Posts Tagged ‘exploits’

Immediately Patch Microsoft 0 day vulnerabilities being used to spread SPYWARE!

Thursday, September 14th, 2017

 

Windows 0-Day Flaw

Get ready to install a fairly large batch of security patches onto your Windows computers.

As part of its September Patch Tuesday, Microsoft has released a large batch of security updates to patch a total of 81 CVE-listed vulnerabilities, on all supported versions of Windows and other MS products.

 The latest security update addresses 27 critical and 54 important vulnerabilities in severity, of which 38 vulnerabilities are impacting Windows, 39 could lead to Remote Code Execution (RCE).

Affected Microsoft products include:

  • Internet Explorer
  • Microsoft Edge
  • Microsoft Windows
  • .NET Framework
  • Skype for Business and Lync
  • Microsoft Exchange Server
  • Microsoft Office, Services and Web Apps
  • Adobe Flash Player

.NET 0-Day Flaw Under Active Attack

According to the company, four of the patched vulnerabilities are publicly known, one of which has already been actively exploited by the attackers in the wild.

Here’s the list of publically known flaws and their impact:

Windows .NET Framework RCE (CVE-2017-8759)—A zero-day flaw, discovered by researchers at cybersecurity firm FireEye and privately reported it to Microsoft, resides in the way Microsoft .NET Framework processes untrusted input data.

Microsoft says the flaw could allow an attacker to take control of an affected system, install programs, view, change, or delete data by tricking victims into opening a specially crafted document or application sent over an email.

The flaw could even allow an attacker to create new accounts with full user rights. Therefore users with fewer user rights on the system are less impacted than users who operate with admin rights.

According to FireEye, this zero-day flaw has actively been exploited by a well-funded cyber espionage group to deliver FinFisher Spyware (FinSpy) to a Russian-speaking “entity” via malicious Microsoft Office RTF files in July this year.

FinSpy is a highly secret surveillance software that has previously been associated with British company Gamma Group, a company that legally sells surveillance and espionage software to government agencies.

Once infected, FinSpy can perform a large number of secret tasks on victims computer, including secretly monitoring computers by turning ON webcams, recording everything the user types with a keylogger, intercepting Skype calls, copying files, and much more.

“The [new variant of FINSPY]…leverages heavily obfuscated code that employs a built-in virtual machine – among other anti-analysis techniques – to make reversing more difficult,” researchers at FireEye said.

“As likely another unique anti-analysis technique, it parses its own full path and searches for the string representation of its own MD5 hash. Many resources, such as analysis tools and sandboxes, rename files/samples to their MD5 hash in order to ensure unique filenames.”

Three Publicly Disclosed Vulnerabilities

The remaining three publicly known vulnerabilities affecting the Windows 10 platform include:

  • Device Guard Security Feature Bypass Vulnerability (CVE-2017-8746): This flaw could allow an attacker to inject malicious code into a Windows PowerShell session by bypassing the Device Guard Code Integrity policy.
  • Microsoft Edge Security Feature Bypass Vulnerability (CVE-2017-8723): This flaw resides in Edge where the Content Security Policy (CSP) fails to properly validate certain specially crafted documents, allowing attackers to trick users into visiting a website hosting malware.
  • Broadcom BCM43xx Remote Code Execution Vulnerability (CVE-2017-9417): this flaw exists in the Broadcom chipset in HoloLens, which could be exploited by attackers to send a specially crafted WiFi packet, enabling them to install programs, view, change, or delete data, even create new accounts with full admin rights.

BlueBorne Attack: Another Reason to Install Patches Immediately

Also, the recently disclosed Bluetooth vulnerabilities known as “BlueBorne” (that affected more than 5 Million Bluetooth-enabled devices, including Windows, was silently patched by Microsoft in July, but details of this flaw have only been released now.

BlueBorne is a series of flaws in the implementation of Bluetooth that could allow attackers to take over Bluetooth-enabled devices, spread malware completely, or even establish a “man-in-the-middle” connection to gain access to devices’ critical data and networks without requiring any victim interaction.

So, users have another important reason to apply September security patches as soon as possible in order to keep hackers and cyber criminals away from taking control over their computers.

Other flaws patched this month include five information disclosure and one denial of service flaws in Windows Hyper-V, two cross-site scripting (XSS) flaws in SharePoint, as well as four memory corruption and two remote code execution vulnerabilities in MS Office.

For installing security updates, simply head on to Settings → Update & security → Windows Update → Check for updates, or you can install the updates manually.

Source:
Mohit Kumar - Hacking News
Entrepreneur, Hacker, Speaker, Founder and CEO — The Hacker News and The Hackers Conference.

Goodbye Applets: Another Cruddy Piece of Web Tech Is Finally Going Away | WIRED

Tuesday, March 8th, 2016

Another piece of old, insecure web infrastructure is about to be killed off.

Oracle says that it’s discontinuing its Java browser plugin starting with the next big release of the programming language. No, Oracle isn’t killing the Java programming language itself, which is still widely used by many companies. Nor is it killing off JavaScript, which is a completely different language that Oracle doesn’t control. What Oracle is getting rid of is a plugin that allows you to run programs known as “Java applets” in your browser.You may not think you even have the Java plugin installed, but if you’ve ever installed Java, or if Java came pre-installed on your computer, then you probably do, even if you never use it. The good news is that Oracle won’t be automatically installing the Java plugin when you install Java anymore. The bad news is that it won’t be providing security updates anymore either, so you should go ahead and uninstall it now. In fact, there’s a good chance you can uninstall Java entirely.

Source: Goodbye Applets: Another Cruddy Piece of Web Tech Is Finally Going Away | WIRED

Router Vulnerability Puts 12 Million Home and Business Routers at Risk!

Monday, December 22nd, 2014

More than 12 million routers in homes and businesses around the world are vulnerable to a critical software bug that can be exploited by hackers to remotely monitor users’ traffic and take administrative control over the devices, from a variety of different manufacturers.The critical vulnerability actually resides in web server “RomPager” made by a company known as AllegroSoft, which is typically embedded into the firmware of router , modems and other “gateway devices” from about every leading manufacturer.

The HTTP server provides the web-based user-friendly interface for configuring the products.Researchers at the security software company Check Point have discovered that the RomPager versions prior to 4.34 — software more than 10 years old — are vulnerable to a critical bug, dubbed as Misfortune Cookie. The flaw named as Misfortune Cookie because it allows attackers to control the “fortune” of an HTTP request by manipulating cookies.HOW MISFORTUNE COOKIE FLAW WORKSThe vulnerability, tracked as CVE-2014-9222 in the Common Vulnerabilities and Exposures database, can be exploited by sending a single specifically crafted request to the affected RomPager server that would corrupt the gateway device’s memory, giving the hacker administrative control over it. Using which, the attacker can target any other device on that network.

“Attackers can send specially crafted HTTP cookies [to the gateway] that exploit the vulnerability to corrupt memory and alter the application and system state,” said Shahar Tal, malware and vulnerability research manager with Check Point. “This, in effect, can trick the attacked device to treat the current session with administrative privileges – to the misfortune of the device owner.Once attackers gain the control of the device, they could monitor victims’ web browsing, read plaintext traffic traveling over the device, change sensitive DNS settings, steal account passwords and sensitive data, and monitor or control Webcams, computers, or other network connected devices.

MAJOR ROUTERS & GATEWAY BRANDS VULNERABLEAt least 200 different models of gateway devices, or small office/home office SOHO routers from various manufacturers and brands are vulnerable to Misfortune Cookie, including kit from D-Link, Edimax, Huawei, TP-Link, ZTE, and ZyXEL.

via Router Vulnerability Puts 12 Million Home and Business Routers at Risk – Hacker News.

Microsoft Patches 3 Zero-day Vulnerabilities actively being Exploited in the Wild

Wednesday, October 15th, 2014

As part of monthly patch update, Microsoft released eight security bulletins on Tuesday that address dozens of vulnerabilities including a zero-day flaw reportedly being exploited by Russian hackers to target NATO computers and a pair of zero-day Windows vulnerabilities that attackers have been exploiting to penetrate major corporations’ networks.Just a day before yesterday, our team reported you about a Zero-day vulnerability discovered by the cyber intelligence firm iSight Partners affecting all supported versions of Microsoft Windows and is being exploited in a five-year old cyber-espionage campaign against the Ukrainian government and U.S organisations.Researchers at FireEye found two zero-day flaws, used in separate, unrelated attacks involving exploitation of Windows kernel, just a day after iSight partners disclosed zero-day in Windows. The pair of zero-day vulnerabilities could allow an attacker to access a victim’s entire system.

via Microsoft Patches 3 Zero-day Vulnerabilities actively being Exploited in the Wild.

Visit the Wrong Website, and the FBI Could End Up in Your Computer | WIRED

Thursday, August 7th, 2014

big brother

Security experts call it a “drive-by download”: a hacker infiltrates a high-traffic website and then subverts it to deliver malware to every single visitor. It’s one of the most powerful tools in the black hat arsenal, capable of delivering thousands of fresh victims into a hackers’ clutches within minutes.

Now the technique is being adopted by a different kind of a hacker—the kind with a badge. For the last two years, the FBI has been quietly experimenting with drive-by hacks as a solution to one of law enforcement’s knottiest Internet problems: how to identify and prosecute users of criminal websites hiding behind the powerful Tor anonymity system.

The approach has borne fruit—over a dozen alleged users of Tor-based child porn sites are now headed for trial as a result. But it’s also engendering controversy, with charges that the Justice Department has glossed over the bulk-hacking technique when describing it to judges, while concealing its use from defendants. Critics also worry about mission creep, the weakening of a technology relied on by human rights workers and activists, and the potential for innocent parties to wind up infected with government malware because they visited the wrong website. “This is such a big leap, there should have been congressional hearings about this,” says ACLU technologist Chris Soghoian, an expert on law enforcement’s use of hacking tools. “If Congress decides this is a technique that’s perfectly appropriate, maybe that’s OK. But let’s have an informed debate about it.”

The FBI’s use of malware is not new. The bureau calls the method an NIT, for “network investigative technique,” and the FBI has been using it since at least 2002 in cases ranging from computer hacking to bomb threats, child porn to extortion. Depending on the deployment, an NIT can be a bulky full-featured backdoor program that gives the government access to your files, location, web history and webcam for a month at a time, or a slim, fleeting wisp of code that sends the FBI your computer’s name and address, and then evaporates.

via Visit the Wrong Website, and the FBI Could End Up in Your Computer | Threat Level | WIRED.

FBI Keeps Internet Flaws Secret to Defend Against Hackers – Bloomberg

Wednesday, April 30th, 2014

The Obama administration is letting law enforcement keep computer-security flaws secret in order to further U.S. investigations of cyberspies and hackers.The White House has carved out an exception for the Federal Bureau of Investigation and other agencies to keep information about software vulnerabilities from manufacturers and the public. Until now, most debate has focused on how the National Security Agency stockpiles and uses new-found Internet weaknesses, known as zero-day exploits, for offensive purposes, such as attacking the networks of adversaries.The law enforcement operations expose a delicate and complicated balancing act when it comes to agencies using serious security flaws in investigations versus disclosing them to protect all Internet users, according to former government officials and privacy advocates.

The FBI also hacks into computers and networks of adversaries using what are known as remote access operations coordinated by a team at the bureau’s facility in Quantico, Virginia, said a former government official. Most of the malware and computer exploits used are available for purchase online and the operations are authorized by warrants specifying devices targeted, the official said in a phone interview.

via FBI Keeps Internet Flaws Secret to Defend Against Hackers – Bloomberg.