Items tagged with exploit
Get ready to patch your Windows systems as a new bug has been discovered that can lead to the dreaded Blue Screen of Death. This bug, labeled the “Bad Neighbor” exploit (CVE-2020-16898), enables an attacker who crafts an IPv6 packet to completely crash a system. The team at Sophos Labs explains that in “tcpip.sys, a logic error in how the driver parses ICMP messages can be triggered remotely with a crafted IPv6 router advertisement packet containing a Recursive DNS Server (RDNSS) option.” The IPv6 router advertisement packet sends too much data and creates a buffer overflow, which corrupts the system memory stack. This corruption sends the whole operating system toppling....
Read more...
Earlier in the week, we reported on a dangerous exploit with Windows domain controllers called Zerologon. Now, the Cybersecurity and Infrastructure Security Agency (CISA), under the Department of Homeland Security direction, is issuing warnings about the exploit and is pushing government agencies to patch the vulnerability over the weekend. The Zerologon exploit is a way for a nefarious person to escalate privileges within a system and gain access to other systems and files. It takes advantage of the Windows Server Netlogon Remote protocol and authentication to capture session data to escalate the exploit further. Earlier in August, Microsoft released a patch to mitigate the vulnerability for...
Read more...
If any of you out there are running the Firefox browser app for Android, please update immediately. Versions below Firefox version 79 on mobile are vulnerable to exploitation of Android intent URIs. This attack uses SSDP payloads to trigger actions without user interaction. According to exploit researcher Chris Moberly, the exploit he found is a way to trick Firefox on Android into running applications. The simple service discovery protocol (SSDP) engine in Firefox can be sent payloads which trick it into running Android intent URIs. Android intent URIs are “messages which request actions from another app component,” according to the developer site for Android. Intents can be...
Read more...
Secura digital security advisors and researchers, have discovered a highly critical vulnerability with Active Directory domain controllers. Rated as a 10 of 10 on the Common Vulnerability Scoring System (CVSS), this exploit, dubbed Zerologon, allows nefarious people to take over the domain controller and execute privilege escalations. The Zerologon exploit takes advantage of how the Netlogon Remote Protocol works. Typically, this protocol is used for machine and user authentication, as well as updating passwords within a domain. To utilize this exploit, one only needs to set up a TCP connection to the domain controller (DC) and you can spoof a client to go from there. This client spoofing works...
Read more...
A new security vulnerability has now been detailed that exposes portions of your device’s Wi-Fi traffic to nefarious individuals. The Kr00k vulnerability was disclosed today by ESET researchers presenting at the RSA Security Conference. The problem lies with Wi-Fi chips that were manufactured by Broadcom and Cypress Semiconductor, and Kr00k would allow anyone with the proper tools within close proximity to your Wi-Fi network to bypass WPA2 encryption. Kr00k takes advantage of a period of a time when a device disconnects from a network either when roaming from access point to access point, or when it is forced off in a suspicious manner. After the targeted device then reconnects to the network,...
Read more...
It seems as though we can't escape a single week without hearing about a new widespread security exploit that puts us all at risk. This week, the newly detailed attack taking center stage is called Simjacker, and it was revealed by the folks at AdaptiveMobile Security. As its name implies, Simjacker works primarily by exploiting the SIM cards that all of our smartphone use. As the researchers explain it, this new exploit represents a "huge jump in complexity and sophistication" in comparison to other attack vectors that have propagated over mobile networks. Although Simjacker is quite an intricately-executed exploit, we'll give you a brief overview of how it claims its victims. First of...
Read more...
In the web browser world, Google Chrome is tops and is offered on multiple platforms including Windows 10, macOS, Linus, iOS and Android. however, web developer named Jim Fisher has found an exploit that nefarious developers can use to trick Chrome on Android users into thinking they are on a legitimate website. Fisher shows on his blog how a website can replace the Chrome for Android address bar and tabs UI using a few tricks. All Chrome for Android users know that when you scroll down a page using the browser, the top of the UI with your address bar and tabs are hidden from view. Fisher found that the scrolling of the page could be "jailed" so when the user scrolls back up the page, the...
Read more...
Most of the security vulnerabilities we write about at HotHardware fortunately won't affect the vast majority of readers. Either these exploits require user interaction to kick-start, or you have to be of particular interest as a target for someone to go through the effort of executing more complex attacks against you or your devices. But then there are those vulnerabilities that could impact any of us at any time, and worse, can be exploited with the ultimate of ease. Embedi is a security firm that focuses on embedded devices and operating systems (hence the name). Through its research efforts, the company discovered some serious issues with the firmware of the widely-used ThreadX RTOS...
Read more...
It appears that T-Mobile has only recently squashed a rather serious bug that affected one of the company's subdomains used by staff. In this case, promotool.t-mobile.com was not password protected, allowing anyone that stumbled across it to access stored data. According to ZDNet, which first reported on the website bug, anyone could add a T-Mobile customer’s phone number to the end or the website address after which they would gain access to a treasure trove of information. Personal customer details such as full name, address, account number, account PIN and tax identification number (in certain instances) were all made visible. Most wireless carriers allow you set a PIN for your...
Read more...
New Spectre flaws have been revealed by the former head of Intel's advanced thread team, Yuriy Bulygin. This is a man who knows what he's doing, so his opinions and findings are not to be treated as fly-by-night like some others. Through his new security agency, Eclypsium (a neat name, it must be said), Bulygin posts of a new application of speculative execution attacks which hinge on Spectre variant 1 (bounds check bypass), although it's believed that the same exploit would work with variant 2 (branch target injection), as well. Ultimately, Bulygin's exploit leverages the bounds check bypass element of Spectre's variant 1 to circumvent the system management range register (SMRR) protection of...
Read more...
WhatsApp users have been forwarding a message around that some might find incredibly annoying. The message will cause the app to hang for a bit, after which it will then function normally. No malicious content is transferred with the message according to reports. The message reads "If you touch the black point your WhatsApp will hang." The message is then forwarded by a black dot and in some cases emojis. Naturally, a good portion of the people who get it can't resist the temptation to touch the black dot. As for why the message can cause WhatsApp to hang, it has to do with symbols included in the message that WhatsApp doesn’t recognize. Since the app doesn't recognize the characters,...
Read more...
If you grabbed the free Super Mario Odyssey DLC that landed this week and have encountered what appear to be cheaters in Nintendo's Luigi's Balloon World game, you know the frustration that some folks are likely going through right now. These cheating players are using a glitch in a game that allows them to move through walls to hide the balloons, that players are tasked with finding, in areas that are out of bounds to honest players that are not exploiting the glitch. If you are unfamiliar with the Balloon World mode, it's sort of like a game of hide and seek from your childhood, only the hider is placing balloons in the worlds of the game and then the seekers must go and find them. If...
Read more...
If you've been following the tech or security news for the past few days, then you no doubt know of a security vulnerability that reportedly affects all Intel processors. OS vendors have been working to mitigate the issue with kernel patches, but those software Band-Aids can come with some performance handicaps as a side effect. Today, we're learning more about what exactly is going on, and that there are not one, but actually two vulnerabilities that have been disclosed. It's bad enough that one of them targets Intel processors, but the second affects ALL modern processors as well -- including those based on architectures from Intel, AMD and ARM. So, we present to you Meltdown and Spectre....
Read more...
Microsoft and Google don't have that much love for each other. The two are rivals in the search market with Google being far and away the most popular search engine, leaving Bing with the table scraps. Google also has the most popular mobile operating system forcing Microsoft to admit that its mobile OS is dead. Google also went public with a Windows flaw bask in February that Microsoft was slow to patch, seemingly as a way to shame Redmond into patching the issues. Microsoft is now hitting back at Google with a bit of admonishment for a security issue in the Chrome browser. Reports indicate that Microsoft found a Chrome vulnerability last month and outlined how the browser could be exploited....
Read more...
A security company called Armis is spilling the beans on a collection of eight different exploits that it is collectively calling BlueBorne. These exploits can allow a hacker access to your phone in seconds without having physical access to the device. Perhaps the scariest part of the exploit is that BlueBorne isn't limited to your phone alone; the hack can allow access to phones, computers, and IoT devices. Armis notes that it believes more vulnerabilities lie waiting to be discovered in various platforms that use the Bluetooth wireless communications standard. The firm says that its research proves these vulnerabilities exist and that they can be exploited. BlueBorne can be used to...
Read more...
Gaming is meant to be fun, but it just can't be all of the time. That's because players of online games have to be constantly aware of looming threats. Yet another new case of an attack, involving a game called ROBLOX, highlights the fact that it's not just the game itself that is at risk sometimes, but the tools surrounding it. Despite the fact that ROBLOX mimics Minecraft in that its an open-world sandbox game, it actually came out years before Mojang released even an alpha. Today, the game enjoys an impressive 12 million monthly users, many of whom use the ultra-successful platform Discord to chat to friends. It's Discord in this case that's the big threat, though, again proving to us that...
Read more...
Another day, another government spying exploit rises to the surface courtesy of Wikileaks, this time originating from the CIA. This WikiLeaks data dump specifically lets us know of a CIA-engineered spying tool called OutlawCountry (no space), which, interestingly enough, explicitly targets Linux users. You know, those digital freedom loving passionate penguin peeps that appreciate having great control over their computer? But don't worry, the CIA has targeted Windows users en masse in the past as well; absolutely no one has proven safe and they obviously don't discriminate. OutlawCountry starts out as a Linux kernel module (nf_table_6_64.ko) that gets loaded into the system and...
Read more...
The Wanna Decrypter ransomware that began floating around the Internet late last week, or WannCry as it's commonly known, has made a lasting impact, with hundreds of thousands of PCs worldwide being affected. What the malware does is even more alarming: one minute, you're using your computer normally; the next, your data is locked away behind a key unless you fork over hundreds of dollars in ransom money. As has become typical of ransomware, WannaCry will demand payment via Bitcoin in order to recover the data the attackers locked down. Once payment is received, an encryption key is typically (but not always) sent that will allow the user to recover their data. It's a chore for the inexperienced...
Read more...
Last Friday, we reported on a major cyberattack involving ransomeware that hit a large number of computers - including some belonging to the UK's National Health Service. At first, the malware's reach wasn't too clear, but as the weekend went on, we learned that the number of affected PCs reached at least 200,000 worldwide. Given the nature of this beast, that is downright terrifying. The big question right now is, "Who's at fault?" The blame could easily be shifted to Microsoft, as the bug that allowed this to happen was directly attributed to its own code. While the company is to be commended for releasing a rare Windows XP patch to help squash the bug, it comes a bit too late. Microsoft knew...
Read more...
It seems like a day doesn't go by that we don't hear about some piece of malware that's harassing computer users. In 2017, you would expect that most people would be hesitant to download and extract random, rogue zip files, but sadly, that's not the case. There's a reason these pieces of malware still exist -- just like with spam email, a small percentage of users ultimately fall for it. With the latest piece of malware to hit the Mac, users who are careless enough to open attachments from people they don't know are the prime targets for this exploit and infection. OSX/Dok is malware that targets - you guessed it - OS X. The downside is that it allegedly affects all versions of OS X, so...
Read more...
We can't seem to go a single week without news of a severe vulnerability out there in the wild, and it looks like our streak isn't about to end. Not too long ago, a number of NSA-derived tools were released online, giving us an idea of how desperate the folks at one of the US government's leading intelligence agencies are to get inside targeted PCs. Now, we have to hope that IT managers and system owners alike take updating their OS seriously. This particular family of NSA exploits are being dubbed "DoublePulsar", and they're severe enough to warrant immediate attention to your Windows PCs. Last month, Microsoft released patches to remove the vulnerability, but as we all know too well, most people...
Read more...
In 2013, security research firm DefenseCode revealed a major issue that plagued a large number of wireless routers, and because the number of affected devices was in the millions, the company held off on revealing the specifics. Fast-forward four years to the present day, and those details have finally been revealed. The vulnerability was originally found in a Cisco Linksys router, but it was quickly discovered that the same issue could be found on others - not just other Cisco models, but other vendor models as well. That led the researcher to discover that the issue ultimately related to the Broadcom chipset inside, and in particular, with its uPnP implementation. D-Link's DSL-2740U is one...
Read more...
