A group of hackers that has been trying to sell exploits and malware allegedly used by the U.S. National Security Agency decided to make the data available for free over the weekend.The security community was expecting the password-encrypted archive that the Shadow Brokers group unlocked Saturday to contain previously unknown and unpatched exploits -- known in the industry as zero-days. That was not the case.As researchers started to analyze the exploits inside, it became clear that while some of them were technically interesting, the large majority were for old and publicly known vulnerabilities. Some appeared to have actually been sourced from public information and affect software versions that are several years old.To read this article in full or to leave a comment, please click here
Attackers have been exploiting an unpatched vulnerability in Microsoft Word for the past few months to compromise computers and infect them with malware.The first report about the attacks came Friday from antivirus vendor McAfee after the company's researchers analyzed some suspicious Word files spotted a day earlier. It turned out that the files were exploiting a vulnerability that affects "all Microsoft Office versions, including the latest Office 2016 running on Windows 10."The flaw is related to the Windows Object Linking and Embedding (OLE) feature in Microsoft Office that allows documents to embed references and links to other documents or objects, the McAfee researchers said in a blog post.To read this article in full or to leave a comment, please click here
Attackers have been exploiting an unpatched vulnerability in Microsoft Word for the past few months to compromise computers and infect them with malware.The first report about the attacks came Friday from antivirus vendor McAfee after the company's researchers analyzed some suspicious Word files spotted a day earlier. It turned out that the files were exploiting a vulnerability that affects "all Microsoft Office versions, including the latest Office 2016 running on Windows 10."The flaw is related to the Windows Object Linking and Embedding (OLE) feature in Microsoft Office that allows documents to embed references and links to other documents or objects, the McAfee researchers said in a blog post.To read this article in full or to leave a comment, please click here
Hackers have started adding data-wiping routines to malware that's designed to infect internet-of-things and other embedded devices. Two attacks observed recently displayed this behavior but likely for different purposes.Researchers from Palo Alto Networks found a new malware program dubbed Amnesia that infects digital video recorders through a year-old vulnerability. Amnesia is a variation of an older IoT botnet client called Tsunami, but what makes it interesting is that it attempts to detect whether it's running inside a virtualized environment.To read this article in full or to leave a comment, please click here
Hackers have started adding data-wiping routines to malware that's designed to infect internet-of-things and other embedded devices. Two attacks observed recently displayed this behavior but likely for different purposes.Researchers from Palo Alto Networks found a new malware program dubbed Amnesia that infects digital video recorders through a year-old vulnerability. Amnesia is a variation of an older IoT botnet client called Tsunami, but what makes it interesting is that it attempts to detect whether it's running inside a virtualized environment.To read this article in full or to leave a comment, please click here
Attackers are exploiting a vulnerability patched last month in the Apache Struts web development framework to install ransomware on servers.The SANS Internet Storm Center issued an alert Thursday, saying an attack campaign is compromising Windows servers through a vulnerability tracked as CVE-2017-5638.The flaw is located in the Jakarta Multipart parser in Apache Struts 2 and allows attackers to execute system commands with the privileges of the user running the web server process.This vulnerability was patched on March 6 in Struts versions 2.3.32 and 2.5.10.1. Attackers started exploiting the flaw almost immediately, leaving very little time for server administrators to deploy the update.To read this article in full or to leave a comment, please click here
Attackers are exploiting a vulnerability patched last month in the Apache Struts web development framework to install ransomware on servers.The SANS Internet Storm Center issued an alert Thursday, saying an attack campaign is compromising Windows servers through a vulnerability tracked as CVE-2017-5638.The flaw is located in the Jakarta Multipart parser in Apache Struts 2 and allows attackers to execute system commands with the privileges of the user running the web server process.This vulnerability was patched on March 6 in Struts versions 2.3.32 and 2.5.10.1. Attackers started exploiting the flaw almost immediately, leaving very little time for server administrators to deploy the update.To read this article in full or to leave a comment, please click here
With attacks against Mac users growing in number and sophistication, endpoint security vendor F-Secure has decided to acquire Little Flocker, a macOS application that provides behavior-based protection against ransomware and other malicious programs.Little Flocker can be used to enforce strict access controls to a Mac's files and directories as well as its webcam, microphone and other resources. It's particularly effective against ransomware, spyware, computer Trojans and other malicious programs that attempt to steal, encrypt or destroy files.F-Secure plans to integrate Little Flocker, which it calls "the most advanced security technology available for Macs," into its new Xfence technology. Xfence is designed to add behavioral-based protection to its existing endpoint security products for macOS.To read this article in full or to leave a comment, please click here
With attacks against Mac users growing in number and sophistication, endpoint security vendor F-Secure has decided to acquire Little Flocker, a macOS application that provides behavior-based protection against ransomware and other malicious programs.Little Flocker can be used to enforce strict access controls to a Mac's files and directories as well as its webcam, microphone and other resources. It's particularly effective against ransomware, spyware, computer Trojans and other malicious programs that attempt to steal, encrypt or destroy files.F-Secure plans to integrate Little Flocker, which it calls "the most advanced security technology available for Macs," into its new Xfence technology. Xfence is designed to add behavioral-based protection to its existing endpoint security products for macOS.To read this article in full or to leave a comment, please click here
A critical vulnerability in the widely used Xen hypervisor allows attackers to break out of a guest operating system running inside a virtual machine and access the host system's entire memory.This is a serious violation of the security barrier enforced by the hypervisor and poses a particular threat to multi-tenant data centers where the customers' virtualized servers share the same underlying hardware.The open-source Xen hypervisor is used by cloud computing providers and virtual private server hosting companies, as well as by security-oriented operating systems like Qubes OS.The new vulnerability affects Xen 4.8.x, 4.7.x, 4.6.x, 4.5.x, and 4.4.x and has existed in the Xen code base for over four years. It was unintentionally introduced in December 2012 as part of a fix for a different issue.To read this article in full or to leave a comment, please click here
A critical vulnerability in the widely used Xen hypervisor allows attackers to break out of a guest operating system running inside a virtual machine and access the host system's entire memory.This is a serious violation of the security barrier enforced by the hypervisor and poses a particular threat to multi-tenant data centers where the customers' virtualized servers share the same underlying hardware.The open-source Xen hypervisor is used by cloud computing providers and virtual private server hosting companies, as well as by security-oriented operating systems like Qubes OS.The new vulnerability affects Xen 4.8.x, 4.7.x, 4.6.x, 4.5.x, and 4.4.x and has existed in the Xen code base for over four years. It was unintentionally introduced in December 2012 as part of a fix for a different issue.To read this article in full or to leave a comment, please click here
Apple released an iOS update Monday to fix a serious vulnerability that could allow attackers to remotely execute malicious code on the Broadcom Wi-Fi chips used in iPhones, iPads, and iPods.The vulnerability is a stack buffer overflow in the feature that handles authentication responses for the fast BSS transition feature of the 802.11r protocol, also known as fast roaming. This feature allows devices to move easily and securely between different wireless base stations in the same domain.Hackers can exploit the flaw to execute code in the context of the Wi-Fi chip's firmware if they're within the wireless range of the targeted devices.The issue is one of several flaws found by Google Project Zero researcher Gal Beniamini in the firmware of Broadcom Wi-Fi chips. Some of these vulnerabilities also affect Android devices and have been patched as part of Android's April security bulletin.To read this article in full or to leave a comment, please click here
Apple released an iOS update Monday to fix a serious vulnerability that could allow attackers to remotely execute malicious code on the Broadcom Wi-Fi chips used in iPhones, iPads, and iPods.The vulnerability is a stack buffer overflow in the feature that handles authentication responses for the fast BSS transition feature of the 802.11r protocol, also known as fast roaming. This feature allows devices to move easily and securely between different wireless base stations in the same domain.Hackers can exploit the flaw to execute code in the context of the Wi-Fi chip's firmware if they're within the wireless range of the targeted devices.The issue is one of several flaws found by Google Project Zero researcher Gal Beniamini in the firmware of Broadcom Wi-Fi chips. Some of these vulnerabilities also affect Android devices and have been patched as part of Android's April security bulletin.To read this article in full or to leave a comment, please click here
Users who have had their files encrypted by any version of the Bart ransomware program are in luck: Antivirus vendor Bitdefender has just released a free decryption tool.The Bart ransomware appeared back in June and stood out because it locked victims' files inside ZIP archives encrypted with AES (Advanced Encryption Standard). Unlike other ransomware programs that used RSA public-key cryptography and relied on a command-and-control server to generate key pairs, Bart was able to encrypt files even in the absence of an internet connection.To read this article in full or to leave a comment, please click here
Users who have had their files encrypted by any version of the Bart ransomware program are in luck: Antivirus vendor Bitdefender has just released a free decryption tool.The Bart ransomware appeared back in June and stood out because it locked victims' files inside ZIP archives encrypted with AES (Advanced Encryption Standard). Unlike other ransomware programs that used RSA public-key cryptography and relied on a command-and-control server to generate key pairs, Bart was able to encrypt files even in the absence of an internet connection.To read this article in full or to leave a comment, please click here
Over the past few years, the world has seen ransomware threats advance from living inside browsers to operating systems, to the bootloader, and now to the low-level firmware that powers a computer's hardware components.Earlier this year, a team of researchers from security vendor Cylance demonstrated a proof-of-concept ransomware program that ran inside a motherboard's Unified Extensible Firmware Interface (UEFI) -- the modern BIOS.On Friday, at the Black Hat Asia security conference, the team revealed how they did it: by exploiting vulnerabilities in the firmware of two models of ultra compact PCs from Taiwanese computer manufacturer Gigabyte Technology.To read this article in full or to leave a comment, please click here
Over the past few years, the world has seen ransomware threats advance from living inside browsers to operating systems, to the bootloader, and now to the low-level firmware that powers a computer's hardware components.Earlier this year, a team of researchers from security vendor Cylance demonstrated a proof-of-concept ransomware program that ran inside a motherboard's Unified Extensible Firmware Interface (UEFI) -- the modern BIOS.On Friday, at the Black Hat Asia security conference, the team revealed how they did it: by exploiting vulnerabilities in the firmware of two models of ultra compact PCs from Taiwanese computer manufacturer Gigabyte Technology.To read this article in full or to leave a comment, please click here
Six months ago, Google offered to pay US$200,000 to any researcher who could remotely hack into an Android device by knowing only the victim's phone number and email address. No one stepped up to the challenge.While that might sound like good news and a testament to the mobile operating system's strong security, that's likely not the reason why the company's Project Zero Prize contest attracted so little interest. From the start, people pointed out that $200,000 was too low a prize for a remote exploit chain that wouldn't rely on user interaction."If one could do this, the exploit could be sold to other companies or entities for a much higher price," one user responded to the original contest announcement in September.To read this article in full or to leave a comment, please click here
A proof-of-concept exploit has been published for an unpatched vulnerability in Microsoft Internet Information Services 6.0, a version of the web server that's no longer supported but still widely used.The exploit allows attackers to execute malicious code on Windows servers running IIS 6.0 with the privileges of the user running the application. Extended support for this version of IIS ended in July 2015 along with support for its parent product, Windows Server 2003.Even so, independent web server surveys suggest that IIS 6.0 still powers millions of public websites. In addition, many companies might still run web applications on Windows Server 2003 and IIS 6.0 inside their corporate networks, so this vulnerability could help attackers perform lateral movement if they access such networks through other means.To read this article in full or to leave a comment, please click here
A proof-of-concept exploit has been published for an unpatched vulnerability in Microsoft Internet Information Services 6.0, a version of the web server that's no longer supported but still widely used.The exploit allows attackers to execute malicious code on Windows servers running IIS 6.0 with the privileges of the user running the application. Extended support for this version of IIS ended in July 2015 along with support for its parent product, Windows Server 2003.Even so, independent web server surveys suggest that IIS 6.0 still powers millions of public websites. In addition, many companies might still run web applications on Windows Server 2003 and IIS 6.0 inside their corporate networks, so this vulnerability could help attackers perform lateral movement if they access such networks through other means.To read this article in full or to leave a comment, please click here
Lucian Constantin