Items tagged with vulnerability
Earlier in the week, user PixelRick discovered a vulnerability in Cyberpunk 2077, leading to code execution on a system via malicious data files. While modders were initially blamed for the risk, it turns out that the issue stemmed from poor coding on CD Projekt Red’s part. Now, the Poland-based games company has released a patch to fix the problem and hopefully make Cyberpunk files safe. Announced on Twitter, hotfix 1.12 is now available on PC, and it fixes a couple of issues pertaining to the vulnerability discovered. First and foremost, CDPR fixed the “buffer overrun issue” or buffer overflow in several places within Cyberpunk 2077. Secondly, yet equally as important, the...
Read more...
Yesterday, we reported that CD Projekt Red sent out a warning that was effectively against "downloading mods", but it appears that we did not have the full story from the developers of Cyberpunk 2077. According to users on the CD Projekt Red forums, the Cyberpunk 2077 devs are partially to blame for what seems to be several vulnerabilities used in conjunction, which led to the outcry. Yesterday, forum user yamamushi replied to the main warning thread, which disclosed a vulnerability in Cyberpunk 2077. He explained that since the announcement, modders were getting blamed for the vulnerability when that line of reasoning was entirely wrong. Specifically, "What CDPR posted [in the thread]...
Read more...
When it comes to using the internet in any way, a general rule of thumb is that you should never download software from a source that you do not trust. Yesterday, CD Projekt Red Support sent out a tweet to dissuade people from downloading mods for Cyberpunk 2077 because a vulnerability was found the modding system's implementation. CD Projekt Red’s tweet explained the issue occurs when malicious mods are downloaded and modify things that they should not change. The tweet then explains that this vulnerability will be fixed “ASAP,” but it is quite dangerous to players who have already ventured out to install mods. If you plan to use @CyberpunkGame mods/custom saves on PC, use...
Read more...
If you give some kids restricted access to technology, they are bound to find a loophole or bug that lets them do what they want regardless. After being asked by his kids to “hack” his Linux desktop, one Dad let the kids play with the keyboard. This button-mashing actually crashed the machine's screensaver by sheer luck, allowing them onto the desktop, ultimately leading to the discovery of a high priority security vulnerability for the Linux Mint team. The bug report, posted to GitHub by user Robo2Bobo, states that it became possible to crash the screensaver and unlock the desktop via the virtual keyboard. Robo2Bobo then explained that this was found because “A few weeks ago,...
Read more...
If people trust their information with businesses tasked with keeping them safe, those companies should at least try to take security seriously. It seems that is not necessarily the case, as a flaw in an app created by Ring was exposing precise location data of customers who posted to the app, when it should have been hiding it. Ring is a smart doorbell and IoT company that created the Neighbors app in 2018, around the same time Amazon completed its acquisition of the company. The Neighbors app was something of a social app where Ring doorbell owners could anonymously share videos that show crime. Think along the lines of a digital neighborhood watch with video footage. Vulnerable Data On Neighbors...
Read more...
While vulnerabilities crop up regularly, people need to be on the lookout, and developers need to patch their programs for everyone’s benefit. When a developer neglects this responsibility, people and information are left at risk. Back in August, a vulnerability that allowed a local attack and code execution on an Android device was reported, but now it has been found that some apps still have not updated to fix the problem. Aviran Hazum and Jonathan Shimonovich, of Check Point Research, reported on the Android vulnerability, given CVE-2020-8913, that was patched by Google in April of this year. It is rated as an 8.8 out of 10 on the common vulnerability scoring system (CVSS), and it impacts...
Read more...
Google has released a new version of Google Chrome today after tackling two more high-profile, zero-day exploits. Over the last several weeks, Google has found multiple attack vectors and has been squashing them at a rapid pace, so this is just a couple more on the pile. Users are advised to upgrade Chrome ASAP, as the risk for these exploits is ranked “High” by Google. At the end of October, Google took care of several exploits that came up through Project Zero. The new exploits that were discovered make it seem like Google Chrome is Swiss cheese with all the security holes, but they are being patched at the very least. The first vulnerability, given the designation CVE-2020-16013,...
Read more...
Most modern tech users are all likely familiar with Multi-Factor Authentication (MFA). Many would consider this security enhancement to be absolutely essential to protecting one’s online accounts. However, some forms of MFA are more secure than others. SMS and voice MFA mechanisms tend to be some of the most vulnerable options. Alex Weinert, a Partner Director of Identity Security at Microsoft, recently outlined several arguments in favor of abandoning SMS and voice MFA. SMS and voice MFA are based on publicly switched telephone networks (PSTN) or all the switched telephone networks throughout the globe. PSTNs are vulnerable to nearly every common exploit that other authenticators would...
Read more...
Google’s Project Zero team, which is tasked with discovering 0-day vulnerabilities, has uncovered an exploit in the Windows kernel that can lead to sandbox escape or privilege escalation. The bug, given CVE-2020-17087, is of the buffer overflow type in the Windows Kernel Cryptography Driver (CNG.sys) and is being actively exploited. Thankfully, this exploit is targeted and is not related to any U.S. election hacking, which could become more prevalent in the coming days. Last week, the Project Zero team discovered an exploit in Google Chrome and Chrome OS. Around the same time, they found the Windows Kernel bug, and it was “subject to a 7-day disclosure deadline.” It was subject...
Read more...
One would think that once a vulnerability received ample coverage and explicit warnings that encouraged uses to patch, we might see a drop-off in attacks. That is not the case; however, as Microsoft is again reporting that the Zerologon security flaw is still being exploited in the wild. This is another succinct warning on top of the pile already saying that Zerologon is dangerous, and people need to patch their systems ASAP. In late September, we reported, as others did, that hackers were actively exploiting the Zerologon security flaw. Following a Department of Homeland Security emergency directive, Microsoft confirmed that they were tracking the use of Zerologon. Microsoft also reported that...
Read more...
Google’s recently released versions of Chrome and Chrome OS had a bit of an Achilles heel: a rather pesky zero-day vulnerability that could corrupt the system’s memory from the browser or OS. The bug has been given CVE-2020-15999, but has not even been given an official score yet. Google gives the exploit a "high" level of criticality, and it has already been found in the wild, so users need to patch their systems ASAP. CVE-2020-15999 was discovered on October 19th by Sergei Glazunov at Google Project Zero. The Project Zero team is tasked with finding zero-day exploits in Googles's own products (and competitors), and with this bug, the team found issues with FreeType,...
Read more...
A new Bluetooth security vulnerability has appeared, and this time Linux is under the gun. Andy Nguyen, an information security researcher, discovered the vulnerabilities. They are collectively known as BleedingTooth, which allows for zero-click remote code execution on Linux devices within Bluetooth range. The code can be executed with kernel privileges, and Intel has rated the exploit at an 8.3 on the common vulnerability scoring system (CVSS). According to the research page for CVE-2020-12351, BleedingTooth is a "Heap-Based Type Confusion in L2CAP." What this means is that a malicious user can send data to the Bluetooth subsystem (BlueZ program) in Linux, after which the code for the subsystem...
Read more...
Last week, a security researcher team claimed Apple’s T2 security chip onboard many Macs was vulnerable to an exploit that could not be patched. This exploit would give an attacker full root access and kernel execution privileges. Now, another group has showcased a real-world method of this attack over USB-C. Apple’s devices all have a debug tool that is created in-house for diagnosing issues with the OS. These can sometimes be leaked or reverse engineered so that users can jailbreak devices. With the exploit reported last week, attackers would use the checkm8/checkra1n exploit along with the blackbird vulnerability while in device firmware update (DFU) mode to get into a system....
Read more...
Earlier in the week, we reported on a dangerous exploit with Windows domain controllers called Zerologon. Now, the Cybersecurity and Infrastructure Security Agency (CISA), under the Department of Homeland Security direction, is issuing warnings about the exploit and is pushing government agencies to patch the vulnerability over the weekend. The Zerologon exploit is a way for a nefarious person to escalate privileges within a system and gain access to other systems and files. It takes advantage of the Windows Server Netlogon Remote protocol and authentication to capture session data to escalate the exploit further. Earlier in August, Microsoft released a patch to mitigate the vulnerability for...
Read more...
Secura digital security advisors and researchers, have discovered a highly critical vulnerability with Active Directory domain controllers. Rated as a 10 of 10 on the Common Vulnerability Scoring System (CVSS), this exploit, dubbed Zerologon, allows nefarious people to take over the domain controller and execute privilege escalations. The Zerologon exploit takes advantage of how the Netlogon Remote Protocol works. Typically, this protocol is used for machine and user authentication, as well as updating passwords within a domain. To utilize this exploit, one only needs to set up a TCP connection to the domain controller (DC) and you can spoof a client to go from there. This client spoofing works...
Read more...
These days just about everybody takes Bluetooth for granted. Manufacturers phase out useful physical ports like headset jacks in high end devices with the expectation that buyers will use Bluetooth headphones. Our cars, watches, locator tags, home theaters, and even game controllers rely on the ubiquitous short-range wireless network protocol. And if Bluetooth's built-in encryption was ever broken, we could be in for a world of hurt. Unfortunately, it appears attackers can do just that with a newly-discovered security vulnerability announced by the Bluetooth Special Interest Group (SIG), known as BLURtooth. The Bluetooth SIG and Carnegie Mellon University's CERT Coordination Center describe...
Read more...
BootHole GRUB2 Bootloader Security Exploit Discovered, Affects Billions Of Windows And Linux Devices
Bootloaders are an essential bit of software for almost every modern electronic device. Unfortunately, any vulnerabilities in the bootloader can open a device up to attackers. Eclypsium researchers recently discovered a buffer overflow vulnerability in the GRUB2 bootloader, nicknamed “BootHole”. This affects any device that uses GRUB2 with Secure Boot, including most Linux and some Windows devices. How Does BootHole Work The “GRand Unified Bootloader version 2”, or GRUB2, is a bootloader that is common on many Linux devices. It uses bison, a parsers generator, and flex, a lexical analyser, to “generate a parsing engine for a domain-specific language (DSL).”...
Read more...
Another Microsoft Patch Tuesday has come and gone. Ninety-nine flaws in total were addressed during this major patch. Unfortunately, the update does not provide a blanket fix for all ninety-nine issues. There are various prerequisites before some users will be able to install a patch for a secure boot vulnerability. “CVE-2020-0689” or the “Microsoft Secure Boot Security Feature Bypass Vulnerability” allows attackers to bypass secure boots. A secure boot is intended to guarantee that a device is only making use of software with valid credentials from an Original Equipment Manufacturer (OEM). However, this vulnerability permits attackers to load their own software. Thankfully,...
Read more...
Is your Bluetooth connection secure? Researchers recently discovered a Bluetooth vulnerability that could allow hackers to intercept and manipulate a user’s communications. The researchers tested and found seventeen vulnerable Bluetooth chips in devices from companies such as Intel, Apple, Lenovo, and Qualcomm. The findings were presented at the USENIX Security Symposium by researchers from the Center for IT-Security, Privacy and Accountability (CISPA). The vulnerability has been nicknamed “Key Negotiation Of Bluetooth” or “KNOB”. Every time two Bluetooth devices establish a connection, they also create a new encryption key. Unfortunately, not every device has a...
Read more...
Researchers recently uncovered Windows kernel security flaws that affect over 40 drivers from 20 different vendors. The vulnerabilities could give attackers access to a device's hardware and firmware. Researchers from Eclypsium shared their troubling findings this past week at the DEF CON 27 security conference in Las Vegas, Nevada. Why are there so many vulnerable drivers? According to Mickey Shkatov, Principal Researcher at Eclypsium, bad coding practices are to blame. Many drivers are meant to be flexible and able to perform a wide variety of actions instead of performing specific tasks. Shkatov noted, “It's easier to develop software by structuring drivers and applications this way,...
Read more...
Millions of Dell And Other Brand PCs Vulnerable To System Hijack Security Flaw In 3rd Party Software
Some laptop and desktop consumers may want to double-check that they have recently updated their devices. It was discovered that millions of Dell PCs as well as other brands could be vulnerable to hackers. The security flaw was caused by a 3rd party software package and affected Dell’s SupportAssist software, as well other rebranded versions of this particular software that Dell and other brands employ. The Dell SupportAssist software is pre-installed on devices and is intended to “proactively checks the health of your system’s hardware and software.” Since SupportAssist runs health checks on a device, it has unfettered access to the system. SupportAssist is able...
Read more...
Another day, another device vulnerability. It was recently discovered that hackers are able to remotely execute code with admin privileges through a Dell SupportAssist utility vulnerability. It is believed that a “high number” of users could be impacted. American security researcher Bill Demirkapi discovered the vulnerability. The vulnerability affects users who use non-updated versions of the Dell SupportAssist tool. This tool comes pre-installed on Dell devices alongside Windows OS. The hackers use a ARP Spoofing and a DNS Spoofing attack. The attackers lead users to a subdomain of dell.com. Once users have reached the site, the DNS Spoofing attack will return an “incorrect”...
Read more...
