Blog News Vulnerebility Blog -  

Úvod  APT blog  Attack blog  BigBrother blog  BotNet blog  Bug blog  Cyber blog  Cryptocurrency blog  Exploit blog  Hacking blog  Hardware blog  ICS blog  Incident blog  IoT blog  Malware blog  OS Blog  Phishing blog  Ransomware blog  Safety blog  Security blog  Social blog  Spam blog  Vulnerebility blog


 


Datum

Název

Info

Blog

Companies

16.3.19

Windows Kernel Logic Bug Class: Access Mode Mismatch in IO Manager This blog post is an in-depth look at an interesting logic bug class in the Windows Kernel and what I did to try to get it fixed with our partners at Microsoft. The maximum impact of the bug class is local privilege escalation if kernel and driver developers don’t take into account how the IO manager operates when accessing device objects. This blog discusses how I discovered the bug class and the technical background. For more information about the further investigation, fixing and avoiding writing new code with the bug class refer to MSRC’s blog post. Vulnerebility blog Project Zero

14.3.19

Microsoft Patch Tuesday – March 2019 This month the vendor has patched 64 vulnerabilities, 17 of which are rated Critical. Vulnerebility blog Symantec

14.3.19

Microsoft Patch Tuesday — March 2019: Vulnerability disclosures and Snort coverage Microsoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday covers 64 vulnerabilities, 17 of which are rated “critical,” 45 that are considered “important” and one “moderate” and “low” vulnerability each. This release also includes two critical advisories — one covering security updates to Adobe Flash Player and another concerning SHA-2 Vulnerebility blog Cisco Talos

14.3.19

Vulnerability Spotlight: Privilege escalation bug in CleanMyMac X's helper service CleanMyMac X contains a privilege escalation vulnerability in its helper service due to improper updating. The application fails to remove the vulnerable components upon upgrading to the latest version, leaving the user open to attack. CleanMyMac X is an all-in-one cleaning tool for Macs from MacPaw. The application scans through the system and user directories looking for unused and leftover files and applications. Vulnerebility blog Cisco Talos

14.3.19

Vulnerability Spotlight: Multiple local vulnerabilities in Pixar Renderman The MacOS version of Pixar Renderman contains three local vulnerabilities in its install helper tool. An attacker could exploit these bugs to escalate their privileges to root. Vulnerebility blog Cisco Talos

14.3.19

Vulnerability Spotlight: Remote code execution vulnerability in Antenna House Rainbow PDF Office Server Document Converter Antenna House Rainbow PDF Office Server Document Converter contains a heap overflow vulnerability that could allow an attacker to remotely execute code on the victim machine. Rainbow PDF is a software solution that converts Microsoft Office documents into a PDF. This specific flaw lies in the way the software converts PowerPoint files into PDFs Vulnerebility blog Cisco Talos

8.3.19

PXE Dust: Finding a Vulnerability in Windows Servers Deployment Services Many large organizations use Windows Deployment Services (WDS) to install customized operating systems on new machines in the network. The Windows Deployment Services is usually, by its nature, accessible to anyone connected via an LAN port and provides the relevant software. They determine the Operating System as well as the accompanying programs and services for each new network element.

Vulnerebility blog

Checkpoint

8.3.19

Flaws in smart car alarms exposed 3 million cars to hijack The vulnerabilities, which resided in associated smartphone apps, were both easy to find and easy to fix Vulnerebility blog

Eset

8.3.19

Latest Chrome update plugs a zero-day hole It now turns out that the vulnerability in the browser was being exploited in tandem with a zero-day in Windows Vulnerebility blog

Eset

5.3.19

Jmail Breaker: Profiting from Joomla’s Mail Service Joomla! is one of the most popular CMS platforms and is used by hundreds of thousands of organizations worldwide. Over the years, many vulnerabilities were found in the product, such as Joomla Core Sterilizer Cross-Site Scripting Filter Privilege Escalation (CVE-2017-7985) and Joomla Object Injection Remote Command Execution (CVE-2015-8562). Indeed, over the past two years, there is evidence of a significant surge in the number of Joomla known vulnerabilities. Vulnerebility blog

Checkpoint

21.2.19

Extracting a 19 Year Old Code Execution from WinRAR n this article, we tell the story of how we found a logical bug using the WinAFL fuzzer and exploited it in WinRAR to gain full control over a victim’s computer. The exploit works by just extracting an archive, and puts over 500 million users at risk. This vulnerability has existed for over 19 years(!) and forced WinRAR to completely drop support for the vulnerable format. Vulnerebility blog

Checkpoint

17.2.19 Microsoft Patch Tuesday – February 2019 This month the vendor has patched 74 vulnerabilities, 20 of which are rated Critical. Vulnerebility blog Symantec
17.2.19 Microsoft Patch Tuesday — February 2019: Vulnerability disclosures and Snort coverage Microsoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday covers 69 vulnerabilities, 20 of which are rated “critical,” 46 that are considered “important” and three that are “moderate.” This release also includes a critical security advisory regarding a security update to Adobe Flash Player Vulnerebility blog Cisco Talos
17.2.19 Vulnerability Spotlight: Adobe Acrobat Reader DC text field remote code execution vulnerability Adobe Acrobat Reader DC contains a vulnerability that could allow an attacker to remotely execute code on the victim’s machine. If the attacker tricks the user into opening a specially crafted PDF with specific JavaScript, they could cause heap corruption. The user could also trigger this bug if they open a specially crafted email attachment. Vulnerebility blog Cisco Talos

2.2.19

Vulnerability Spotlight: Multiple vulnerabilities in ACD Systems Canvas Draw 5

Cisco Talos is disclosing several vulnerabilities in ACD Systems' Canvas Draw 5, a graphics-editing tool for Mac. The vulnerable component of Canvas Draw 5 lies in the handling of TIFF and PCX images. TIFF is a raster-based image format used in graphics editing projects, thus making it a very common file format that's used in Canvas Draw. PCX was a popular image format with early computers, and although it's been replaced by more sophisticated formats, it is still in use and fully supported by Canvas Draw.

Vulnerebility blog

Cisco Talos

30.1.19

Apple takes Group FaceTime offline after discovery of spying bug The company is rushing to fix a glitch that may let other iPhone users hear and see you – before you answer the callVulnerebility blog Eset

30.1.19

Vulnerability Spotlight: Multiple vulnerabilities in coTURN Today, Cisco Talos is disclosing three vulnerabilities in coTURN. coTURN is an open-source implementation of TURN and STUN servers that can be used as a general-purpose networking traffic TURN server. TURN servers are usually deployed in so-called “DMZ” zones — any server reachable from the internet — to provide firewall traversal solutions.Vulnerebility blog

Cisco Talos

30.1.19

Vulnerability Spotlight: Python.org certificate parsing denial-of-service Python.org contains an exploitable denial-of-service vulnerability in its X509 certificate parser. A specially crafted X509 certificate can cause a NULL pointer dereference, resulting in a denial of service. Python can crash if getpeercert() is called on a TLS connection, which uses a certificate with invalid DistributionPoint in its extension.Vulnerebility blog

Cisco Talos

30.1.19

Vulnerability Spotlight: Multiple WIBU SYSTEMS WubiKey vulnerabilities Cisco Talos discovered two vulnerabilities that could allow remote code execution and memory disclosure at the kernel level in WIBU-SYSTEMS WibuKey. WibuKey is a USB key designed to protect software and intellectual properties. It allows the users to manage software license via USB key. A third vulnerability is located in userland and can be triggered remotely, as it's located in the network manager.Vulnerebility blog

Cisco Talos

28.1.19

Vulnerability Deep Dive: TP-Link TL-R600VPN remote code execution vulnerabilities

TP-Link recently patched three vulnerabilities in their TL-R600VPN gigabit broadband VPN router, firmware version 1.3.0. Cisco Talos publicly disclosed these issues after working with TP-Link to ensure that a patch was available. Now that a fix is out there, we want to take the time to dive into the inner workings of these vulnerabilities and show the approach we took with our proof-of-concept code.

Vulnerebility blog

Cisco Talos

28.1.19

Microsoft Patch Tuesday — January 2019: Vulnerability disclosures and Snort coverage

Microsoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday covers 49 vulnerabilities, seven of which are rated “critical,” 40 that are considered “important” and one that is “moderate.” This release also includes a critical security advisory for multiple bugs in Adobe Flash Player.

Vulnerebility blog

Cisco Talos

28.1.19

Vulnerability Spotlight: Multiple Apple IntelHD5000 privilege escalation vulnerabilities

A memory corruption vulnerability exists in the IntelHD5000 kernel extension when dealing with graphics resources inside of Apple OSX 10.13.4. A library inserted into the VLC media application can cause an out-of-bounds access inside of the KEXT leading to a use after free and invalid memory access in the context of the kernel. This can be used for privilege escalation.

Vulnerebility blog

Cisco Talos

28.1.19

Vulnerability Spotlight: Multiple privilege escalation vulnerabilities in CleanMyMac X

Today, Cisco Talos is disclosing several vulnerabilities in MacPaw’s CleanMyMac X software. CleanMyMac X is a cleanup application for Mac operating systems that allows users to free up extra space on their machines by scanning for unused or unnecessary files and deleting them. In all of these bugs, an attacker with local access to the victim machine could modify the file system as root.

Vulnerebility blog

Cisco Talos

21.12.18 Microsoft issues emergency fix for Internet Explorer zero-day Details are sparse about a security hole that Microsoft said is being exploited in targeted attacks Vulnerebility blog Eset
20.12.18 Microsoft Patches Out-of-Band Internet Explorer Scripting Engine Vulnerability After Exploitation Detected in the Wild Microsoft released an out-of-band (OOB) patch on Wednesday related to a vulnerability in the scripting engine of Internet Explorer. This particular vulnerability is believed to be actively exploited in the wild and should be patched immediately. Vulnerebility blog Cisco Talos
20.12.18 Threat Actors Rapidly Adopt New ThinkPHP RCE Exploit to Spread IoT Malware and Deploy Remote Shells F5 researchers have observed multiple new campaigns leveraging a very recent exploit against ThinkPHP, a popular PHP framework in China. Within days of its discovery, the vulnerability had already been exploited in the wild by multiple threat actors. With this vulnerability, we see a pattern similar to those we have seen in other RCE vulnerabilities, such as Apache Struts 2 – CVE-2017-5638 mentioned last year, where attackers rushed to capitalize on the time it takes organizations to patch and profit from it. Vulnerebility blog F5 Labs
20.12.18 On VBScript Vulnerabilities in the VBScript scripting engine are a well known way to attack Microsoft Windows. In order to reduce this attack surface, in Windows 10 Fall Creators Update, Microsoft disabled VBScript execution in Internet Explorer in the Internet Zone and the Restricted Sites Zone by default. Vulnerebility blog Project Zero
20.12.18 Searching statically-linked vulnerable library functions in executable code Software supply chains are increasingly complicated, and it can be hard to detect statically-linked copies of vulnerable third-party libraries in executables. This blog post discusses the technical details of an Apache-licensed open-source library to detect code from other open-source libraries in executables, along with some real-world findings of forked open-source libraries in real-world software. Vulnerebility blog Project Zero
15.12.18 How threat actors are using SMB vulnerabilities Some of the most devastating ransomware and Trojan malware variants depend on vulnerabilities in the Windows Server Message Block (SMB) to propagate through an organization’s network. Windows SMB is a protocol used by PCs for file and printer sharing, as well as for access to remote services. Vulnerebility blog Malwarebytes
14.12.18 Adventures in Video Conferencing Part 5: Where Do We Go from Here? Overall, our video conferencing research found a total of 11 bugs in WebRTC, FaceTime and WhatsApp. The majority of these were found through less than 15 minutes of mutation fuzzing RTP. We were surprised to find remote bugs so easily in code that is so widely distributed. There are several properties of video conferencing that likely led to the frequency and shallowness of these issues. Vulnerebility blog Project Zero
12.12.18 Adventures in Video Conferencing Part 4: What Didn't Work Out with WhatsApp Not every attempt to find bugs is successful. When looking at WhatsApp, we spent a lot of time reviewing call signalling hoping to find a remote, interaction-less vulnerability. No such bugs were found. We are sharing our work with the hopes of saving other researchers the time it took to go down this very long road. Or maybe it will give others ideas for vulnerabilities we didn’t find. Vulnerebility blog Project Zero
12.12.18 50 CVEs in 50 Days: Fuzzing Adobe Reader The year 2017 was an inflection point in the vulnerability landscape. The number of new vulnerabilities reported that year was around 14,000, which is over twice the number from the year before (see table below). The probable reason for this is the increased popularity of automatic vulnerability finding tools, also known as “fuzzers”. Vulnerebility blog Checkpoint
12.12.18 Vulnerability Spotlight: Adobe Acrobat Reader DC text field remote code execution vulnerability Adobe Acrobat Reader DC contains a vulnerability that could allow an attacker to remotely execute code on the victim’s machine. If the attacker tricks the user into opening a specially crafted PDF with specific JavaScript, they could cause heap corruption. The user could also trigger this bug if they open a specially crafted email attachment. Vulnerebility blog Cisco Talos
12.12.18 Microsoft Patch Tuesday — December 2018: Vulnerability disclosures and Snort coverage Microsoft released its monthly security update today, disclosing a variety of vulnerabilities in several of its products. The latest Patch Tuesday covers 38 vulnerabilities, nine of which are rated “critical” and 29 that are considered “important.” There are no “moderate” or “low” vulnerabilities in this release. Vulnerebility blog Cisco Talos
5.12.18 Humble Bundle alerts customers to subscription reveal bug You’ll want to check your mailbox if you have a Humble Bundle account, as they’re notifying some customers of a bug used to gather subscriber information. Vulnerebility blog Malwarebytes
5.12.18 Adventures in Video Conferencing Part 1: The Wild World of WebRTC Over the past five years, video conferencing support in websites and applications has exploded. Facebook, WhatsApp, FaceTime and Signal are just a few of the many ways that users can make audio and video calls across networks. Vulnerebility blog Project Zero
4.12.18 Vulnerability Spotlight: Netgate pfSense system_advanced_misc.php powerd_normal_mode Command Injection Vulnerability Today, Cisco Talos is disclosing a command injection vulnerability in Netgate pfSense system_advanced_misc.php powerd_normal_mode. pfSense is a free and open source firewall and router that also features unified threat management, load balancing, multi WAN, and more. Vulnerebility blog Cisco Talos
2.12.18 Wireshark update 2.6.5 available Wireshark version 2.6.5 is available: release notes. Vulnerebility blog SANS
21.11.18 Vulnerability Spotlight: Multiple remote code execution vulnerabilities in Atlantis Word Processor Today, Cisco Talos is disclosing three remote code execution vulnerabilities in the Atlantis Word Processor. Atlantis Word Processor is a traditional word processor that provides a number of basic features for users, in line with what is in other similar types of software.  Vulnerebility blog Cisco Talos

19.11.18

Vulnerability Spotlight: Multiple remote vulnerabilities in TP-Link TL-R600VPN Cisco Talos is disclosing multiple vulnerabilities in the TP-Link TL-R600VPN router. TP-Link produces a number of different types of small and home office (SOHO) routers. Talos discovered several bugs in this particular router model that could lead to remote code execution. Vulnerebility blog Cisco Talos

15.11.18

FLARE VM Update

FLARE VM has gone through many major changes to better support our users’ needs.

Vulnerebility blog

FireEye

14.11.18 Microsoft Patch Tuesday – November 18 This month the vendor has patched 62 vulnerabilities, 13 of which are rated Critical. Vulnerebility blog Symantec
8.11.18

DJI Drone Vulnerability

Besides from consumers, though, it has also taken a large share of the corporate market, with customers coming from the critical infrastructure, manufacturing, agricultural, construction, emergency-management sectors and more. With so many customers worldwide, both consumer and corporate, DJI drones can obtain data and images from a wide range of viewpoints and across a large spectrum of subject matter. Vulnerebility blog Checkpoint
25.10.18 FLARE Script Series: Reverse Engineering WebAssembly Modules Using the idawasm IDA Pro Plugin We introduce idawasm, an IDA Pro plugin that provides a loader and processor modules for WebAssembly modules Vulnerebility blog FireEye

12.8.18

Faxploit: Sending Fax Back to the Dark Ages

Research By: Eyal Itkin and Yaniv Balmas Fax, the brilliant technology that lifted mankind out the dark ages of mail delivery when only the postal service and carrier pigeons were used to deliver..

Vulnerebility blog

Checkpoint

7.8.18

FakesApp: A Vulnerability in WhatsApp

Research By: Dikla Barda, Roman Zaikin and Oded Vanunu As of early 18, the Facebook-owned messaging application, WhatsApp, has over 1.5 billion users with over one billion groups and 65 billion messages sent...

Vulnerebility blog

Checkpoint

30.7.18

Scriptable Remote Debugging with Windbg and IDA Pro Required Background: Basic experience with virtual machines, i.e. creating a VM and installing an OS. The most technically involved it gets is setting up a working SSH server on one of the VMs Vulnerebility blog

Checkpoint

30.7.18

Remote Code Execution Vulnerability on LG Smartphones Research by: Slava Makkaveev Background A few months ago, Check Point Research discovered two vulnerabilities that reside in the default keyboard on all mainstream LG smartphone models (termed by LG as ‘LGEIME’). These... Vulnerebility blog Checkpoint

30.7.18

MMap Vulnerabilities – Linux Kernel By: Eyal Itkin As part of our efforts in identifying vulnerabilities in different products, from time to time we also review the Linux Kernel, mainly searching for vulnerabilities in different drivers. In this Vulnerebility blog

Checkpoint

30.7.18

NTLM Credentials Theft via PDF Files Just a few days after it was reported that malicious actors can exploit a vulnerability in MS outlook using OLE to steal a Windows user’s NTLM hashes, the Check Point research team can. Vulnerebility blog Checkpoint

30.7.18

Uncovering Drupalgeddon 2 By Eyal Shalev, Rotem Reiss and Eran Vaknin Abstract Two weeks ago, a highly critical (25/25 NIST rank) vulnerability, nicknamed Drupalgeddon 2 (SA-CORE-18-002 / CVE-18-7600), was disclosed by the Drupal security team. This vulnerability Vulnerebility blog

Checkpoint

30.7.18

Many Formulas, One Calc – Exploiting a New Office Equation Vulnerability By: Omer Gull and Netanel Ben Simon Background A few weeks ago, a vulnerability in the Office Equation 3.0 process (EQNEDT32.EXE) was discovered by Embedi. For a couple of reasons this event raised. Vulnerebility blog Checkpoint
30.7.18 Huawei Home Routers in Botnet Recruitment A Zero-Day vulnerability (CVE-2017-17215) in the Huawei home router HG532 has been discovered by Check Point Researchers, and hundreds of thousands of attempts to exploit it have already been found in the wild.. Vulnerebility blog

Checkpoint

30.7.18

“The Next WannaCry” Vulnerability is Here

This Tuesday, Microsoft released a security patch including 48 fixes, 25 of which are defined as “critical”. While Microsoft updates happen every month, this one reveals an especially dangerous vulnerability – CVE-2017-8620. Behind this dull.

Vulnerebility blog

Checkpoint

30.7.18

CrashOverride

On June 20th Check Point published an IPS signature providing virtual patching for the Siemens SIPROTEC DoS vulnerability. This IPS signature can help protect against a new malware, CrashOverride, also known as Industroyer–..

Vulnerebility blog

Checkpoint

30.7.18

Check Point Discloses Vulnerability that Allowed Hackers to Take over Hundreds of Millions of WhatsApp & Telegram Accounts

One of the most concerning revelations arising from the recent WikiLeaks publication is the possibility that government organizations can compromise WhatsApp, Telegram and other end-to-end encrypted chat applications. While this has yet to

Vulnerebility blog

Checkpoint

18

Announcing the Fifth Annual Flare-On Challenge

The FireEye Labs Advanced Reverse Engineering (FLARE) team’s annual reverse engineering challenge will start at 8:00 p.m. ET on Aug. 24, 18.

Vulnerebility blog

FireEye

18

BIOS Boots What? Finding Evil in Boot Code at Scale!

This post details the challenges FireEye faced examining boot records at scale and our solution to find evil boot records in large enterprise networks.

Vulnerebility blog

FireEye