Category Archives: Vulnerabilities
FBI Released Public Announcement About Ransomware Threat
The FBI released a new public announcement about the ongoing ransomware threat. They stated that the attacks are becoming more targeted and with losses increasingly more damaging.
HOW DOES RANSOMWARE INFECT ITS VICTIMS?
The new public message lists the common infection vectors; namely, email phishing campaigns, Remote Desktop Protocol vulnerabilities and software vulnerabilities.
IF MY SYSTEM IS INFECTED, SHOULD I PAY THE RANSOM? SHOULD I CONTACT THE FBI?
You should avoid paying the ransom at all costs. This also emboldens the criminals to target other organizations and attempt to hold them for ransom as well. Remember just because you paid the ransom does not guarantee they will give you your data back.
HOW CAN I PROTECT MYSELF AGAINST RANSOMWARE?
The FBI Stated the following: “As ransomware techniques and malware continue to evolve and become more sophisticated, even the most robust prevention controls are no guarantee against exploitation. This makes … Read the rest
Remove These 25 Malware Infested Android Photo Editing Apps NOW
Many Android photo editing apps in the Google Play Store were found to be malware infested, cybersecurity firm Symantec said they should be removed Now.
Symantec uncovered 25 malware infested apps in the Play Store, which were downloaded more than 2 million times. Symantec reported the malicious apps to Google already but if they are still on your phone you should delete them as soon as you can.
Here are the apps that were found to be infected with malware:
-Auto Blur Photo
-Auto Cut Out (Free)
-Auto Cut Out Pro
-Background Cut Out Pro
-Blur Image Plus
-Blur Image Plus (1.0)
-Blur Image Pro
-Cut Paste Photo Editor
-Cut Paste Photo Editor (X 1.0)
-Face Feature
-Fashion Hairstyles Pic Editor
-Fashion Hairstyles Pic Editor 2.4.6
-Image Blur Editor
-Image Blur Editor (Free)
-Image Blur Editor (Unlimited)
-Hairstyles Photo Editor Plus
-Latest Hairstyles (Free)
-Motion On Picture … Read the rest
Microsoft Update Broke Windows Defender
All your Windows Defender is broken thanks to a recent Microsoft Windows Update. The signature update was to fix a file causing system file checks to fail but the patch caused an even bigger issue, making Defender antivirus scans to fail altogether.
The issue was in place for about a day before Microsoft re-patched the antivirus endpoint protection software but not before a ton of press reports and user complaints have gone to the masses.
The fix for that bug was issued on Tuesday in a silent update – but that update ended up causing manual or scheduled Defender malware scans to fail if the “Quick” or “Full” scan options were selected – causing users to take to online forums to report the bug. Real-time scanning was still enabled; and the “Custom” scan option, where users can choose the folders they want to be checked, was also still working, … Read the rest
Xeon and Other Intel CPUs Hit by NetCAT Security Vulnerability
Intel’s server-grade processors are suffering from a vulnerability, which they dubbed NetCAT. The researchers at Vrije University in Amsterdam revealed on Wednesday The vulnerability enables a side-channel attack that can infer what a CPU is working on and is said to rely on issues with two Intel technologies found primarily in the Xeon CPU line: Data-Direct I/O Technology (DDIO) and Remote Direct Memory Access (RDMA). According to the researchers,
“While NetCAT is powerful even with only minimal assumptions, we believe that we have merely scratched the surface of possibilities for network-based cache attacks, and we expect similar attacks based on NetCAT in the future,” the researchers, from the Vrije Universiteit Amsterdam and ETH Zurich, wrote in a paper published on Tuesday. “We hope that our efforts caution processor vendors against exposing microarchitectural elements to peripherals without a thorough security design to prevent abuse.”
NetCAT is a complex attack and … Read the rest
Social Media Website Logins Can Compromise Your Account
Many websites are offering alternative login methods but they could potentially compromise your social media account if your not careful.
Our attention to internet security has been 110% focus these days. Why use them? Google, Facebook, LinkedIn and Microsoft all offer multi-factor authentication meaning that if someone guesses, steals or cracks your password then they still can’t get in to your account without the second piece of authentication (e.g. SMS). But this means you have to enable the available multi-factor authentication which is not enabled by default and the majority of end users do not use this useful security option.
The internet is full of interesting websites and many of them allow us to interact with them as long as we provide some sort of login information. Some of these websites could have these social media plugins that allow you to use your social media login to gain access to … Read the rest
Millions of Qualcomm based Android Smartphones Vulnerable
Security researchers from Tencent’s Blade Team released a notice that the Qualcomm chipset exposes millions of android smartphones to hackers.
Any user with a tablet or phone that uses this cpu is effected by the flaw called QualPwn. The bug allows attackers to take control of the phones remotely by crafting special packets that are sent over the air.
Three bugs make up QualPwn (CVE-2019-10539, CVE-2019-10540 and CVE-2019-10538). The prerequisite for the attack is that both the attacker and targeted Android device must be active on the same shared Wi-Fi network.
“One of the vulnerabilities allows attackers to compromise the WLAN and modem, over-the-air. The other allows attackers to compromise the Android kernel from the WLAN chip. The full exploit chain allows attackers to compromise the Android kernel over-the-air in some circumstances,” wrote researchers.
… Read the restBlade.tencent.com stated “QualPwn is a series of vulnerabilities discovered in Qualcomm chips. One of the
Windows Actively Exploited Privilege-Escalation Bugs
The software giant recently released important-level patches for two of the privilege-escalation vulnerabilities in Win32k and splwow64, which are being actively exploited in the wild. Qualys said that the patches, though labeled as important, should be quickly deployed as they could be chained with other vulnerabilities to provide the hacker with complete system access. In other words, once they have elevated their privilege level, attackers could exploit another vulnerability to allow them to execute code like ransomware.
The Win32 flaw (CVE-2019-1132) affects Windows 7, Server 2008 and Server 2008 R2.
“While an attacker would have to gain log on access to the system to execute the exploit, the vulnerability if exploited would allow the attacker to take full control of the system,” said Chris Goettl, director of product management for security at Ivanti, via email.
Meanwhile, the bug in splwow64 (CVE-2019-0880), which is the print driver … Read the rest
Mac Users Affected by Zero-Day Webcam Hijacking
The Mac Zoom Client allows any malicious website to enable your camera without your permission. The flaw potentially exposes up to 4 million workers that use the Zoom for Mac web-and videoconferencing service.
According to a researcher Jonathan Leitschuh (he noted that Mac users make up about 10 percent of Zoom’s customer base of 4+ million). An outside adversary would need only to convince a user to visit a malicious website with a specially crafted iFrame embedded, which would automatically launch a Mac user into a Zoom web conference while turning on their camera.
… Read the restLeitschuh disclosed “I was very easily able to spot and describe bypasses in their planned fix,” he said. “Ultimately, Zoom failed at quickly confirming that the reported vulnerability actually existed and they failed at having a fix to the issue delivered to customers in a timely manner. An organization of this profile and with such
Dell SupportAssist Software Is Vulnerable To Remote Hacker
Millions of Dell PCs that have the SupportAssist software installed are vulnerable to a remote hacker to completely taking over your computer.
The high-severity vulnerability (CVE-2019-12280) is defective coding in a component in SupportAssist. This software is Dell’s monitoring software which is pre-installed on all PCs. The software can automatic detect failure and notify you of issues. The Dell SupportAssit component is made by a company called PC-Doctor, which develops hardware-diagnostic software for many other brands.
“As long as the software is not patched, this vulnerability probably affects many Dell users,” Peleg Hadar, security researcher with SafeBreach Labs – who discovered the breach – said in a Friday analysis.
… Read the rest“Our first priority is product security and helping our customers ensure the security of their data and systems,” the spokesperson said. “The vulnerability discovered by SafeBreach is a PC Doctor vulnerability, a third-party component that ships with Dell SupportAssist for
Linux servers under worm attacks via latest Exim flaw
It didn’t take very long for Hackers to start exploiting this flaw, the recently revealed Exim vulnerability (CVE-2019-10149).
An initial wave of attacks on this vulnerability – which involved attackers pushing out exploits from a malicious command-and-control (C2) server – was first discovered June 9 by researcher Freddie Leeman.
“Just detected the first attempts to exploit recent #exim remote command execution (RCE) security flaw (CVE-2019-10149),” he said in a tweet. “Tries to downloads a script located at http://173.212.214.137/s (careful). If you run Exim, make sure it’s up-to-date.”
… Read the restAmit Serper, Cybereason’s head of security research, “The campaign uses a private authentication key that is installed on the target machine