Archive for the ‘vulnerabilities’ Category

A 100,000-router botnet is feeding on a 5-year-old UPnP bug in Broadcom chips

November 12th, 2018
A 100,000-router botnet is feeding on a 5-year-old UPnP bug in Broadcom chips

Enlarge (credit: D-Link)

A recently discovered botnet has taken control of an eye-popping 100,000 home and small-office routers made from a range of manufacturers, mainly by exploiting a critical vulnerability that has remained unaddressed on infected devices more than five years after it came to light.

Researchers from Netlab 360, who reported the mass infection late last week, have dubbed the botnet BCMUPnP_Hunter. The name is a reference to a buggy implementation of the Universal Plug and Play protocol built into Broadcom chipsets used in vulnerable devices. An advisory released in January 2013 warned that the critical flaw affected routers from a raft of manufacturers, including Broadcom, Asus, Cisco, TP-Link, Zyxel, D-Link, Netgear, and US Robotics. The finding from Netlab 360 suggests that many vulnerable devices were allowed to run without ever being patched or locked down through other means.

Last week's report documents 116 different types of devices that make up the botnet from a diverse group of manufacturers. Once under the attackers' control, the routers connect to a variety of well-known email services. This is a strong indication that the infected devices are being used to send spam or other types of malicious mail.

Read 4 remaining paragraphs | Comments

Posted in Biz & IT, botnets, exploits, Internet of things, IoT, routers, universal plug and play, upnp, vulnerabilities | Comments (0)

Bluetooth bugs bite millions of Wi-Fi APs from Cisco, Meraki, and Aruba

November 1st, 2018
A Cisco Aironet access point.

Enlarge / A Cisco Aironet access point. (credit: Cisco)

Millions of Wi-Fi access points sold by Cisco, Meraki, and Aruba have two critical vulnerabilities being patched that could allow hackers to run malware inside the sensitive networks that use the gear. While the flaws open corporate networks to some scary attacks, the real-word likelihood of them being exploited is debatable.

In a report published Thursday, security firm Armis said two flaws it found in Bluetooth Low Energy chips manufactured by Texas Instruments can be used to hack the APs that embed them. The BLE chips offer a variety of enhancements to traditional Wi-Fi APs. Retailers, for instance, can use them to monitor customer movements inside stores by monitoring the Bluetooth beacons sent by the customers’ phones. Hospitals can use BLE to keep track of Bluetooth-enabled medical equipment. Cisco (which also makes Meraki gear) and Aruba have both issued patches that users of affected gear should install as soon as possible.

Unfortunately, hackers can also make use of the vulnerable BLE chips to take control of the APs. Attackers armed with small Bluetooth-enabled devices need only two minutes to transmit exploits that install malicious firmware on the vulnerable chips. From there, the malware could install AP firmware that monitors communications, infects end users, or spreads to other parts of a corporate network.

Read 22 remaining paragraphs | Comments

Posted in access points, Biz & IT, BLE, bluetooth, Bluetooth Low Energy, exploits, vulnerabilities, wi-fi | Comments (0)

Easy-to-exploit privilege escalation bug bites OpenBSD and other big name OSes

October 26th, 2018
The word

Enlarge (credit: Frank Lindecke / Flickr)

Several big-name Linux and BSD operating systems are vulnerable to an exploit that gives untrusted users powerful root privileges. The critical flaw in the X.org server—the open-source implementation of the X11 system that helps manage graphics displays—affects OpenBSD, widely considered to be among the most secure OSes. It also impacts some versions of the Red Hat, Ubuntu, Debian, and CentOS distributions of Linux.

An advisory X.org developers published Thursday disclosed the 23-month-old bug that, depending on how OS developers configure it, lets hackers or untrusted users elevate very limited system rights to unfettered root. The vulnerability, which is active when OSes run X.org in privileged (setuid) mode, allows files to be overwritten using the -logfile and -modulepath parameters. It also makes it trivial for low-privilege users to escalate system rights. A variety of nuances are leading to widely divergent assessments of the bug's severity.

“Depending on whom you talk to, the reported severity will vary greatly,” Louis Dion-Marcil, a security researcher at GoSecure, told Ars. “I think most people will tell you it is very severe, and I would agree with them. The bug allows you to write arbitrary data to arbitrary files, which might seem trivial and not that dangerous, but it effectively allows regular, unprivileged users to elevate their privileges to the one of complete administrator of the system.”

Read 6 remaining paragraphs | Comments

Posted in Biz & IT, Elevation of privileges, exploits, root, vulnerabilities, x.org | Comments (0)

ROPEMAKER Exploit Allows for Changing of Email Post-Delivery

August 23rd, 2017

An exploit dubbed ROPEMAKER relies on taking advantage of email design functionality, namely by remotely changing CSS in HTML-based emails after they’ve been sent.

Posted in css, email security, Exploit, Francisco Ribeiro, HTML, Mimecast, ROPEMAKER, vulnerabilities, Web Security | Comments (0)

ROPEMAKER Exploit Allows for Changing of Email Post-Delivery

August 23rd, 2017

An exploit dubbed ROPEMAKER relies on taking advantage of email design functionality, namely by remotely changing CSS in HTML-based emails after they’ve been sent.

Posted in css, email security, Exploit, Francisco Ribeiro, HTML, Mimecast, ROPEMAKER, Uncategorized, vulnerabilities, Web Security | Comments (0)

ROPEMAKER Exploit Allows for Changing of Email Post-Delivery

August 23rd, 2017

An exploit dubbed ROPEMAKER relies on taking advantage of email design functionality, namely by remotely changing CSS in HTML-based emails after they’ve been sent.

Posted in css, email security, Exploit, Francisco Ribeiro, HTML, Mimecast, ROPEMAKER, Uncategorized, vulnerabilities, Web Security | Comments (0)

Foxit to Fix PDF Reader Zero Days by Friday

August 22nd, 2017

Foxit Software says it will fix two vulnerabilities in its PDF reader products that could be triggered through its JavaScript API to execute code.

Posted in code execution, foxit, Foxit Reader, Foxit Software, PhantomPDF, vulnerabilities, zdi, zero day initiative | Comments (0)

Industrial Cobots Might Be The Next Big IoT Security Mess

August 22nd, 2017

Researchers at IOActive are sounding an early alarm on the security of industrial collaboration robots, or cobots. These machines work side-by-side with people and contain vulnerabilities that could put physical safety at risk.

Posted in cesar cerrudo, cobot security, cobot vulnerabilities, cobots, collaborative robots, commercial robots, Hack in the Box Singapore, industrial robots, IOActive, IoT, Luis Apa, robotics vulnerabilities, robots, vulnerabilities | Comments (0)

Drupal Patches Critical Access Bypass in Core Engine

August 17th, 2017

A critical flaw in Drupal CMS platform could allow unwanted access to the platform allowing a third-party to view, create, update or delete entities.

Posted in access bypass vulnerabilities, access bypass vulnerability, Drupal, Drupal 7, Drupal 8, Drupal Security Team, RESTful Web Services, UUIDs, vulnerabilities, Web Security | Comments (0)

SAP Patch Tuesday Update Resolves 19 Flaws, Three High Severity

August 9th, 2017

SAP released 19 patches on Tuesday, including a trio of vulnerabilities marked high severity in its business management software.

Posted in BusinessObjects, Netweaver AS Java Web Container, Onapsis, SAP, SAP Business management software, SAP Visual Composer, Sebastian Bortnik, vulnerabilities | Comments (0)