Category Archives: Cybersecurity
Windows Actively Exploited Privilege-Escalation Bugs
The software giant recently released important-level patches for two of the privilege-escalation vulnerabilities in Win32k and splwow64, which are being actively exploited in the wild. Qualys said that the patches, though labeled as important, should be quickly deployed as they could be chained with other vulnerabilities to provide the hacker with complete system access. In other words, once they have elevated their privilege level, attackers could exploit another vulnerability to allow them to execute code like ransomware.
The Win32 flaw (CVE-2019-1132) affects Windows 7, Server 2008 and Server 2008 R2.
“While an attacker would have to gain log on access to the system to execute the exploit, the vulnerability if exploited would allow the attacker to take full control of the system,” said Chris Goettl, director of product management for security at Ivanti, via email.
Meanwhile, the bug in splwow64 (CVE-2019-0880), which is the print driver … Read the rest
Mac Users Affected by Zero-Day Webcam Hijacking
The Mac Zoom Client allows any malicious website to enable your camera without your permission. The flaw potentially exposes up to 4 million workers that use the Zoom for Mac web-and videoconferencing service.
According to a researcher Jonathan Leitschuh (he noted that Mac users make up about 10 percent of Zoom’s customer base of 4+ million). An outside adversary would need only to convince a user to visit a malicious website with a specially crafted iFrame embedded, which would automatically launch a Mac user into a Zoom web conference while turning on their camera.
… Read the restLeitschuh disclosed “I was very easily able to spot and describe bypasses in their planned fix,” he said. “Ultimately, Zoom failed at quickly confirming that the reported vulnerability actually existed and they failed at having a fix to the issue delivered to customers in a timely manner. An organization of this profile and with such
Dell SupportAssist Software Is Vulnerable To Remote Hacker
Millions of Dell PCs that have the SupportAssist software installed are vulnerable to a remote hacker to completely taking over your computer.
The high-severity vulnerability (CVE-2019-12280) is defective coding in a component in SupportAssist. This software is Dell’s monitoring software which is pre-installed on all PCs. The software can automatic detect failure and notify you of issues. The Dell SupportAssit component is made by a company called PC-Doctor, which develops hardware-diagnostic software for many other brands.
“As long as the software is not patched, this vulnerability probably affects many Dell users,” Peleg Hadar, security researcher with SafeBreach Labs – who discovered the breach – said in a Friday analysis.
… Read the rest“Our first priority is product security and helping our customers ensure the security of their data and systems,” the spokesperson said. “The vulnerability discovered by SafeBreach is a PC Doctor vulnerability, a third-party component that ships with Dell SupportAssist for
Linux servers under worm attacks via latest Exim flaw
It didn’t take very long for Hackers to start exploiting this flaw, the recently revealed Exim vulnerability (CVE-2019-10149).
An initial wave of attacks on this vulnerability – which involved attackers pushing out exploits from a malicious command-and-control (C2) server – was first discovered June 9 by researcher Freddie Leeman.
“Just detected the first attempts to exploit recent #exim remote command execution (RCE) security flaw (CVE-2019-10149),” he said in a tweet. “Tries to downloads a script located at http://173.212.214.137/s (careful). If you run Exim, make sure it’s up-to-date.”
… Read the restAmit Serper, Cybereason’s head of security research, “The campaign uses a private authentication key that is installed on the target machine
Point-Of-Sale Malware Found at 102 Checkers Restaurants
Checkers Restaurants suffered a cyber security breach according to a report by ZD Net, the company found Point-Of-Sale malware in 102 Checkers and Rally’s locations.
The Checkers released statement emphasizes that “not all Checkers and Rally’s restaurants were affected by this issue.” The business also announced that the Point-Of-Sale malware did not affect all the guests who visited the restaurant chain. To clarify, only those who paid during the said periods remain susceptible to security attacks.
The list of affected states includes Alabama, California, Delaware, Florida, Georgia, Illinois, Indiana, Kentucky, Louisiana, Michigan, and West Virginia. The list also includes the following states as well. Nevada, New Jersey, New York, North Carolina, Ohio, Pennsylvania, Tennessee, and Virginia.
… Read the rest“We also are working with federal law enforcement authorities and coordinating with the payment card companies in their efforts to protect cardholders,” Checkers said. “We encourage you to review your account statements and contact
Since 2005 some Google G Suite passwords were stored in plaintext
Google says that there were a number of its enterprise customers since 2005 have had their Google G Suite passwords stored in plaintext.
G Suite, Google’s brand of cloud computing, software, productivity and collaboration tools has more than 5 million users as of February. Google said that it recently discovered the passwords for a “subset of enterprise G Suite customers” stored in plain text since 2005.
“This practice did not live up to our standards,” Suzanne Frey, VP of engineering for Google Cloud Trust, said in a post. “To be clear, these passwords remained in our secure encrypted infrastructure. This issue has been fixed and we have seen no evidence of improper access to or misuse of the affected passwords.”
Google said they also discovered a second security lapse earlier this month as they were troubleshooting new G Suite customer sign-ups. The company said since January it was … Read the rest
Patch That WhatsApp Zero-Day Exploit
Facebook has recently patched a critical zero-day exploit in WhatsApp, WhatsApp is urging users to update as soon as possible because hackers are able to exploit you remotely to install spyware on phones by calling the targeted device.
WhatsApp did not name the threat actor exploiting the CVE-2019-3568, it described the attackers as an “advanced cyber actor” that targeted “a select number of users.”
A WhatsApp advisory confirmed Monday that the flaw – now patched – is a
WhatsApp buffer overflow vulnerability in WhatsApp’s VOIP stack, which allows remote code execution via specially crafted series of SRTCP [Secure Real Time Transport Protocol] packets sent to a target phone number.
“A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of SRTCP packets sent to a target phone number.” details provided by Facebook.
Facebook however did fix the issue with the release of WhatsApp … Read the rest
Amazon Alexa has some new HIPAA enabled Skills
Amazon Alexa has some new HIPAA Compliant enabled Skills Kit. Covered Entities and their Business Associates, subject to the U.S. Health Insurance Portability and Accountability Act of 1996 (HIPAA), to build Alexa skills that transmit and receive protected health information as part of an invite-only program. There are six new Alexa healthcare skills from industry-leading healthcare providers, payors, pharmacy benefit managers, and digital health coaching companies are now operating in the HIPAA-eligible environment. If you are interested in getting updates, click here.
New Healthcare Skills
The new skills are designed to help customers manage a variety of healthcare needs at home simply using voice – whether it’s booking a medical appointment, accessing hospital post-discharge instructions, checking on the status of a prescription delivery, and more.
The new HIPAA compliant healthcare skills:
- Express Scripts (a leading Pharmacy Services Organization): Members can check the status of a home delivery prescription and
Everyone Needs To Patch 3 Nvidia Driver Flaws
If your a Business, Gamer or a regular awesome person using the Nivida Chipset you definitely need to patch the Nvidia driver as soon as possible because of the following 3 flaws.
“[The driver] contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where the product does not properly synchronize shared data, such as static variables across threads, which can lead to undefined behavior and unpredictable data changes, which may lead to denial of service, escalation of privileges or information disclosure.”
The most severe of the flaws is the CVE‑2019‑5675. This flaw could be used to launch DoS attacks that could cripple the system, as well as give the hackers escalation privileges and disclose system information, from what was said on a Thursday advisory released by Nvidia.
The second flaw, CVE‑2019‑5676, exists in the driver’s software install package and is also rated high-severity. The software actually … Read the rest
Malware Can Hide Within DICOM Medical Images
It has been found that malware can now hide within DICOM medical images. These are the type of images that doctors look at when they do XRay, CT or MRI scans.
The analysis named Markel Picado Ortiz was able to take advantage of the DICOM flaw which allows the “128-byte section at the beginning of the file, called the preamble” to be injected with malware.
“By mixing in with protected health information malware can effectivelyexploit the data’s clinical and regulatory implications to evade detection and derail remediation attempts while creating a host of new concerns for security teams, healthcare organizations, and antivirus companies in the process,” Ortiz wrote.
“This vulnerability stands apart as one whose technical potency is derived from not just a software design flaw, but from the clinical and regulatory environment as well,” he added.
If hackers were to exploit the design flaw in DICOM, they’d be able … Read the rest
Loading ...