Items tagged with vulnerability
Hackers and threat actors are constantly searching for new ways to breach systems for cybersecurity research or exploitation, respectively. Thankfully, French researcher Gilles Lionel got to an NTLM Relay Attack, dubbed PetitPotam, first. Now, Microsoft has released a mitigation technique that IT admins should implement to remain secure. Last week, information about PetitPotam was posted to GitHub by French cybersecurity researcher Gilles Lionel. Lionel found that, through a tool he made, it was possible “to coerce Windows hosts to authenticate to other machines via MS-EFSRPC EfsRpcOpenFileRaw function.” In layman’s terms, an attacker could use the program to extract NTLM authentication...
Read more...
Whether it’s a typo, a line of code in the wrong place, or a placeholder for testing that never got removed, developers can introduce vulnerabilities into apps that a threat actor could exploit. It seems Android developers seem to have the problem quite a bit, as new research suggested over 60% of Android apps had known security vulnerabilities in Q1 2021. According to data presented by the Atlas VPN team and collected by the Synopsys Cybersecurity Research Center, 63% of Android apps had known vulnerabilities, with an average of 39 vulnerabilities per app. The worst offenders of this 63% were gaming and financial apps, with the apps in the “top free games” category taking 96%...
Read more...
Over the last couple of days, a vulnerability tracked as CVE-2021-34527 has made the rounds, making IT people quite nervous. The cybersecurity threat, also dubbed PrintNightmare, exploits a flaw within the Windows Print Spooler, allowing for remote code execution on a system. Now, Microsoft has provided mitigation guidance to block these attacks on vulnerable devices around the world. The CVE (common vulnerability enumeration), published yesterday by Microsoft, outlined the vulnerability that recently cropped up affecting the Windows Print Spooler. The executive summary explains that remote code execution can occur when the Windows Print Spooler service “improperly performs privileged file...
Read more...
If you own a Western Digital My Book Live, unplug it from the internet as soon as possible. WD has reported that people have been waking up to find their My Book Live devices completed wiped of installed data due to malicious software performing a factory reset. On June 23rd, WD Community Forum user sunpeak made a post explaining that he found that all his data is gone and the owner password for device management had been changed. At the time of writing, this thread has had over 15,800 views and over 177 responses, many of which echo similar issues. Sunpeak then further elaborated on his issue later in the thread, showing logs of what appears to be a factory restore script being run. After the...
Read more...
A seven-year-old local privilege escalation bug has reared its head and finally got a fix. When it was available, exploiting the vulnerability in the polkit authentication service could have allowed attackers to get a root shell on several actively-used Linux distros. On Linux, polkit is effectively a bouncer of sorts who decides whether a user is allowed to do something that requires higher privileges. Discovered by security researcher Kevin Backhouse, the polkit bug that allows users to break this security was introduced in a commit that shipped with service version .0113 over seven years ago. To exploit this, it only takes a few terminal commands to create a user that is a member of the sudo-group....
Read more...
Dell is one of the most popular PC brands globally, selling millions of laptops, desktops, and server systems to everyday consumers and businesses alike each year. However, SentinelLabs researchers warned this week that five critical security flaws have been lurking in its firmware update driver since the early days of President Obama's first term. Attackers could have potentially exploited these flaws to conduct escalation of privilege attacks for kernel-level access on hundreds of millions of Dell and Alienware PCs. Multiple vulnerabilities were traced to Dell's firmware update driver version 2.3 (dbutil_2_3.sys) module. This module is responsible for Dell firmware updates using the Dell BIOS...
Read more...
Back in 2018, a processor security vulnerability called Spectre appeared, affecting all modern CPU architectures from Intel, AMD, and even ARM in the last 20 years. Since then, major players and semiconductor OEMs have worked hard to patch out the vulnerabilities in a cybersecurity whack-a-mole game, in some cases leading to performance loss and other issues. Today, unfortunately, University of Virginia Researchers have now found a way to circumvent all of the original Spectre security mitigations, essentially resurrecting the ghostly security flaw that will now again haunt billions of PCs globally. Of the vulnerabilities that appeared in 2018, Spectre was the nastier of the two primary...
Read more...
When independent or academic research is carried out, ethics is a primary concern if you have anything to do with people outside the research group. With that in mind, the University of Minnesota has seemingly been performing ethically questionable research on the Linux kernel by submitting useless or vulnerable code. Now, one of the biggest developers of the Linux kernel has banned UMN from submitting patches after becoming fed up with the “research.” Earlier this year, two researchers from the University of Minnesota published a research paper around the premise of sneaking malicious code into open source software (OSS). The paper specifically targeted the Linux kernel, one of the...
Read more...
This year, there have been several cybersecurity incidents, such as the Microsoft Exchange issue, across numerous industries and government organizations. It appears that the defense industry is now being targeted by at least two China-linked hacking groups who are leveraging Pulse Secure VPN devices from IT company Ivanti. Phil Richard, CSO at Pulse Secure, posted a security update today reporting that the company had been made aware of a new vulnerability with Pulse Connect Secure appliances. Subsequently, the company is working with security company FireEye, among others, to investigate and respond to the exploitative behavior on the vulnerable appliances. Pulse Secure Is An Ivanti Brand...
Read more...
The Microsoft Exchange zero-day vulnerabilities seemed to cause quite a bit of havoc across several industries and organizations. Since it was first discovered, however, patches have been rolling out from Microsoft and frantic orders to patch servers have been trickling down. Clearly, that was not enough, as web shells remained on many systems, thus allowing access to the vulnerable systems. Subsequently, the U.S Department of Justice authorized the FBI to disable these web shells and notify the organizations who were breached in a “successful” operation announced yesterday. In January through March, malicious actors and hacking groups used the Microsoft Exchange vulnerabilities...
Read more...
Earlier in the week, user PixelRick discovered a vulnerability in Cyberpunk 2077, leading to code execution on a system via malicious data files. While modders were initially blamed for the risk, it turns out that the issue stemmed from poor coding on CD Projekt Red’s part. Now, the Poland-based games company has released a patch to fix the problem and hopefully make Cyberpunk files safe. Announced on Twitter, hotfix 1.12 is now available on PC, and it fixes a couple of issues pertaining to the vulnerability discovered. First and foremost, CDPR fixed the “buffer overrun issue” or buffer overflow in several places within Cyberpunk 2077. Secondly, yet equally as important, the...
Read more...
Yesterday, we reported that CD Projekt Red sent out a warning that was effectively against "downloading mods", but it appears that we did not have the full story from the developers of Cyberpunk 2077. According to users on the CD Projekt Red forums, the Cyberpunk 2077 devs are partially to blame for what seems to be several vulnerabilities used in conjunction, which led to the outcry. Yesterday, forum user yamamushi replied to the main warning thread, which disclosed a vulnerability in Cyberpunk 2077. He explained that since the announcement, modders were getting blamed for the vulnerability when that line of reasoning was entirely wrong. Specifically, "What CDPR posted [in the thread]...
Read more...
When it comes to using the internet in any way, a general rule of thumb is that you should never download software from a source that you do not trust. Yesterday, CD Projekt Red Support sent out a tweet to dissuade people from downloading mods for Cyberpunk 2077 because a vulnerability was found the modding system's implementation. CD Projekt Red’s tweet explained the issue occurs when malicious mods are downloaded and modify things that they should not change. The tweet then explains that this vulnerability will be fixed “ASAP,” but it is quite dangerous to players who have already ventured out to install mods. If you plan to use @CyberpunkGame mods/custom saves on PC, use...
Read more...
If you give some kids restricted access to technology, they are bound to find a loophole or bug that lets them do what they want regardless. After being asked by his kids to “hack” his Linux desktop, one Dad let the kids play with the keyboard. This button-mashing actually crashed the machine's screensaver by sheer luck, allowing them onto the desktop, ultimately leading to the discovery of a high priority security vulnerability for the Linux Mint team. The bug report, posted to GitHub by user Robo2Bobo, states that it became possible to crash the screensaver and unlock the desktop via the virtual keyboard. Robo2Bobo then explained that this was found because “A few weeks ago,...
Read more...
If people trust their information with businesses tasked with keeping them safe, those companies should at least try to take security seriously. It seems that is not necessarily the case, as a flaw in an app created by Ring was exposing precise location data of customers who posted to the app, when it should have been hiding it. Ring is a smart doorbell and IoT company that created the Neighbors app in 2018, around the same time Amazon completed its acquisition of the company. The Neighbors app was something of a social app where Ring doorbell owners could anonymously share videos that show crime. Think along the lines of a digital neighborhood watch with video footage. Vulnerable Data On Neighbors...
Read more...
While vulnerabilities crop up regularly, people need to be on the lookout, and developers need to patch their programs for everyone’s benefit. When a developer neglects this responsibility, people and information are left at risk. Back in August, a vulnerability that allowed a local attack and code execution on an Android device was reported, but now it has been found that some apps still have not updated to fix the problem. Aviran Hazum and Jonathan Shimonovich, of Check Point Research, reported on the Android vulnerability, given CVE-2020-8913, that was patched by Google in April of this year. It is rated as an 8.8 out of 10 on the common vulnerability scoring system (CVSS), and it impacts...
Read more...
Google has released a new version of Google Chrome today after tackling two more high-profile, zero-day exploits. Over the last several weeks, Google has found multiple attack vectors and has been squashing them at a rapid pace, so this is just a couple more on the pile. Users are advised to upgrade Chrome ASAP, as the risk for these exploits is ranked “High” by Google. At the end of October, Google took care of several exploits that came up through Project Zero. The new exploits that were discovered make it seem like Google Chrome is Swiss cheese with all the security holes, but they are being patched at the very least. The first vulnerability, given the designation CVE-2020-16013,...
Read more...
Most modern tech users are all likely familiar with Multi-Factor Authentication (MFA). Many would consider this security enhancement to be absolutely essential to protecting one’s online accounts. However, some forms of MFA are more secure than others. SMS and voice MFA mechanisms tend to be some of the most vulnerable options. Alex Weinert, a Partner Director of Identity Security at Microsoft, recently outlined several arguments in favor of abandoning SMS and voice MFA. SMS and voice MFA are based on publicly switched telephone networks (PSTN) or all the switched telephone networks throughout the globe. PSTNs are vulnerable to nearly every common exploit that other authenticators would...
Read more...
Google’s Project Zero team, which is tasked with discovering 0-day vulnerabilities, has uncovered an exploit in the Windows kernel that can lead to sandbox escape or privilege escalation. The bug, given CVE-2020-17087, is of the buffer overflow type in the Windows Kernel Cryptography Driver (CNG.sys) and is being actively exploited. Thankfully, this exploit is targeted and is not related to any U.S. election hacking, which could become more prevalent in the coming days. Last week, the Project Zero team discovered an exploit in Google Chrome and Chrome OS. Around the same time, they found the Windows Kernel bug, and it was “subject to a 7-day disclosure deadline.” It was subject...
Read more...
One would think that once a vulnerability received ample coverage and explicit warnings that encouraged uses to patch, we might see a drop-off in attacks. That is not the case; however, as Microsoft is again reporting that the Zerologon security flaw is still being exploited in the wild. This is another succinct warning on top of the pile already saying that Zerologon is dangerous, and people need to patch their systems ASAP. In late September, we reported, as others did, that hackers were actively exploiting the Zerologon security flaw. Following a Department of Homeland Security emergency directive, Microsoft confirmed that they were tracking the use of Zerologon. Microsoft also reported that...
Read more...
Google’s recently released versions of Chrome and Chrome OS had a bit of an Achilles heel: a rather pesky zero-day vulnerability that could corrupt the system’s memory from the browser or OS. The bug has been given CVE-2020-15999, but has not even been given an official score yet. Google gives the exploit a "high" level of criticality, and it has already been found in the wild, so users need to patch their systems ASAP. CVE-2020-15999 was discovered on October 19th by Sergei Glazunov at Google Project Zero. The Project Zero team is tasked with finding zero-day exploits in Googles's own products (and competitors), and with this bug, the team found issues with FreeType,...
Read more...
A new Bluetooth security vulnerability has appeared, and this time Linux is under the gun. Andy Nguyen, an information security researcher, discovered the vulnerabilities. They are collectively known as BleedingTooth, which allows for zero-click remote code execution on Linux devices within Bluetooth range. The code can be executed with kernel privileges, and Intel has rated the exploit at an 8.3 on the common vulnerability scoring system (CVSS). According to the research page for CVE-2020-12351, BleedingTooth is a "Heap-Based Type Confusion in L2CAP." What this means is that a malicious user can send data to the Bluetooth subsystem (BlueZ program) in Linux, after which the code for the subsystem...
Read more...
