Nov 14

Threat Intelligence: Microsoft Zero-day Patched

Researchers have discovered a zero-day vulnerability (CVE-2018-8589) within win32k.sys affecting 32-bit versions of Windows 7. The vulnerability was reported to Microsoft on October 17th and is a privilege escalation vulnerability. It exists due to “improper locking of messages sent synchronously between threads.” If exploited successfully, it could allow an attacker to view or alter data, install programs, or create new user accounts by “running arbitrary code in the context of the local system.” At the time of writing this article, the delivery method remains unknown, however according to researchers, “the exploit was executed by the first stage of a malware installer, in order to gain the necessary privileges for persistence on the victim’s system.” The zero-day is currently being used by at least one APT actor but if an attacker attempts to exploit the zero-day on machines that are up to date with security updates, the system will crash.

read more →
Nov 13

Threat Intelligence: WordPress Zero-day

A zero-day vulnerability has been discovered affecting WP GDPR Compliance. WP GDPR Compliance is a WordPress plugin that aids website owners become GDPR compliant. The plugin is one of the more popular GDRP plugins available with over 100,000 active installations.

First seen roughly three weeks ago, the vulnerability used to gain access to WordPress sites and install backdoors. The plugin was removed earlier last week, however it was reinstated on November 7th after the release of version 1.4.3, which contained a patch for the vulnerability.

Attackers are actively exploiting the vulnerability for anyone running version 1.4.2 and older. According to researchers, “attackers are targeting a WP GDPR Compliance bug that allows them to make a call to one of the plugin's internal functions and change settings for both the plugin, but also for the entire WordPress CMS.” At the time of writing this article, there are two techniques using the vulnerability.

In the first, the attacker uses the vulnerability to open the website’s registration system and will reset the default role for new accounts to administrator. The attacker will then create a new account that has usually been seen as “t2trollherten” and set back default user role for new accounts to subscriber. Public registration is then disabled and the attacker logs into their new account to install a backdoor on the site titled “wp-cache.php.” The backdoor contains a file manager, PHP eval() runner, and a terminal emulator.

The second technique is quieter and involves using the GDPR compliance vulnerability. It’s used to add a new task to WP-Cron, which is the built-in task scheduler. The attacker will download and install the plugin, which is later used to upload another backdoor on the site. This backdoor is also named wp-cahe.php, but is different than the previous one. Even though the second scenario is supposed to be quieter, it actually caused the zero-day to be discovered. This is because on some sites, the attacker’s exploitation routine failed to delete the plugin and site owners saw that a new plugin appeared.

read more →
Nov 09

Threat Intelligence: Cisco Mistakenly Adds Dirty Cow Exploit Code to its Own Software

 

During a security brief on Wednesday, read more →
Feb 23

Revisiting Meltdown and Spectre, Are the Updates Safe?

On January 3rd, 2018 the Meltdown and Spectre vulnerabilities were made public and meltdownattack.com was created to have a centralized place to publish the research papers and answer common questions.

read more →
Feb 06

Critical Vulnerability Found in Grammarly Spell Checker

Researchers have discovered a critical vulnerability in the Google Chrome and Firefox browser extension for the grammar checking software Grammarly. 

read more →
Feb 01

Massive Botnet Turns Windows Machines into Miners

Researchers have discovered a massive botnet that has taken over half a million Windows devices and turned them into cryptocurrency miners.

read more →
Dec 18

Dune Game Leaks Sensitive Data

Recently, researchers have discovered that the Android app “Dune!”, has been diseased with OWASP flaws is continuously leaking sensitive data.

read more →
Dec 08

Microsoft Releases Malware Patch for its…Malware Protection Engine

Yesterday, Microsoft released a patch to fix a remote code execution flaw, CVE-2017-11937, in its Malware Protection Engine (MPE).

read more →
Nov 29

Microsoft Word Vulnerability Allows Hackers to Gain Control of PCs

A Microsoft Word exploit has been active for 17 years, but only discovered and patched earlier this month.

read more →
Nov 15

Microsoft Office Vulnerability Lets Attackers Install Malware Without User Interaction

A new vulnerability in Microsoft Office has surfaced. The vulnerability is a memory corruption issue that resides in all versions of Microsoft Office that has been released in the past 17 years, which include Microsoft Office 365 and the latest version of Microsoft Windows 10.

read more →