscoverVulnerability Monday after private disclosures Vulnerability-related.DiscoverVulnerability made to the vendors in July went unanswered . Researcher Pedro Ribeiro of Agile Information Security found Vulnerability-related.DiscoverVulnerability accessible admin accounts and command injection vulnerabilities in ZyXel and Billion routers distributed by TrueOnline , Thailand ’ s largest broadband company . Ribeiro said Vulnerability-related.DiscoverVulnerability he disclosed Vulnerability-related.DiscoverVulnerability the vulnerabilities through Beyond Security ’ s SecuriTeam Secure Disclosure Program , which contacted the affected vendors last July . Ribeiro published Vulnerability-related.DiscoverVulnerability a proof of concept exploit yesterday as well . Ribeiro told Vulnerability-related.DiscoverVulnerability Threatpost he ’ s unsure whether TrueOnline introduced Vulnerability-related.DiscoverVulnerability the vulnerabilities as it adds its own customization to the routers , or whether they came from the respective manufacturers . A ZyXel representative told Threatpost the router models are no longer supported and would not comment on whether patches were being developed Vulnerability-related.PatchVulnerability . A request for comment from Billion was not returned in time for publication . The commonality between the routers appears to be that they ’ re all based on the TC3162U system-on-a-chip manufactured by TrendChip . Affected routers are the ZyXel P660HN-T v1 and P660HN-T v2 , and Billion 5200 W-T , currently in distribution to TrueOnline customers . The TC3162U chips run two different firmware variants , one called “ ras ” which includes the Allegro RomPage webserver vulnerable to the Misfortne Cookie attacks , and the other called tclinux . The tclinux variant contains the vulnerabilities found Vulnerability-related.DiscoverVulnerability by Ribeiro , in particular several ASP files , he said Vulnerability-related.DiscoverVulnerability , are vulnerable Vulnerability-related.DiscoverVulnerability to command injection attacks . He also cautions that they could be also vulnerable to Misfortune Cookie , but he did not investigate this possibility . “ It should be noted that tclinux contains files and configuration settings in other languages ( for example in Turkish ) . Therefore it is likely that these firmware versions are not specific to TrueOnline , and other ISP customised routers in other countries might also be vulnerable , ” Ribeiro said in his advisory . “ It is also possible that other brands and router models that use the tclinux variant are also affected Vulnerability-related.DiscoverVulnerability by the command injection vulnerabilities ( the default accounts are likely to be TrueOnline specific ) ” . In addition to Ribeiro ’ s proof-of-concept , Metasploit modules are available Vulnerability-related.DiscoverVulnerability for three of the vulnerabilities . Most of the vulnerabilities can be exploited Vulnerability-related.DiscoverVulnerability remotely , some without authentication . “ These vulnerabilities are present in the web interface . The default credentials are part of the firmware deployed by TrueOnline and they are authorized to perform remote access over the WAN , ” Ribeiro said . “ Due to time and lab constraints I was unable to test whether these routers expose the web interface over the WAN , but given the credentials , it is likely ” . The ZyXel P660HN-T v1 router is vulnerable Vulnerability-related.DiscoverVulnerability to an unauthenticated command injection attack that can be exploited remotely . Ribeiro said Vulnerability-related.DiscoverVulnerability he found Vulnerability-related.DiscoverVulnerability the vulnerability in the remote system log forwarding function , specifically in the ViewLog.asp page . V2 of the same router contains Vulnerability-related.DiscoverVulnerability the same vulnerability , but can not be exploited Vulnerability-related.DiscoverVulnerability without authentication , he said . “ Unlike in the P660HN-Tv1 , the injection is authenticated and in the logSet.asp page . However , this router contains a hardcoded supervisor password that can be used to exploit this vulnerability , ” Ribeiro said . “ The injection is in the logSet.asp page that sets up remote forwarding of syslog logs , and the parameter vulnerable to injection is the serverIP parameter ” . The Billion 5200W-T is also vulnerable Vulnerability-related.DiscoverVulnerability to unauthenticated and authenticated command injection attacks ; the vulnerability was found Vulnerability-related.DiscoverVulnerability in its adv_remotelog.asp page . “ The Billion 5200W-T router also has several other command injections in its interface , depending on the firmware version , such as an authenticated command injection in tools_time.asp ( uiViewSNTPServer parameter ) , ” Ribeiro said . It should be noted that this router contains several hardcoded administrative accounts that can be used to exploit this vulnerability ” . Ribeiro said default and weak admin credentials were found on the all of the versions and were accessible remotely . The researcher said it ’ s unknown whether the routers can be patched remotely . “ Again , given the existence of default credentials that have remote access , it is likely that it is possible to update the firmware remotely , ” Ribeiro said . Most of iBall baton routers in India are also vulnerable Vulnerability-related.DiscoverVulnerability to unauthenticated and authenticated command injection attack , i have reason to believe default and weak admin credentials are on the all of the versions and were accessible remotely . i Have I “ Ball WRA150N ” ADSL2+ iBall baton Router.And IBall is never accepting not even taking response to complains and request for latest firmware patches . ASUS patched Vulnerability-related.PatchVulnerability a bug that allowed attackers to pair two vulnerabilities to gain direct router access and execute commands as root . Thanks to Meltdown and Spectre , January has already been an extremely busy month of patching Vulnerability-related.PatchVulnerability for Microsoft .

With everything that ’ s gone down in 2016 it ’ s easy to forget Tim Cook ’ s and Apple ’ s battle with the FBI over data encryption laws . Apple took a strong stance though , and other tech giants followed suite leading to a victory of sorts for ( the little guy in ) online privacy . In this era of web exposure , it was a step in the right direction for those who feel our online identities are increasingly vulnerable on the web . All of this stands for little though when a security flaw in your operating system allows carefully encrypted messages to be effectively decrypted offline . That ’ s what happened to Apple with its iOS 9.2 operating system . Though the patches that ensued largely fixed Vulnerability-related.PatchVulnerability the problem , the whole issue has understandably left iOS users with questions . What really happened and are we at immediate risk ? A paper released in March by researchers at John Hopkins University exposed Vulnerability-related.DiscoverVulnerability weaknesses in Apple ’ s iMessage encryption protocol . It was found Vulnerability-related.DiscoverVulnerability that a determined hacker could intercept the encrypted messages between two iPhones and reveal the 64-digit key used to decrypt the messages . As iMessage doesn ’ t use a Message Authentication Code ( MAC ) or authenticated encryption scheme , it ’ s possible for the raw encryption stream , or “ ciphertext ” to be tampered with . iMessage instead , uses an ECDSA signature which simulates the functionality . It ’ s still no easy feat exploiting the security flaw detailed Vulnerability-related.DiscoverVulnerability by the researchers . The attacker would ultimately have to predict or know parts of the message they are decrypting in order to substitute these parts in the ciphertext . Knowing whether the substitution has been successful though , is a whole other process which may only be possible with attachment messages . The full details of the security flaw , and the complex way it can be exploited Vulnerability-related.DiscoverVulnerability are detailed Vulnerability-related.DiscoverVulnerability in the John Hopkins paper . The paper includes the recommendation that , in the long run , “ Apple should replace the entirety of iMessage with a messaging system that has been properly designed and formally verified ” . One thing that should be made clear is that these weaknesses were exposed Vulnerability-related.DiscoverVulnerability as a result of months of investigation by an expert team of cryptologists . The type of hacker that would take advantage of these weaknesses would undeniably be a sophisticated attacker . That of course doesn ’ t mean that Apple shouldn ’ t take great measures to eradicate this vulnerability in their system . Your messages , though , are not immediately at risk of being decrypted , and much less if you ’ ve installed the patches that came with iOS 9.3 and OS X 10.11.4 ( though they don ’ t completely fix Vulnerability-related.PatchVulnerability the problem ) . Tellingly , the flaws can ’ t be used to exploit numerous devices at the same time . As already mentioned , the process that was exposed by the John Hopskins paper is incredibly complex and relies on various steps that are by no means easy to complete successfully .

That lingering Heartbleed flaw recently discovered Vulnerability-related.DiscoverVulnerability in 200,000 devices is more insidious than that number indicates . According to a report posted Vulnerability-related.DiscoverVulnerability by Shodan , the Heartbleed vulnerability first exposed Vulnerability-related.DiscoverVulnerability in April 2014 was still found Vulnerability-related.DiscoverVulnerability in 199,594 internet-accessible devices during a scan it performed last weekend . But according to open-source security firm Black Duck , about 11 % of more than 200 applications it audited between Oct 2015 and March 2016 contained Vulnerability-related.DiscoverVulnerability the flaw , which enables a buffer overread that endangers data from clients and servers running affected versions of OpenSSL . The company ’ s vice president of security strategy Mike Pittenger says it ’ s likely most of those machines have been remediated , but it doesn ’ t address the countless other applications – commercial and proprietary - Black Duck didn ’ t audit . “ However , I would not extrapolate that to say 11 % of all commercial applications were vulnerable to Heartbleed at that time ” . That 11 % is a number from the company ’ s last published report . In a new report due out next month that hasn ’ t been wrapped up yet , that number is likely to dip into the single digits , but is still significant . The problem is that commercial software in general uses a great deal of open source code – 35 % on average - and authors of the code don ’ t necessarily have processes in place to track when vulnerabilities are found Vulnerability-related.DiscoverVulnerability in that code and to then patch Vulnerability-related.PatchVulnerability them , he says . He says Black Duck’s study Vulnerability-related.DiscoverVulnerability finds Vulnerability-related.DiscoverVulnerability that two-thirds of these applications have open-source vulnerabilities of one kind or another and that they average 5 years old . In regard to Heartbleed in particular , he says the reports draw on anonymized data about its audits so they don’t reveal Vulnerability-related.DiscoverVulnerability the specific applications in which the Heartbleed vulnerability was found Vulnerability-related.DiscoverVulnerability . Running vulnerable applications in a regulated environment could have consequences for the enterprises using them , he says , because the security threat they represent could violate HIPAA or PCI security and privacy requirements . The Shodan report Vulnerability-related.DiscoverVulnerability on the prevalence of Heartbleed showed that the individual entities hosting the largest number of Heartbleed-vulnerable devices were service providers . That may be because these machines were set up a while ago and are no longer in use but were never taken offline , Pittenger says .