Category Archives: Vulnerabilities


WhatsApp Photo Filter Security Flaw

Users should be careful about the pictures they view on WhatsApp. If a user receives a picture from a malicious third party, the picture could be edited in such a way that the app could read sensitive data from the memory of the app. In addition, users should update their apps to get the latest security fixes.

WhatsApp

According to security research firm Check Point, a vulnerability has been found in WhatsApp. The issue causes the app to crash when a user receives certain images. These images are crafted to take advantage of visual effects such as color changes, saturation adjustments, and other alterations.

The bug (CVE-2020-1910) carries a severity rating of 7.8 out of 10. It’s due to a memory corruption error, the firm said – and more specifically, an out-of-bounds read-and-write issue. Typically, this kind of bug can allow attackers to read sensitive information from other … Read the rest


Fortinet Vulnerability Allows Firewall Takeovers

A critical security bug in a web application firewall (WAF) platform has been disclosed. It could allow privilege escalation and full device takeover. The bug, in the FortiWeb platform, is found in a WAF OS command-injection vulnerability. A patch will be available at the end of the month.

 

FortiWeb is a cybersecurity defense platform that protects business-critical web applications from attacks and vulnerabilities in the new world of cloud computing. It’s always been able to keep up with new technologies, such as the deployment of new or updated features, or the addition of new web APIs.

 

The bug (CVE pending) exists in FortiWeb’s management interface (version 6.3.11 and prior), and carries a CVSSv3 base score of 8.7 out of 10, making it high-severity. It can allow a remote, authenticated attacker to execute arbitrary commands on the system, via the SAML server configuration page, according to Rapid7 researcher William Vu who … Read the rest


Vulnerability in Cisco Small Business Switches

Nothing new with these Cisco Small Business Switches. A researcher, Jasper Adriaanse has identified several vulnerabilities, including ones that have been rated high severity, in Cisco’s Small Business 220 series smart switches.

These vulnerabilities were discovered to impact switches that run firmware versions earlier than 1.2.0.6 and have the web-based management interface enabled which the interface is enabled by default. In an advisory released a few days ago, Cisco said Jasper Adriaanse found a few types of security holes in the small business switches.

One of them, tracked as CVE-2021-1542 and rated high severity, can be exploited by a remote, unauthenticated attacker to hijack a user’s session and gain access to the switch’s web interface. Depending on the privileges of the targeted user, the attacker could gain admin-level access to the management interface.

Another high-severity issue is CVE-2021-1541, which allows a remote attacker with admin permissions on the … Read the rest


SSL VPN Attacks Up Nearly 2000%

A recent report published by Nuspire outlined what activity cyber criminals have been up to. SSL VPN attacks have gone up nearly 2000%. 

 

Increase in VPN attacks

In Q1 2021, there was a 1,916% increase in attacks against Fortinet’s SSL-VPN and a 1,527% increase in Pulse Connect Secure VPN. These vulnerabilities allow a threat actor to gain access to a network. Once they are in, they can exfiltrate information and deploy ransomware.

“2020 was the era of remote work and as the workforce adjusted, information technology professionals scrambled to support this level of remote activity by enabling a wide variety of remote connectivity methods,” said J.R. Cunningham, CSO at Nuspire. “This added multiple new attack vectors that enabled threat actors to prey on organizations, which is what we started to see in Q1 and are continuing to see today.”

Because of the significant increase in VPN and RDP … Read the rest


6 In The Wild Exploits Resolved With Windows Patch Tuesday

This Tuesday Microsoft Windows Patch Tuesday has deployed a sum of 50 patches which also included critical patches to mitigate 6 vulnerabilities that are being used in the wild to run exploits on systems. Elevation vulnerability’s are no joke because hackers can log into your system as an administrator and push wide spread ransomware. I am glad they have fewer vectors for deployments. 

Vulnerabilities Exploited in the Wild

Although Microsoft fixed a total of seven zero-day vulnerabilities. One was CVE-2021-31968, Windows Remote Desktop Services Denial of Service Vulnerability that was publicly disclosed but hasn’t been seen in attacks. It was issued a CVSS score of 7.5. The following below are the vulnerabilities that were recently patched. 

  • CVE-2021-31955 – Windows Kernel Information Disclosure Vulnerability. Rating: Important. CVSS 5.5
  • CVE-2021-31956 – Windows NTFS Elevation of Privilege Vulnerability. Rating: Important. CVSS 7.8
  • CVE-2021-33739 – Microsoft DWM Core Library Elevation of Privilege Vulnerability.
Read the rest

A macOS 0-day vulnerability let hackers take screenshots

A macOS 0-day vulnerability lets hackers take screenshots of your screen. Hackers have been exploiting a vulnerability in fully updated versions of macOS that allowed them to take screenshots on infected Macs without having to get permissions from any users. However, this attack is finally getting patched with the latest macOS 11.4 update released on May 24th, 2021. If you haven’t already, update your machine today.

 

The zero-day was exploited by XCSSET, the malware was discovered by security firm Trend Micro. XCSSET used what at the time were two zero-days aimed at developers, specifically their Xcode projects, which then got passed on to regular users.

 

No one really knows how many Macs are infected, but in a statement from TechCrunch, Apple confirmed that the exploit is no longer an issue after updating to the latest version, the macOS Big Sur 11.4 update. 

Read the rest

VMware vCenter VMSA-2021-0010 Advisory

In this VMware vCenter VMSA-2021-0010 Advisory, VMware vCenter Server updates address remote code execution and authentication vulnerabilities (CVE-2021-21985, CVE-2021-21986).

VMware Impacted Products?

  • VMware vCenter Server (vCenter Server)
  • VMware Cloud Foundation (Cloud Foundation)

Who is affected?

VMware Security Advisories always list the specific product versions that are affected. In this case it is vCenter Server 6.5, 6.7, and 7.0.

What’s Happening?

In this VMware Advisory they have discovered multiple vulnerabilities in the vSphere Client (HTML5). If the hacker has access to point 443 they could exploit a vulnerability that would allow commands to be executed with unrestricted privileges. VMware advised to update your servers right now!

How to protect your servers.

You can protect yourself by patching vCenter Server, this is the fastest way to resolve this problem and removes the vulnerability completely. From there you can update any plugins as vendors release new versions.

 

Read the rest

Lost your iPhone? Someone can use Checkm8 and Checkra1n to jailbreak it.

If you lost your iPhone you should be worried. Someone can hack into it with free software called Checkm8 and Checkra1n to jailbreak it. Essentially they would be able to hack into your phone and by pass any security you have in place. 

Why should we care about Checkm8?

The Checkm8 vulnerability works on 11 generations of iPhones, from the 4S to the X. While it doesn’t work on newer devices, Checkm8 can jailbreak hundreds of millions of devices in use today. And because the bootrom can’t be updated after the device is manufactured, Checkm8 will be able to jailbreak in perpetuity.

  • Checkm8 requires physical access to the phone. It can’t be remotely executed, even if combined with other exploits
  • The exploit allows only tethered jailbreaks, meaning it lacks persistence. The exploit must be run each time an iDevice boots.
  • Checkm8 doesn’t bypass the protections offered by the Secure Enclave
Read the rest

Jetty Vulnerability using Invalid Large TLS Frame causes 100% CPU Usage

This Jetty vulnerability is to be considered as a service availability issue. When using SSL/TLS with Jetty, either with HTTP/1.1, HTTP/2, or WebSocket, the server may receive an invalid large (greater than 17408) TLS frame that is incorrectly handled, causing CPU resources to eventually reach 100% usage. 

The following packages have been upgraded to a later upstream version: rh-eclipse-jetty (9.4.40).

Security Fixes:

  • jetty: Symlink directory exposes webapp directory contents (CVE-2021-28163)
  • jetty: Ambiguous paths can access WEB-INF (CVE-2021-28164)
  • jetty: Resource exhaustion when receiving an invalid large TLS frame (CVE-2021-28165)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Type/Severity

Security Advisory: Moderate

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Developer Tools (for RHEL Workstation) 1
Read the rest

Three Linux vulnerabilities provided root access to hackers since 2006

Three Linux vulnerabilities provided root access to hackers since 2006 in the iSCSI module used for getting to shared data storage. This flaw could allow root access to any hacker with a user account.

The three vulnerabilities – CVE-2021-27363, CVE-2021-27364 and CVE-2021-27365 – were in the Linux code since 2006 going unnoticed until the researchers from GRIMM discovered them.

 

Adam Nichols, Software Security Principal at GRIMM said. “If you already had execution on a box, either because you have a user account on the machine, or you’ve compromised some service that doesn’t have repaired permissions, you can do whatever you want basically,” 

Even though the flaw “are in code that isn’t remotely accessible, so this isn’t like a remote exploit,” said Nichols. However they can take “any existing threat that might be there. It just makes it that much worse,” he explained. “And if you have users on the system

Read the rest