recentpopularlog in

bwiese : vulnerability   71

Microsoft Wants More Security Researchers to Hack Into Its Cloud
Russinovich spoke about protecting the cloud at an academic conference at Microsoft attended by hundreds of Microsoft workers and security engineers from Amazon Web Services, Google, Nike Inc. and others. The event grew out of a trail-running group that includes Microsoft’s Ram Shankar Siva Kumar, who oversees a team of engineers who apply machine-learning to cybersecurity, and peers at AWS and Google. The group would often share techniques and research while on the trail and the idea for a formal conference to exchange ideas was born.
cloud  aws  microsoft  trailrunning  vulnerability 
16 days ago by bwiese
Proactive detection content: CVE-2019-0708 vs ATT&CK, Sigma, Elastic and ArcSight - SOC Prime
The first rule, further referenced as Sigma #1, was shared by courtesy of Markus Neis at Sigma github repo for addressing the Lateral Movement technique T12010 / Exploitation of Remote Services https://attack.mitre.org/techniques/T1210/ :
soc  sigma  elasticsearch  attack  vulnerability 
5 weeks ago by bwiese
VU#192371 - VPN applications insecurely store session cookies
CVE-2019-11213
Update Pulse Secure Desktop Client and Network Connect to the following versions:
Desktop Client
- Pulse Secure Desktop 9.0R3 and above
- Pulse Secure Desktop 5.3R7 and above
- Note: For Pulse Desktop Client customer, this is a client-side fix only and does not require a server-side upgrade.
Network Connect
- Pulse Connect Secure 9.0R3 and above
- Pulse Connect Secure 8.3R7 and above
- Pulse Connect Secure 8.1R14 and above
vpn  exploit  vulnerability 
9 weeks ago by bwiese
Data-tracking Chrome flaw triggered by viewing PDFs – Naked Security
Researchers have spotted an unusual ‘trackware’ attack triggered by viewing a PDF inside the Chrome browser.

Security company EdgeSpot said it noticed suspicious PDFs, which seem to have been circulating since 2017, sending HTTP POST traffic to the tracking site readnotify.com.

The behaviour only happened when a user viewed a PDF using desktop Google Chrome – when opened in Adobe Reader the PDF’s behaviour returned to normal.

Data sent included the user’s IP address, the Chrome and OS versions, and the full path of the PDF on their computer.
cybersecurity  chrome  pdf  vulnerability 
march 2019 by bwiese
WhiteHat Security: Top 10 Application Security Vulnerabilities of 2018
Magecart breaches systems and replaces the JavaScript that handles payments with malicious code to send payment details to the hackers completely unbeknownst to the end user.
cybersecurity  api  vulnerability  2018  webapp 
january 2019 by bwiese
USPS Site Exposed Data on 60 Million Users — Krebs on Security
The API in question was tied to a Postal Service initiative called “Informed Visibility,” which according to the USPS is designed to let businesses, advertisers and other bulk mail senders “make better business decisions by providing them with access to near real-time tracking data” about mail campaigns and packages.

In addition to exposing near real-time data about packages and mail being sent by USPS commercial customers, the flaw let any logged-in usps.com user query the system for account details belonging to any other users, such as email address, username, user ID, account number, street address, phone number, authorized users, mailing campaign data and other information.

Many of the API’s features accepted “wildcard” search parameters, meaning they could be made to return all records for a given data set without the need to search for specific terms. No special hacking tools were needed to pull this data, other than knowledge of how to view and modify data elements processed by a regular Web browser like Chrome or Firefox.
usps  api  cybersecurity  vulnerability  databreach 
january 2019 by bwiese
Critical SQLite Flaw Leaves Millions of Apps Vulnerable to Hackers
Dubbed as 'Magellan' by Tencent's Blade security team, the newly discovered SQLite flaw could allow remote attackers to execute arbitrary or malicious code on affected devices, leak program memory or crash applications
sqlite  vulnerability  exploit 
december 2018 by bwiese
iDRACula Vulnerability Impacts Millions of Legacy Dell EMC Servers
I am not a security researcher. I will say that Dell EMC did a good job communicating with myself (knowing we would be running a story) and with the individual who took advantage of iDRACula. The server industry has seen a number of severe security issues this year, including the recent Intel L1TF / Foreshadow disclosure. Seeing Dell EMC’s security apparatus work quickly on this was welcome.
dell  motherboard  cybersecurity  vulnerability  drac 
october 2018 by bwiese
You dirty DRAC: IT bods uncover Dell server firmware security slip • The Register
Jon Sands and Adam Nielsen discovered and reported via Serve The Home a bug dubbed iDRACula because it involves Dell's iDRAC service. iDRAC is software that runs on the baseband management controller (BMC) inside a PowerEdge system independent of whatever hypervisor, operating system, and applications are running.

It has full control over the hardware. Administrators can connect over the network to a server's iDRAC to diagnose and fix up any problems. It's a lot easier to fire up a web browser, and remotely power cycle the box or reinstall its OS, than locate, pull out, repair, and re-rack a system by hand, for instance.

The weakness is said to be present in 12th and 13th Dell EMC PowerEdge generations. The latest machines, 14th-gen and up, are not vulnerable because they introduced a root-of-trust in the BMC processor, meaning only Dell-authorized code can run on the controller, and not junk injected by hackers.
cybersecurity  dell  motherboard  drac  firmware  vulnerability 
october 2018 by bwiese
A Major Bug In Bitcoin Software Could Have Crashed the Currency - Motherboard
On Tuesday, the developers of Bitcoin Core—the software that effectively powers the Bitcoin blockchain—released a new version that patched a vulnerability that allowed a malicious user to crash the network, making everyone’s digital coins effectively useless. The bug has been variously described as “very scary,” “major,” and one of the “top three or four” most serious bugs ever discovered in Bitcoin.
“For less than $80,000, you could have brought down the entire network,” Emin Gün Sirer, an associate professor of computer science at Cornell University told me over the phone. “That is less money than what a lot of entities would pay for a 0-day attack on many systems. There are many motivated people like this, and they could have brought the network down.”
bitcoin  cryptocurrency  vulnerability 
september 2018 by bwiese
Positive Technologies - learn and secure : Positive Technologies researcher finds vulnerability enabling disclosure of Intel ME encryption keys
Intel has issued a patch in response to a serious vulnerability in Intel ME firmware discovered by Positive Technologies expert Dmitry Sklyarov. The vulnerability involved security mechanisms in the MFS file system, which Intel ME uses to store data. By exploiting this flaw, attackers could manipulate the state of MFS and extract important secrets
intel  cybersecurity  vulnerability  cpu 
september 2018 by bwiese
Researchers Detail Two New Attacks on TPM Chips
The attack scenario involves an attacker abusing power interrupts and TPM state restores to obtain valid hashes for components involved in the boot-up process, which the attacker then feeds back to the same SRTM-configured TPM, tricking it into thinking its running on non-tampered components.
tpm  cybersecurity  vulnerability 
september 2018 by bwiese
New Apache Struts RCE Flaw Lets Hackers Take Over Web Servers
Apache Struts is an open source framework for developing web applications in the Java programming language and is widely used by enterprises globally, including by 65 percent of the Fortune 100 companies, like Vodafone, Lockheed Martin, Virgin Atlantic, and the IRS.
The vulnerability (CVE-2018-11776) resides in the core of Apache Struts and originates because of insufficient validation of user-provided untrusted inputs in the core of the Struts framework under certain configurations

triggered just by visiting a specially crafted URL on the affected web server, allowing attackers to execute malicious code and eventually take complete control over the targeted server running the vulnerable application.
apache  cybersecurity  vulnerability 
august 2018 by bwiese
Microsoft - Security Update Guide
The Microsoft Security Response Center (MSRC) investigates all reports of security vulnerabilities affecting Microsoft products and services, and provides the information here as part of the ongoing effort to help you manage security risks and help keep your systems protected.
microsoft  security  software  update  patches  cybersecurity  vulnerability 
august 2018 by bwiese
Intel Xeon workhorses boot evil maids out of the hotel: USB-based spying thwarted by fix • The Register
The exploitation of USB-based debugging to hijack systems has been previously documented. What's new here is that on Monday, Eclypsium blogged that Intel has issued a patch – specifically, an updated Direct Connect Interface policy – to thwart USB-based debugging attacks on certain Xeon-powered systems.

The vulnerability was designated CVE-2018-3652, and Chipzilla credited its discovery to Eclypsium principal researcher Jesse Michael, also ex-Intel.
intel  cybersecurity  usb  uefi  vulnerability 
july 2018 by bwiese
The Tale of SettingContent-ms Files – Posts By SpecterOps Team Members
This is why attackers have resorted to Object Linking and Embedding (OLE), ZIP files, etc. To combat the file delivery vector, Office 2016 introduced blocking all of the “dangerous” file formats from being embedded via OLE by default. This reduces the effectiveness of one of the most relied upon payload delivery methods

I stumbled across the “.SettingContent-ms” file type. This format was introduced in Windows 10 and allows a user to create “shortcuts” to various Windows 10 setting pages. These files are simply XML and contain paths to various Windows 10 settings binaries.

As you can see, with Office 2016’s OLE block rule and ASR’s Child Process Creation rule enabled, .SettingContent-ms files combined with “AppVLP.exe” in the Office folder allow us to circumvent these controls and execute arbitrary commands.

While Office documents are often marked with MOTW and are opened in the Protected View Sandbox, there are file formats that allow OLE and aren’t triggered by the Protected View sandbox. You can find more on that here.

6/4/2018: MSRC responded with a note that the severity of the issue is below the bar for servicing and that the case will be closed.
microsoft  office  vulnerability 
july 2018 by bwiese
Cisco Removes Backdoor Account, Fourth in the Last Four Months
Harcoded SNMP community string
This backdoor mechanism (CVE-2018-0329) was in the form of a hardcoded, read-only SNMP community string in the configuration file of the SNMP daemon.
cisco  vulnerability  cybersecurity  snmp 
july 2018 by bwiese
Node.js alert: Google engineer finds flaw in NPM scripts | InfoWorld
“It is possible for a single malicious NPM package to spread itself across most of the NPM ecosystem very quickly,” Sam Saccone, a software engineer at Google, wrote in his NPM hydra worm disclosure.

“It is possible for a maliciously written NPM package, when installed, to execute a script that includes itself into a new package that it then publishes to the registry, and to other packages owned by that user,” according to a post on the official NPM blog. However, the team said the benefits of installation scripts outweighed the risks of a potential worm attack.
npm  cybersecurity  javascript  worm  vulnerability 
june 2018 by bwiese
NPM update changes critical Linux filesystem permissions, breaks everything – Naked Security
For example, JavaScript programs in your browser generally can’t reach out into other tabs, can’t start or stop other programs, can’t access files on your hard disk, can’t read the registry, can’t scan the network, can’t sniff around in memory.

Unlike browser JavaScript, Node.js is augmented by add-on toolkits to do just about anything you can think of: manage processes, run servers, read local files and databases, control the network, perform cryptographic calculations, transcode images and videos, recognise faces, you name it.

You may find you can write a five-line JavaScript program that is elegantly simple, but only if your Node Package Manager drags in tens or even hundreds of thousands of lines of other people’s software.

Automatically. From all over the internet.

I found that a selection of directories in / were owned by a non-root user after running sudo npm and many binaries in /usr/bin stopped working as their permissions were changed. People experiencing this bug will likely have to fully reinstall their system due to this update.

Keep backups that make a meaningful rollback easy. NPM has caused reliability disasters before, and given its vaguely anarchical nature, will cause them again.
Skip the 5.7.0 version of NPM. NPM version 5.7.1 is supposed to fix this bug.
Don’t autoupdate production or development servers. Prove the latest update in testing first.
Remember that simple software can be immensely complex. Keep that in mind when making time for testing (see 3).
nodejs  javascript  cybersecurity  vulnerability  linux  npm 
june 2018 by bwiese
New PGP Encryption Exploits Are Being Discovered Almost Every Other Day
Gizmodo was alerted to flaws discovered as recently as Wednesday that currently impact multiple PGP implementations, including Enigmail (Thunderbird) and GPGTools (Apple Mail)—the technical details of which are withheld here while the appropriate developers are contacted and given time to address them.

“It wasn’t a case of having to write software to do this. You could literally just cut and paste what they said in the paper and use it. The video of how easy it was to use, that was the thing that clinched it for me—sitting and watching a video of someone just clicking a few buttons and being able to exfiltrate data.”

“It’s sometimes better to [temporarily] disable encryption (or decrypt in the terminal) than to have your whole past communication at stake.”
pgp  gpg  cybersecurity  crypto  encryption  efail  vulnerability 
june 2018 by bwiese
Destructive and MiTM Capabilities of VPNFilter Malware Revealed
Initially, it was believed that the malware targets routers and network-attached storage from Linksys, MikroTik, NETGEAR, and TP-Link, but a more in-depth analysis conducted by researchers reveals that the VPNFilter also hacks devices manufactured by ASUS, D-Link, Huawei, Ubiquiti, QNAP, UPVEL, and ZTE
vpnfilter  router  cybersecurity  vulnerability 
june 2018 by bwiese
Bad RSA Library Leaves Millions of Keys Vulnerable | Hackaday
So, erm… good news everyone! A vulnerability has been found in a software library responsible for generating RSA key pairs used in hardware chips manufactured by Infineon Technologies AG. The vulnerability, dubbed ROCA, allows for an attacker, via a Coppersmith’s attack, to compute the private key starting with nothing more than the public key, which pretty much defeats the purpose of asymmetric encryption altogether.

Affected hardware includes cryptographic smart cards, security tokens, and other secure hardware chips produced by Infineon Technologies AG. The library with the vulnerability is also integrated in authentication, signature, and encryption tokens of other vendors and chips used for Trusted Boot of operating systems. Major vendors including Microsoft, Google, HP, Lenovo, and Fujitsu already released software updates and guidelines for mitigation.

The following key length ranges are now considered practically factorizable (time complexity between hours to 1000 CPU years at maximum): 512 to 704 bits, 992 to 1216 bits and 1984 to 2144 bits. Note that 4096-bit RSA key is not practically factorizable now, but may become so, if the attack is improved.

The time complexity and cost for the selected key lengths (Intel E5-2650 v3@3GHz Q2/2014):

512 bit RSA keys – 2 CPU hours (the cost of $0.06);
1024 bit RSA keys – 97 CPU days (the cost of $40-$80);
2048 bit RSA keys – 140.8 CPU years, (the cost of $20,000 – $40,000).
encryption  pki  tpm  cybersecurity  vulnerability  crypto  keylength  rsa  hack 
june 2018 by bwiese
How Microsoft’s top-secret database of bugs got hacked | Reuters.com
How Microsoft’s top-secret database of bugs got hacked
Friday, October 13, 2017 - 02:23

Microsoft’s top-secret internal database for tracking bugs in its own software was broken into by a highly sophisticated hacking group several years ago, five former Microsoft employees told Reuters.

Breach hidden for 4 years, Joseph Men (would be super embarrassing for the arsenal to have been exposed), security was insufficient, password only access, internal review said bugs not used in hacking campaigns (presumably), NSA lost control of even larger bug/exploit database with Vault7
microsoft  history  apt  cybersecurity  vulnerability 
june 2018 by bwiese
Cutting-edge hack gives super user status by exploiting DRAM weakness | Ars Technica
"The thing that is really impressive to me in what we see here is in some sense an analog- and manufacturing-related bug that is potentially exploitable in software," David Kanter, senior editor of the Microprocessor Report, told Ars. "This is reaching down into the underlying physics of the hardware, which from my standpoint is cool to see. In essence, the exploit is jumping several layers of the stack."

vulnerability works only on newer types of DDR3 memory and is the result of the ever smaller dimensions of the silicon. With less space between each DRAM cell, it becomes increasingly hard to prevent one cell from interacting electrically with its neighbors
dma  ddr  ram  cybersecurity  rowhammer  vulnerability 
may 2018 by bwiese
It's 2018, and a webpage can still pwn your Windows PC – and apps can escape Hyper-V • The Register
The VBScript Engine can be exploited, via memory corruption bug CVE-2018-8174, by a malicious webpage to execute arbitrary nefarious code on a system, paving the way to the installation of malware.

Hackers – including nation-state agents – are already abusing this programming cockup right now to compromise computers in the wild and spy on targets. The flaw was discovered and reported by Anton Ivanov and Vladislav Stolyarov of Kaspersky Lab, as well as Ding Maoyin, Jinquan, Song Shenlei, and Yang Kang of Qihoo 360 Core Security.

The Chakra Scripting Engine in Edge can also be exploited, via CVE-2018-0943, by evil webpages to run code and malware on a computer visiting said page.
microsoft  cybersecurity  vulnerability 
may 2018 by bwiese
OS Vendors Patch Systems After Intel Documentation Is Misunderstood
The fact that a flaw was discovered due to poor documentation doesn't come as a surprise to Joseph Carson, chief security scientist at Thycotic. Documentation is typically thrown together at the last minute or done simply as a checkbox item, he said.  

"When you leave security to be correctly followed from a document, you will typically find some vendors implement it incorrectly," Carson told eWEEK. 
cybersecurity  intel  vulnerability  debugging 
may 2018 by bwiese
Schneider Electric: TRITON/TRISIS Attack Used 0-Day ...
chneider's controller is based on proprietary hardware that runs on a PowerPC processor. "We run our own proprietary operating system on top of that, and that OS is not known to the public. So the research required to pull this [attack] off was substantial," including reverse-engineering it, Forney says. "This bears resemblance to a nation-state, someone who was highly financed."

The attackers also had knowledge of Schneider's proprietary protocol for Tricon, which also is undocumented publicly, and used it to create their own library for sending commands to interact with Tricon, he says.

Forney points out that the malware technically had infected the safety controller, and the "attack itself would come much later" if it had not been found out.

TRITON/TRISIS is an attack framework made up of the two programs: one exploits the Triconex zero-day flaw to escalate user privileges and allowed the attacker to manipulate the firmware in RAM and then implant the RAT, the second program, according to Schneider.

In its customer advisory, Schneider recommends:

Ensure the cybersecurity features in Triconex solutions are always enabled.
Safety systems must always be deployed on isolated networks.
Physical controls should be in place so that no unauthorized person would have access to the safety controllers, peripheral safety equipment or the safety network.
All controllers should reside in locked cabinets and never be left in the “PROGRAM” mode.
All Tristation engineering workstations should be secured and never be connected to any network other than the safety network.
All methods of mobile data exchange with the isolated safety network such as CDs, USB drives, DVD’s, etc. should be scanned before use in the Tristation engineering workstations or any node connected to this network.
Laptops and PCs should always be properly verified to be virus and malware free before connection to the safety network or any Triconex controller.
Operator stations should be configured to display an alarm whenever the Tricon key switch is in the “PROGRAM” mode.
triton  ics  scada  vulnerability  firmware 
may 2018 by bwiese
Schneider Electric: TRITON/TRISIS Attack Used 0-Day ...
TRITON/TRISIS was literally a fail and didn't make it to an actual cyber-physical attack phase, according to Schneider's analysis. "We now know a real attack probably never took place. There was a mistake in the development of the malware that accidentally caused the Triconex to … be tripped and taken to a safe state. As a result, this malware that was in development was uncovered," s
ics  scada  vulnerability  cybersecurity  plc  triton  firmware 
may 2018 by bwiese
Attack Code for SCADA Vulnerabilities Released Online | WIRED
target seven vulnerabilities in SCADA systems including: Siemens Tecnomatix FactoryLink, Iconics, Genesis32 and Genesis64, DATAC RealWin, and 7-Technologies IGSS.

Iconics systems are used in the oil and gas industry in North America, and the DATAC system is often found in municipal wastewater management facilities.

targeted at operator viewing platforms, not the backend systems that directly control critical processes
2011  cybersecurity  scada  siemens  ics  vulnerability 
may 2018 by bwiese
Patch Plugs More Than a Dozen Vulnerabilities Affecting Industrial Secure Router Series - Security Boulevard
On 13 April, Cisco Talos published a report revealing the security weaknesses as part of a coordinated disclosure strategy with Moxa, an automation solutions provider for companies seeking to get the most out of the Industrial Internet of Things (IIoT).

Carlos Pacho, a vulnerability researcher with Cisco Talos, discovered the vulnerabilities while testing the V4.1 build 17030317 of the Moxa EDR-810 industrial secure router series. This device comes equipped with firewall and VPNs functions that help establish a secure perimeter for critical applications commonly found in industrial environments. Those include supervisory control and data acquisition (SCADA) systems.
ics  scada  router  vulnerability  cybersecurity  talos 
may 2018 by bwiese
Hackers Start Exploiting Recently Found Flaws in GPON Routers - Security Boulevard
internet gateway devices used for residential gigabit-capable passive optical networks (GPON).

The vulnerabilities were found by a company called vpnMentor and affect GPON routers made by DASAN Networks, a global provider of networking solutions and customer premises equipment used by ISPs.

This incident highlights the risks associated with using ISP-supplied home networking equipment. Custom-branded devices that are used by multiple ISPs from around the world are often made by the same OEM and share the same underlying firmware.

This makes it difficult to identify all vulnerable devices when a security issue is found. It’s also highly unlikely that any patch released by an OEM will ever reach all affected devices, since those patches need to be distributed by every ISP that uses those devices.

### Backdoored Package Found in npm Repository ###
Maintainers of npm, the central repository for Node.js components used by JavaScript developers from around the world, have recently identified a rogue package with a built-in backdoor.

This is not the first time when rogue packages get uploaded to central component repositories for different programming languages in order to execute software supply-chain attacks. It shows why it’s important for companies that develop applications to track and review third-party components they pull into their development environments.
cybersecurity  router  vulnerability  routers  isp  javascript  npm 
may 2018 by bwiese
DoS, Injection Flaws Among Vulnerabilities Found in ICS, SCADA Routers - Security News - Trend Micro USA
The Moxa EDR-810 Series router is described to protect critical facilities while maintaining fast transmission of data, featuring redundancy protection measures including industrial firewall, NAT, VPN, and L2 switching structures. While firmware flaws also affect earlier versions of the product, injections and weak password encryption are common weaknesses in ICS and supervisory control and data acquisition (SCADA) systems, especially as threat actors consistently try to exploit common vulnerabilities found in Human Machine Interfaces (HMIs).
router  scada  cybersecurity  vulnerability 
may 2018 by bwiese
GitHub - austin-taylor/VulnWhisperer: Create actionable data from your Vulnerability Scans
VulnWhisperer is a vulnerability data and report aggregator. VulnWhisperer will pull all the reports and create a file with a unique filename which is then fed into logstash. Logstash extracts data from the filename and tags all of the information inside the report (see logstash_vulnwhisp.conf file). Data is then shipped to elasticsearch to be indexed.
vulnwhisperer  cybersecurity  tools  vulnerability  pentest 
may 2018 by bwiese
A Suspicious Use of certutil.exe - SANS Internet Storm Center
VirusTotal to collect samples that are (ab)using the "certutil.exe" tool. The purpose of this tool is to dump and display certification authority (CA) information, manage certificates and keys.

task for attackers: To fetch data from the Internet! Indeed, many Microsoft tools are able to fetch an online file using a URL schema (ftp://, http://, etc). I presume you already know that, in every dialogue box used to open/save a file, you can provide a URL:
cybersecurity  certificates  vulnerability  microsoft  c2  threathunting 
may 2018 by bwiese
Win 7, Server 2008 'Total Meltdown' exploit lands, pops admin shells • The Register
Create a new set of page tables which will allow access to any physical memory address;
Create a set of signatures which can be used to hunt for _EPROCESS structures in kernel memory;
Find the _EPROCESS memory address for our executing process, and for the System process; and
Replace the token of our executing process with that of System, elevating us to NT AUTHORITY\System.
microsoft  meltdown  vulnerability  exploit  xen 
april 2018 by bwiese
The Bug or Feature Debate is Back Yet Again: DDEAUTO Root Cause Analysis | Endgame
The best part about this new DDE attack vector is that it has all of the characteristics of a macro-based document attack, without the macro-based document.  In order to successfully launch their attack, an attacker simply needs to convince a user to click through a few dialogs and suddenly they evade all of these recent macro-based document mitigations.  Despite this, Microsoft has said they will not address this issue in current releases since it is a feature, and not a bug.
msword  msoffice  macro  cybersecurity  vulnerability 
april 2018 by bwiese
GoScanSSH Malware Avoids Government and Military Servers
second scan checks if the domains have any of the following TLDs — .mil, .gov, .army, .airforce, .navy, .gov.uk, .mil.uk, .govt.uk, .mod.uk, .gov.au, .govt.nz, .mil.nz, .parliament.nz, .gov.il, .muni.il, .idf.il, .gov.za, .mil.za, .gob.es, .police.uk

GoScanSSH uses the default creds associated with Open Embedded Linux Entertainment Center (OpenELEC) systems, Raspberry Pi boards, Open Source Media Center (OSMC) devices, Ubiquiti routers, PolyCom SIP phones, Huawei devices, and Asterisk servers.
cybersecurity  ssh  vulnerability  malware  iot  botnet 
march 2018 by bwiese
The Current State of DDE – Dominic – Medium
As of this writing, these updates simply disabled DDE functionality within all versions of Microsoft Word by default. This leaves the DDE protocol enabled by default for the remaining Office applications that have been identified as vulnerable, notably Excel and Outlook.
microsoft  dde  cybersecurity  vulnerability  registry 
february 2018 by bwiese
We translated Intel's crap attempt to spin its way out of CPU security bug PR nightmare • The Register
What Intel described as "software analysis methods," security researchers describe thus: "Meltdown breaks all security assumptions given by the CPU’s memory isolation capabilities."

"Meltdown" is the name given to a side-channel attack on memory isolation that affects most Intel chips since 2010, as well as a few Arm cores. Intel's chips may be "operating as designed" but it is this processor design that's the issue; based on the research that has been published, the current design is inadequate and insecure.
cpu  intel  security  cybersecurity  vulnerability  spin  meltdown  spectre 
january 2018 by bwiese
Vulnerability Note VU#584653 - CPU hardware vulnerable to side-channel attacks
CPU hardware implementations are vulnerable to side-channel attacks referred to as Meltdown and Spectre. Both Spectre and Meltdown take advantage of the ability to extract information from instructions that have executed on a CPU using the CPU cache as a side-channel. These attacks are described in detail by Google Project Zero, the Institute of Applied Information Processing and Communications (IAIK) at Graz University of Technology (TU Graz) and Anders Fogh. The issues are organized into three variants:
Variant 1 (CVE-2017-5753, Spectre): Bounds check bypass
Variant 2 (CVE-2017-5715, also Spectre): Branch target injection
Variant 3 (CVE-2017-5754, Meltdown): Rogue data cache load, memory access permission check performed after kernel memory read
cybersecurity  spectre  meltdown  cert  cpu  vulnerability 
january 2018 by bwiese
Project Zero: Reading privileged memory with a side-channel
Wednesday, January 3, 2018
We have discovered that CPU data cache timing can be abused to efficiently leak information out of mis-speculated execution, leading to (at worst) arbitrary virtual memory read vulnerabilities across local security boundaries in various contexts.

Variants of this issue are known to affect many modern processors, including certain processors by Intel, AMD and ARM. For a few Intel and AMD CPU models, we have exploits that work against real software. We reported this issue to Intel, AMD and ARM on 2017-06-01 [1].
cpu  cybersecurity  meltdown  spectre  google  vulnerability 
january 2018 by bwiese
Meltdown and Spectre
Meltdown and Spectre exploit critical vulnerabilities in modern processors. These hardware bugs allow programs to steal data which is currently processed on the computer. While programs are typically not permitted to read data from other programs, a malicious program can exploit Meltdown and Spectre to get hold of secrets stored in the memory of other running programs. This might include your passwords stored in a password manager or browser, your personal photos, emails, instant messages and even business-critical documents.

Meltdown and Spectre work on personal computers, mobile devices, and in the cloud. Depending on the cloud provider's infrastructure, it might be possible to steal data from other customers.
security  vulnerability  linux  intel  cpu  cybersecurity  meltdown  spectre 
january 2018 by bwiese
GitHub - toolswatch/vFeed: The Correlated CVE Vulnerability And Threat Intelligence Database API
vFeed Python Wrapper / Database is a CVE, CWE, and OVAL Compatible naming scheme concept that provides extra structured detailed third-party references and technical characteristics for a CVE entry through an extensible XML/JSON schema. It also improves the reliability of CVEs by providing a flexible and comprehensive vocabulary for describing the relationship with other standards and security references.
cve  cybersecurity  vulnerability  tools  database 
january 2018 by bwiese
Everything Is Broken — The Message — Medium
This lovely tool, OTR, sits on top of libpurple on most systems that use it. Let me make something clear, because even some geeks don’t get this: it doesn’t matter how good your encryption is if your attacker can just read your data off the screen with you, and I promise they can.
0day  vulnerability  security  encryption 
may 2014 by bwiese
Heartbleed Sheds Light on NSA's Use of Bugs - WSJ.com
NSA also issued a statement denying the report, and acknowledging the public's demand for more information on the agency's activities.

"We know the public wants to better understand our mission to save lives, defend vital networks, and exploit the foreign communications of adversaries — and we are dedicated to sharing more information," an agency spokesperson said.

"Reports that NSA or any other part of the government were aware of the so-called Heartbleed vulnerability before April 2014 are wrong," Ms. Hayden said. "If the Federal government, including the intelligence community, had discovered this vulnerability before last week, it would have been disclosed."
vulnerability  security  ssl  heartbleed  nsa 
april 2014 by bwiese
NSA Denies Knowing About Heartbleed Bug | TIME.com
The National Security Council also issued a public denial Friday that the NSA had prior knowledge of Heartbleed. “Reports that NSA or any other part of the government were aware of the so-called Heartbleed vulnerability before April 2014 are wrong,” NSC said in a statement.
nsa  vulnerability  security  tls  ssl  heartbleed 
april 2014 by bwiese
Apache Darkleech Compromises
> Via exploiting CMS vulns, web applications and SQL.
> 1. Attacker get access to server by exploiting
> vulnerability in web server scripts (outdated CMS\
> buggy scripts\SQLi etc) – level of access – nobody

The above opinion is practically true.
In practical, hackers actually gained root access in a snap. I supervised hundreds servers infected by this malware module and found that the penetration was made via Parallell’s Plesk Panel, which is not CMS nor mere application but is the Web Admin Panel which is having the root authority to perform server’s maintainance via web.

After cross checking forensics analysis of the penetrated servers which I posted in case of (which was included in Ars Technica)
http://malwaremustdie.blogspot.jp/2013/03/the-evil-came-back-darkleechs-apache.html

I found that the “CVE-2012-1557″ vulnerability was used to gain control of root in servers in the snap by hackers. The details of the CVE is: Vulnerability in admin/plib/api-rpc/Agent.php in Parallels
cms  iframe  hosting  website  cisco  vulnerability  security  apache 
april 2013 by bwiese
Secunia.com
run software on desktop to keep all of your software patches up to date
security  windoze  software  techsupport  vulnerability  advisories 
december 2008 by bwiese

Copy this bookmark:





to read