Jump to content

Search the Community

Showing results for tags 'security vulnerabilities'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Categories

  • Drivers
  • Filesharing
    • BitTorrent
    • eDonkey & Direct Connect (DC)
    • NewsReaders (Usenet)
    • Other P2P Clients & Tools
  • Internet
    • Download Managers & FTP Clients
    • Messengers
    • Web Browsers
    • Other Internet Tools
  • Multimedia
    • Codecs & Converters
    • Image Viewers & Editors
    • Media Players
    • Other Multimedia Software
  • Security
    • Anti-Malware
    • Firewalls
    • Other Security Tools
  • System
    • Benchmarking & System Info
    • Customization
    • Defrag Tools
    • Disc & Registry Cleaners
    • Management Suites
    • Other System Tools
  • Other Apps
    • Burning & Imaging
    • Document Viewers & Editors
    • File Managers & Archivers
    • Miscellaneous Applications
  • Linux Distributions

Categories

  • General News
  • File Sharing News
  • Mobile News
  • Software News
  • Security & Privacy News
  • Technology News

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Found 7 results

  1. Cisco Plugs Security Hole in Small Business Routers The Cisco security vulnerability exists in the RV132W ADSL2+ Wireless-N VPN Routers and RV134W VDSL2 Wireless-AC VPN Routers. A popular line of small business routers made by Cisco Systems are vulnerable to a high-severity vulnerability. If exploited, the flaw could allow a remote – albeit authenticated – attacker to execute code or restart affected devices unexpectedly. Cisco issued fixes on Wednesday for the flaw in its RV132W ADSL2+ Wireless-N VPN routers and RV134W VDSL2 Wireless-AC VPN routers. These routers are described by Cisco as “networking-in-a-box” models that are targeted for small or home offices and smaller deployments. The vulnerability (CVE-2021-1287) stems from an issue in the routers’ web-based management interface. It ranks 7.2 out of 10 on the CVSS scale, making it high severity. “A successful exploit could allow the attacker to execute arbitrary code as the root user on the underlying operating system or cause the device to reload, resulting in a denial of service (DoS) condition on the affected device,” said Cisco on Wednesday. The Cisco Router Vulnerability The vulnerability stems from the routers’ web-based management interface improperly validating user-supplied input, said Cisco. An attacker could exploit this vulnerability by sending crafted HTTP requests to an affected device – however, of note the attacker would need to first be authenticated to the device (which could be achieved via a phishing attack or other malicious attack, for instance). Affected are RV132W ADSL2+ Wireless-N VPN routers running a firmware release earlier than Release 1.0.1.15 (which is fixed); and RV134W VDSL2 Wireless-AC VPN Routers running a firmware release earlier than Release 1.0.1.21 (the fixed version). Shizhi He of Wuhan University was credited with reporting the flaw. “The Cisco Product Security Incident Response Team (PSIRT) is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory,” said Cisco. Cisco Flaws: Patches Issued This Year The patch is only the latest from Cisco this year. In February, Cisco rolled out fixes for critical holes in its lineup of small-business VPN routers, which could be exploited by unauthenticated, remote attackers to view or tamper with data, and perform other unauthorized actions on the routers. In 2021, Cisco also patched various vulnerabilities across its product lineup, including multiple, critical vulnerabilities in its software-defined networking for wide-area networks (SD-WAN) solutions for business users, and a high-severity flaw in its smart Wi-Fi solution for retailers that could allow a remote attacker to alter the password of any account user on affected systems. Source: Cisco Plugs Security Hole in Small Business Routers
  2. Researchers hacked Indian govt sites via exposed git and env files Researchers have now disclosed more information on how they were able to breach multiple websites of the Indian government. Last month, researchers from the Sakura Samurai hacking group had partially disclosed that they had breached cyber systems of Indian government after finding a large number of critical vulnerabilities. The full findings disclosed today shed light on the routes leveraged by the researchers, including finding exposed .git directories and .env files on some of these systems. Researchers discover exposed .git and .env files Last month, ethical hackers Jackson Henry, Robert Willis, Aubrey Cottle, John Jackson, and Zultan Holder collaborated on finding vulnerabilities lurking in Indian government systems. The reconnaissance efforts, according to the researchers, were in line with the government's NCIIPC Responsible Vulnerability Disclosure Program (RVDP). As a result of this team exercise, the researchers found some serious flaws including 35 cases of exposed credential pairs for critical applications, publicly-reachable sensitive files exposing 13,000 PII records, dozens of police reports, etc. The researchers also found session hijacking and remote code execution (RCE) vulnerabilities on sensitive government systems that process financial information. But, all of this information came to light when the researchers discovered exposed .git folders and .env files on one or more Indian government subdomains. First, Henry and Holder used ethical hacking tools to identify the subdomains to target. Further, they identified the exposed .git and .env files on these servers that had credentials to multiple applications, databases, and servers. The .env file is often used by software applications and contains configuration information along with usernames, passwords for application servers and databases, such as MySQL, SMTP, PHPMailer, and Wordpress. Likewise, the .git directory contains information about a software project codebase. Researchers used a tool called git-dumper to obtain the contents of the publicly-accessible .git directory, and could therefore obtain files with usernames and passwords. Further, Willis discovered a /files/ folder on a regional police department's website with heaps of PDFs in it. These PDFs were police reports with sensitive information with some even containing forensic data. Publicly accessible police reports and forensic data PDFs Many Indian government departments breached After persisting with their reconnaissance efforts, the researchers continued to discover even more publicly accessible files on government sites, such as SQL dumps and databases that should have remained inaccessible over the web. Just one example below shows the nature of personally identifiable information (PII) that could be obtained by the researchers. The table shown below contains fields like an employee's full name, date of birth, contact information, office department, and Aadhar (national identification card) number. The PII fields (columns) within a SQL table accessed by the researchers By corroborating the information collected and chaining vulnerabilities together, researchers could execute session hijacking attacks, and in some cases remote code execution (RCE) against mission-critical government systems. The list of government departments that the attackers found one or more security flaws in includes: Government of Bihar Government of Tamil Nadu Government of Kerala Telangana State Maharashtra Housing and Development Authority Jharkhand Police Department Punjab Agro Industries Corporation Limited Government of India, Ministry of Women and Child Development Government of West Bengal, West Bengal SC ST & OBC Development and Finance Corp. Government of Delhi, Department of Power GNCTD Government of India, Ministry of New and Renewable Energy Government of India, Department of Administrative Reforms & Public Grievances Government of Kerala, Office of the Commissioner for Entrance Examinations Government of Kerala, Stationery Department Government of Kerala, Chemical Laboratory Management System Government of Punjab, National Health Mission Government of Odisha, Office of the State Commissioner for Persons with Disabilities Government of Mizoram, State Portal Embassy of India, Bangkok, Thailand Embassy of India, Tehran Consulate General of India Government of Kerala, Service and Payroll Administrative Repository Government of West Bengal, Directorate of Pension, Provident Fund & Group Insurance Government of India, Competition Commission of India Government of Chennai, The Greater Chennai Corporation Government of Goa, Captain of Ports Department Government of Maharashtra After the researchers reported the flaws via intermediary government bodies, such as India's National Cyber Security Coordinator (NCSC) and CERT-IN, the flaws were eventually remediated. On February 21, 2021, a National Cyber Security Coordinator (NCSC) official, Lt. Gen. Rajesh Pant had told Hindustan Times: “Remedial actions have been taken by NCIIPC (National Critical Information Infrastructure Protection Centre) and Cert-IN (Indian Computer Emergency Response Team)… NCIIPC handles only the Critical Information Infrastructure issues. In this case, the balance pertained to other states and departments that were immediately informed by Cert-IN. It is likely that some action may be pending by users at state levels which we are checking.” To prevent threat actors from exploiting these vulnerabilities, the researchers had not released the complete writeup on how exactly they had exploited the government systems, until today. "After working with the NSCS, we have been given the green-light to disclose more specific details and all 34-pages of our reported vulnerabilities have been adequately remediated," said researchers in their detailed report released today. This is not the first time web servers have exposed files that should remain forbidden from the public eye. Previously, Sakura Samurai group had breached the United Nations on finding exposed Git credential files on UN-owned domains. The researchers could use these credentials to access over 100K UNEP employee records. Last month, BleepingComputer had also reported on an Azure bucket leaking hundreds of passports and identity documents of prominent journalists and volleyball players from around the world. When deploying web services, organizations should ensure that proper file permissions are configured and verify if sensitive assets can be accessed publicly. Source: Researchers hacked Indian govt sites via exposed git and env files
  3. 15-year-old Linux kernel bugs let attackers gain root privileges Three vulnerabilities found in the iSCSI subsystem of the Linux kernel could allow local attackers with basic user privileges to gain root privileges on unpatched Linux systems. These security bugs can only be exploited locally, which means that potential attackers will have to gain access to vulnerable devices by exploiting another vulnerability or using an alternative attack vector. The 15-year old Linux kernel bugs GRIMM researchers discovered the bugs 15 years after they were introduced in 2006 when the iSCSI kernel subsystem was being developed. According to GRIMM security researcher Adam Nichols, the flaws affect all Linux distributions, but luckily, the vulnerable scsi_transport_iscsi kernel module is not loaded by default. However, depending on the Linux distribution attackers might target, the module can be loaded and exploited for privilege escalation. "The Linux kernel loads modules either because new hardware is detected or because a kernel function detects that a module is missing," Nichols said. "The latter implicit autoload case is more likely to be abused and is easily triggered by an attacker, enabling them to increase the attack surface of the kernel." Impact flowchart (GRIMM) "On CentOS 8, RHEL 8, and Fedora systems, unprivileged users can automatically load the required modules if the rdma-core package is installed," Nichols added. "On Debian and Ubuntu systems, the rdma-core package will only automatically load the two required kernel modules if the RDMA hardware is available. As such, the vulnerability is much more limited in scope." Gaining root privileges via KASLR bypass Attackers can abuse the bugs to bypass exploit-blocking security features such as Kernel Address Space Layout Randomization (KASLR), Supervisor Mode Execution Protection (SMEP), Supervisor Mode Access Prevention (SMAP), and Kernel Page-Table Isolation (KPTI). The three vulnerabilities can lead to local elevation of privileges, information leaks, and denials of service: CVE-2021-27365: heap buffer overflow (Local Privilege Escalation, Information Leak, Denial of Service) CVE-2021-27363: kernel pointer leak (Information Leak) CVE-2021-27364: out-of-bounds read (Information Leak, Denial of Service) All three vulnerabilities are patched as of 5.11.4, 5.10.21, 5.4.103, 4.19.179, 4.14.224, 4.9.260, and 4.4.260, and patches became available in mainline Linux kernel on March 7th. No patches will be released for EOL unsupported kernels versions like 3.x and 2.6.23. If you have already installed one of the Linux kernel versions, your device can't be compromised in attacks exploiting these bugs. If you haven't patched your system, you can use the above diagram to find if your device is vulnerable to exploitation attempts. Source: 15-year-old Linux kernel bugs let attackers gain root privileges
  4. Google putting its trust in Rust to weed out memory bugs in Android development Not rewriting the whole OS, of course, but using the language going forward Google has signalled support for the Rust programming language in low-level system code to limit the prevalence of memory-based security vulnerabilities. The Android project has largely been built in two languages. Java (and more recently, JVM-compatible languages like Kotlin) have been favoured for higher-level parts of the operating system, such as the UI. OS fundamentals, like the kernel and drivers, have typically been written in C, and, to a lesser extent, C++. C and even C++ are considered well suited for system-level programming as they offer a degree of closeness to the underlying hardware that's hard to achieve with higher-level languages. There are no intermediate layers of abstraction, like the Java virtual machine. C is also highly portable, and developers are left to their own devices when it comes to things like memory handling. But this flexibility has repeatedly proven to be a double-edged sword. With no garbage collection to rely on, simple memory management errors frequently result in serious security issues, such as buffer overflows and overreads. According to Google, memory-safety bugs represent 70 per cent of all high-severity security vulnerabilities found in the Android Open Source Project. Introduced in 2010 by Mozilla, the Rust programming language provides a happy medium between the low-level power of C and the memory safety found in higher-level languages like Java. But its approach is novel. Rust doesn't place the same emphasis on manual memory management like C. Nor does it come with a Java-style garbage collector (although the existence of a Rust garbage collector is a somewhat contentious topic). Rather, it takes a third tack, with memory usage linked inextricably to scope. A core concept of Rust is ownership. Put simply, every value has an owner. When that owner goes out of scope, the value is dropped. This limits the risk of memory-based security bugs, while also limiting the amount of code needed to be written to ensure safety. Additionally, Rust requires all variables be initialised before use, preventing an issue that Google claims is the root cause of between 3 and 5 per cent of all Android security vulnerabilities. Rust also comes with native protections against buffer overflows, another memory security woe. Google has said it doesn't intend to start rewriting the entire OS in Rust, which would be a mammoth undertaking given the millions of lines of code within Android. Rather, it intends to use Rust going forward. This, it said, is due to the disproportionate amount of memory-safety errors in newly written code. Vintage code is comparatively more robust, with errors already weeded out. Android's adoption of Rust won't happen overnight. Describing the task as "a large undertaking," Google highlighted the vast amounts of underlying work needed to be done. "There are toolchains and dependencies that need to be maintained, test infrastructure and tooling that must be updated, and developers that need to be trained," it said. Scaling the language to widespread use will be a "multi-year project," although the company has some early-adopter projects in the pipeline that rely on Rust. Android's embrace of Rust is indicative of the language's growing popularity. In July last year, Linus Torvalds suggested Rust may find a place in the Linux project, particularly with respect to device drivers. This preceded the porting of the GNU Coreutils suite (which is a suite of basic file, shell and text manipulation utilities) to Rust in 2020 by Debian developer and Mozilla director Sylvestre Ledru. Source: Google putting its trust in Rust to weed out memory bugs in Android development
  5. Introducing Malvuln.com – the first website ‘exclusively dedicated’ to revealing security vulnerabilities in malware One security researcher is turning the tide on attackers by posting high-impact zero-day vulnerabilities in the very malware that underpins their campaigns A pioneering malware vulnerability database has become a surprise addition to security pros’ defensive toolkits as they seek to disrupt, remediate, or attribute cyber-attacks. Launched on January 2, Malvuln.com provides exploit code for security flaws in malicious software in the same way that similar sites such as VulDB and WhiteSource do for benign applications and open source components. “Malvuln.com is the first website exclusively dedicated to the research of security vulnerabilities within malware itself,” reads the site’s ‘About’ page. ‘Malware vs. malware’ As cyber-attacks continue to wreak havoc around the world, Malvuln is turning the tide on attackers by revealing high-impact zero-day vulnerabilities in the very malware that underpins their campaigns The website’s founder and sole operator, security researcher John Page (AKA hyp3rlinx), tells The Daily Swig that the repository might be “useful for incident response teams to eradicate a malware without touching the machine”. He also speculates that the documented exploits “may eventually pit a malware vs. malware situation, who knows.” In 2019, security researcher Ankit Anubhav demonstrated the impact such a resource might have in the wild, documenting how a “trivial bug” in the Mirai malware had been used by “script kiddies and rival threat actors” to “crash each others’ C2 [command-and-control] servers”. One threat actor told him that “if a script were to be made to check when the C2 is up and crash it continuously, it will make all Mirai-based botnets pretty much useless”. Responding to the launch of Malvuln.com on Twitter this week, Kyle Cucci, a malware expert at Deutsche Bank, said he “could see this being used (very delicately) in IR scenarios” and “by threat actors to kick each other off infected hosts.” Independent security researcher ‘Eduardo B’, meanwhile, tweeted: “Imagine a persistent malware with rootkit capabilities and you could simply run an exploit against it to crash and/or disable it...or trace back, reliably, to its true origin.” Inverting the conventional dynamic Conventional vulnerability repositories alert application users when their systems are vulnerable and offer instructions on patching or mitigating them – albeit cybercrooks can benefit too, hence the contentious debate around public disclosure. Malvuln.com inverts that dynamic. Greg Leah, director of threat Intelligence at cybersecurity firm HYAS, tweeted that the project was a “great idea”, but warned that it could give malware authors “opportunities to improve the malware they would not otherwise have”. Stack buffer overflows Remote stack buffer overflow bugs account for 11 of 25 malware security flaws documented by Page so far, and these “classic” bugs are potentially the most interesting and impactful, said Page. The “reason is obvious”, he said. Indeed, as the non-profit OWASP Foundation explains, attackers can send “carefully crafted input to a web application” to exploit buffer overflows and “cause the web application to execute arbitrary code – effectively taking over the machine”. Page said he started the project because he “got bored in lockdown and for fun”. Source: Introducing Malvuln.com – the first website ‘exclusively dedicated’ to revealing security vulnerabilities in malware
  6. Popular SHAREit app is affected by severe flaws yet to be fixed Multiple vulnerabilities in the popular file-sharing app SHAREit have yet, to be addressed, experts from Trend Micro warned. SHAREit is a popular file-sharing Android app with more than one billion downloads, experts from Trend Micro discovered multiple unpatched vulnerabilities in its code. The vulnerabilities impact the Android version of SHAREit, a mobile app that allows users to share files with friends or between personal devices. The vulnerabilities can potentially lead to Remote Code Execution (RCE) on the devices where the app is installed. The vulnerabilities can be abused to leak a user’s sensitive data and execute arbitrary code with SHAREit permissions by using a malicious code or app. They can also potentially lead to Remote Code Execution (RCE). “We discovered several vulnerabilities in the application named SHAREit. The vulnerabilities can be abused to leak a user’s sensitive data and execute arbitrary code with SHAREit permissions by using a malicious code or app.” reads the report published by Trend Micro. “They can also potentially lead to Remote Code Execution (RCE).” The analysis of the app’s code revealed that that potentially any app can can call the startActivity() function through the broadcast receiver as “com.lenovo.anyshare.app.DefaultReceiver.” An attacker can view arbitrary activities, including SHAREit’s internal (non-public) and external app activities. Experts also discovered that any third-party entity can still gain temporary read/write access to the FileProvider content provider’s data. “SHAREit also defines a FileProvider. The developer behind this disabled the exported attribute via android:exported=”false”, but enabled the android:grantUriPermissions=”true” attribute. This indicates that any third-party entity can still gain temporary read/write access to the content provider’s data.” continues the analysis. “Even worse, the developer specified a wide storage area root path. In this case, all files in the /data/data/<package> folder can be freely accessed.” The app also provides a feature that can install an APK with the file name suffix sapk, an attacker can potentially abuse this feature to install a malicious app. “If such is the case, it will enable a limited RCE when the user clicks on a URL.” continues the analysis. “To verify whether the above functionality is available in the Google Chrome browser, we built an href attribute in HTML. When the user clicks this download URL, Chrome will call SHAREit to download the sapk from http://gshare.cdn.shareitgames.com. Since it supports the HTTP protocol, this sapk can be replaced by simulating a man-in-the-middle (MitM) attack.” Trend Micro has reported the vulnerabilities to the company behind the app but did not receive any reply and after three months decided to dislose it. Source: Popular SHAREit app is affected by severe flaws yet to be fixed
  7. Backing up the NSA's claim that it was caught by surprise by the Heartbleed OpenSSL bug, the White House has tried to explain the rules under which it allows agencies to hoard security vulnerabilities. In this White House blog post, cybersecurity coordinator Michael Daniel says leaving a huge number of vulnerabilities undisclosed would not be in America's national interest: “Building up a huge stockpile of undisclosed vulnerabilities while leaving the Internet vulnerable and the American people unprotected would not be in our national security interest,” he writes. If you take that as meaning the White House is going to tell the NSA to disclose vulnerabilities it finds, however, think again. The post pirouettes immediately to defending vulnerability-hoarding: “that is not the same as arguing that we should completely forgo this tool [exploiting vulnerabilities rather than disclosing them – The Register] as a way to conduct intelligence collection”.So the White House says it has established guidelines for when vulnerability-hoarding is okay: not “hard and fast” rules, Daniel writes, but considerations that apply if an agency asks to keep a vulnerability secret. These include how widespread a vuln might be in critical infrastructure systems; how much risk exists [without noting who bears the risk] if the vulnerability is unpatched; how much harm “an adversary” could do with knowledge of a vulnerability; whether “we” would know if someone else was exploiting the vulnerability; the value of the intelligence that might be obtained exploiting the vulnerability; whether US agencies might have the chance to exploit the bug before disclosing it; the likelihood that someone else might discover the same vulnerability; and whether or not a vulnerability could be patched or mitigated. In other words, the post seems to tell us that the White House will only hoard useful vulnerabilities that they can exploit without being caught, for as long as they think it won't be noticed by black-hats. Don't you feel better for knowing that? Source
×
×
  • Create New...