Archive for the ‘vulnerabilities’ Category

Microsoft issues emergency update to fix critical IE flaw under active exploit

December 20th, 2018
Microsoft issues emergency update to fix critical IE flaw under active exploit

Enlarge (credit: Microsoft)

Microsoft has issued an emergency update that fixes a critical Internet Explorer vulnerability that attackers are actively exploiting on the Internet.

The memory-corruption flaw allows attackers to remotely execute malicious code when computers use IE to visit a booby-trapped website, Microsoft said Wednesday. Indexed as CVE-2018-8653, the flaw affects all supported versions of Windows. The vulnerability involves the way Microsoft's scripting engine handles objects in memory in Internet Explorer.

In a separate advisory, Microsoft said the vulnerability is being used in targeted attacks, but the company didn't elaborate. Microsoft credited Clement Lecigne of Google's Threat Analysis Group with discovering the vulnerability. No other details were available about the vulnerability or exploits at the time this post was being reported.

Read 1 remaining paragraphs | Comments

Posted in Biz & IT, exploits, Internet Explorer, microsoft, vulnerabilities, Windows | Comments (0)

Mass router hack exposes millions of devices to potent NSA exploit

November 29th, 2018
Mass router hack exposes millions of devices to potent NSA exploit

More than 45,000 Internet routers have been compromised by a newly discovered campaign that’s designed to open networks to attacks by EternalBlue, the potent exploit that was developed by, and then stolen from, the National Security Agency and leaked to the Internet at large, researchers said Wednesday.

The new attack exploits routers with vulnerable implementations of Universal Plug and Play to force connected devices to open ports 139 and 445, content delivery network Akamai said in a blog post. As a result, almost 2 million computers, phones, and other network devices connected to the routers are reachable to the Internet on those ports. While Internet scans don’t reveal precisely what happens to the connected devices once they’re exposed, Akamai said the ports—which are instrumental for the spread of EternalBlue and its Linux cousin EternalRed—provide a strong hint of the attackers’ intentions.

The attacks are a new instance of a mass exploit the same researchers documented in April. They called it UPnProxy because it exploits Universal Plug and Play—often abbreviated as UPnP—to turn vulnerable routers into proxies that disguise the origins of spam, DDoSes, and botnets. In Wednesday’s blog post, the researchers wrote:

Read 6 remaining paragraphs | Comments

Posted in Biz & IT, EternalBlue, exploits, routers, universal plug and play, upnp, vulnerabilities | Comments (0)

A 100,000-router botnet is feeding on a 5-year-old UPnP bug in Broadcom chips

November 12th, 2018
A 100,000-router botnet is feeding on a 5-year-old UPnP bug in Broadcom chips

Enlarge (credit: D-Link)

A recently discovered botnet has taken control of an eye-popping 100,000 home and small-office routers made from a range of manufacturers, mainly by exploiting a critical vulnerability that has remained unaddressed on infected devices more than five years after it came to light.

Researchers from Netlab 360, who reported the mass infection late last week, have dubbed the botnet BCMUPnP_Hunter. The name is a reference to a buggy implementation of the Universal Plug and Play protocol built into Broadcom chipsets used in vulnerable devices. An advisory released in January 2013 warned that the critical flaw affected routers from a raft of manufacturers, including Broadcom, Asus, Cisco, TP-Link, Zyxel, D-Link, Netgear, and US Robotics. The finding from Netlab 360 suggests that many vulnerable devices were allowed to run without ever being patched or locked down through other means.

Last week's report documents 116 different types of devices that make up the botnet from a diverse group of manufacturers. Once under the attackers' control, the routers connect to a variety of well-known email services. This is a strong indication that the infected devices are being used to send spam or other types of malicious mail.

Read 4 remaining paragraphs | Comments

Posted in Biz & IT, botnets, exploits, Internet of things, IoT, routers, universal plug and play, upnp, vulnerabilities | Comments (0)

Bluetooth bugs bite millions of Wi-Fi APs from Cisco, Meraki, and Aruba

November 1st, 2018
A Cisco Aironet access point.

Enlarge / A Cisco Aironet access point. (credit: Cisco)

Millions of Wi-Fi access points sold by Cisco, Meraki, and Aruba have two critical vulnerabilities being patched that could allow hackers to run malware inside the sensitive networks that use the gear. While the flaws open corporate networks to some scary attacks, the real-word likelihood of them being exploited is debatable.

In a report published Thursday, security firm Armis said two flaws it found in Bluetooth Low Energy chips manufactured by Texas Instruments can be used to hack the APs that embed them. The BLE chips offer a variety of enhancements to traditional Wi-Fi APs. Retailers, for instance, can use them to monitor customer movements inside stores by monitoring the Bluetooth beacons sent by the customers’ phones. Hospitals can use BLE to keep track of Bluetooth-enabled medical equipment. Cisco (which also makes Meraki gear) and Aruba have both issued patches that users of affected gear should install as soon as possible.

Unfortunately, hackers can also make use of the vulnerable BLE chips to take control of the APs. Attackers armed with small Bluetooth-enabled devices need only two minutes to transmit exploits that install malicious firmware on the vulnerable chips. From there, the malware could install AP firmware that monitors communications, infects end users, or spreads to other parts of a corporate network.

Read 22 remaining paragraphs | Comments

Posted in access points, Biz & IT, BLE, bluetooth, Bluetooth Low Energy, exploits, vulnerabilities, wi-fi | Comments (0)

Easy-to-exploit privilege escalation bug bites OpenBSD and other big name OSes

October 26th, 2018
The word

Enlarge (credit: Frank Lindecke / Flickr)

Several big-name Linux and BSD operating systems are vulnerable to an exploit that gives untrusted users powerful root privileges. The critical flaw in the X.org server—the open-source implementation of the X11 system that helps manage graphics displays—affects OpenBSD, widely considered to be among the most secure OSes. It also impacts some versions of the Red Hat, Ubuntu, Debian, and CentOS distributions of Linux.

An advisory X.org developers published Thursday disclosed the 23-month-old bug that, depending on how OS developers configure it, lets hackers or untrusted users elevate very limited system rights to unfettered root. The vulnerability, which is active when OSes run X.org in privileged (setuid) mode, allows files to be overwritten using the -logfile and -modulepath parameters. It also makes it trivial for low-privilege users to escalate system rights. A variety of nuances are leading to widely divergent assessments of the bug's severity.

“Depending on whom you talk to, the reported severity will vary greatly,” Louis Dion-Marcil, a security researcher at GoSecure, told Ars. “I think most people will tell you it is very severe, and I would agree with them. The bug allows you to write arbitrary data to arbitrary files, which might seem trivial and not that dangerous, but it effectively allows regular, unprivileged users to elevate their privileges to the one of complete administrator of the system.”

Read 6 remaining paragraphs | Comments

Posted in Biz & IT, Elevation of privileges, exploits, root, vulnerabilities, x.org | Comments (0)

ROPEMAKER Exploit Allows for Changing of Email Post-Delivery

August 23rd, 2017

An exploit dubbed ROPEMAKER relies on taking advantage of email design functionality, namely by remotely changing CSS in HTML-based emails after they’ve been sent.

Posted in css, email security, Exploit, Francisco Ribeiro, HTML, Mimecast, ROPEMAKER, vulnerabilities, Web Security | Comments (0)

ROPEMAKER Exploit Allows for Changing of Email Post-Delivery

August 23rd, 2017

An exploit dubbed ROPEMAKER relies on taking advantage of email design functionality, namely by remotely changing CSS in HTML-based emails after they’ve been sent.

Posted in css, email security, Exploit, Francisco Ribeiro, HTML, Mimecast, ROPEMAKER, Uncategorized, vulnerabilities, Web Security | Comments (0)

ROPEMAKER Exploit Allows for Changing of Email Post-Delivery

August 23rd, 2017

An exploit dubbed ROPEMAKER relies on taking advantage of email design functionality, namely by remotely changing CSS in HTML-based emails after they’ve been sent.

Posted in css, email security, Exploit, Francisco Ribeiro, HTML, Mimecast, ROPEMAKER, Uncategorized, vulnerabilities, Web Security | Comments (0)

Foxit to Fix PDF Reader Zero Days by Friday

August 22nd, 2017

Foxit Software says it will fix two vulnerabilities in its PDF reader products that could be triggered through its JavaScript API to execute code.

Posted in code execution, foxit, Foxit Reader, Foxit Software, PhantomPDF, vulnerabilities, zdi, zero day initiative | Comments (0)

Industrial Cobots Might Be The Next Big IoT Security Mess

August 22nd, 2017

Researchers at IOActive are sounding an early alarm on the security of industrial collaboration robots, or cobots. These machines work side-by-side with people and contain vulnerabilities that could put physical safety at risk.

Posted in cesar cerrudo, cobot security, cobot vulnerabilities, cobots, collaborative robots, commercial robots, Hack in the Box Singapore, industrial robots, IOActive, IoT, Luis Apa, robotics vulnerabilities, robots, vulnerabilities | Comments (0)