Search Results for “Ionut Ilascu”


July 19, 2019
Ionut Ilascu / Bleeping Computer

Ionut Ilascu / Bleeping Computer  
Google Ups Its Chrome Bug Bounty Payments, Doubling Reward for Critical Security Vulnerabilities to $30,000

After nine years and 8,500 security bug reports, Google has increased the value of the rewards for security vulnerabilities submitted through its Chrome Vulnerability Rewards Program, with the maximum baseline reward tripled to $15,000 and the ceiling for high-quality reports for valid security vulnerabilities doubled to $30,000. The rewards are for valid bugs that can escape the built-in isolated containers, vulnerabilities affecting the firmware (processor, embedded controller, and H1), flaws that can defeat the verified boot mechanism and lead to persistence, and issues in the lock screen that can be exploited to circumvent it.

July 30, 2019
Ionut Ilascu / Bleeping Computer

Ionut Ilascu / Bleeping Computer  
Real Video Feeds in Smart Building Surveillance Systems Can Be Replaced With Arbitrary Footage Due to IoT Device Vulnerabilities

Security researchers at Forescout examined the security flaws in IoT devices used in smart buildings and were able to replace the real, unencrypted video feeds with arbitrary footage. The researchers set up a test environment that mimics a smart building’s integration of video surveillance (IP cameras), smart lighting (Philips Hue), and an IoT system designed to integrate components in other subsystems intended for services such as monitoring energy consumption and space utilization or predicting infrastructure maintenance needs. They used two types of attacks (denial of service and footage replay) that led to rendering an arbitrary stream to the video surveillance system (VSS). The researchers also tested how a threat actor could abuse the Philips Hue smart lighting system and were able to disable it via DoS as well as reconfigure the platform.

October 1, 2019
Ionut Ilascu / Bleeping Computer

Ionut Ilascu / Bleeping Computer  
Account Data for Nearly 250,000 Comodo Forums Users Stolen and Now Traded Online After Attacker Exploited Recently Revealed vBulletin Flaw

Account data belonging to more than half of all Comodo Forums users, or around 245,000 users, has been stolen and is now traded online, according to a security notice published by Comodo. The notification indicates that a new vulnerability in the vBulletin software made public a week ago is responsible for the breach with the attacker exploiting the flaw at 4:57 am EDT on Sunday. Comodo says that all passwords were stored in encrypted form, but forum users are recommended to change them, as a precautionary measure.

September 20, 2019
Ionut Ilascu / Bleeping Computer

Ionut Ilascu / Bleeping Computer  
App for Scanning Container Images Harbor Has Critical Flaw That Gives Attackers Admin Privileges, 1,300 Systems Are Vulnerable But New Versions and Patch Are Available

Attackers can exploit a critical security vulnerability in Cloud Native Computing Foundation’s (CNCF) popular product Harbor, a cloud native registry for container images, to obtain admin privileges on a vulnerable hosting system, researchers at Palo Alto Networks’ Unit 42 report. Unit 42 researcher Aviv Sasson discovered a critical vulnerability, tracked as CVE-2019-16097, that could be exploited to take control of Harbor registries with the default configuration. Versions 1.7.0 through 1.8.2 are affected. The flaw allows attackers to send a malicious request to a vulnerable machine and register a new user with the privileges of an administrator. Proof-of-concept (PoC) code is available in the form of a Python script that sends out the request to create a new user with admin rights. After executing the script, an attacker can log into the targeted Harbor registry from the web browser. Sasson scanned the internet for open Harbor instances and found 2,500 of them, of which 1,300 are vulnerable. The maintainers of Harbor released new versions, 1.7.6 and 1.8.3, of the product that address CVE-2019-16097. A patch was available before these releases.

Related: Security Affairs, SecurityWeek, ZDNet Security, Palo Alto Networks

Tweets:@campuscodi


September 18, 2019
Ionut Ilascu / Bleeping Computer

Ionut Ilascu / Bleeping Computer  
New Threat Group TortoiseShell Is Compromising IT Providers in Seeming Supply Chain Attacks, Most Victims Based in Saudi Arabia

A newly discovered threat group called TortoiseShell is compromising IT providers in what seems to be supply chain attacks intended to reach the network of at least eleven specific customers, researchers at Symantec report.  The group’s activity is traced back to July although it’s possible it was operating earlier than that. Most of the group’s targets are based in Saudi Arabia and in at least two cases there are enough clues to conclude that the attacker had privileges of a domain administrator. TortoiseShell infected hundreds of hosts for two of the victims, likely because they needed to find the machines that were of interest. Two victims had previously been compromised by Poison Frog, a PowerShell-based backdoor associated in the past with activities from another advanced threat, OilRig (a.k.a. APT34, HelixKitten) linked to the Iranian government.

September 11, 2019
Ionut Ilascu / Bleeping Computer

Ionut Ilascu / Bleeping Computer  
Flaws in D-Link, Comba Telecom Networking Gear Give Access to Device Passwords, D-Link Issued Patches but Comba Is Non-Responsive

Vulnerabilities found in networking gear from D-Link and Comba Telecom allow retrieving sensitive information like ISP credentials and device access passwords without authentication, Simon Kenin of Trustwave discovered. Kenin found that the D-Link DSL-2875AL router was affected by the same vulnerability that had been reported in the past for other products from the same manufacturer and also found a second vulnerability leading to sensitive information disclosure that impacts D-Link’s DSL-2875AL as well as the DSL-2877AL model. D-Link released fixes for both DSL-2875AL and DSL-2877AL. Kenin also found vulnerabilities in the AC2400 WiFi access controller, and the AP2600-I-A02 and the AP2600 indoor access points made by Comba Telecom.  The flaws could also allow an attacker to get sensitive data from the devices. Attempts to contact Comba Telecom about the problems were unsuccessful.

September 6, 2019
Sergiu Gatlan / Bleeping Computer

Sergiu Gatlan / Bleeping Computer  
Exim Mail Transfer Agent Flaw Allows Local and Remote Attackers to Gain Root Privileges on Servers That Accept TLS Connections

The Exim mail transfer agent (MTA) software is impacted by a critical severity vulnerability, a buffer overflow, present in versions 4.80 up to and including 4.92.1 that grants local and remote attackers root privileges on servers that accept TLS connections, according to an initial report by ‘Zerons’ on July 21 and a later analysis by Qualys’ research team. The flaw tracked as CVE-2019-15846 is “exploitable by sending an SNI ending in a backslash-null sequence during the initial TLS handshake” which leads to RCE with root privileges on the mail server. Server admins should install Exim 4.92.2, the latest version which patched the CVE-2019-15846 vulnerability.

Related: SecurityWeek, Vuxml.org, The Register – SecurityThe Hacker News, US-CERT Current Activity

Tweets:@ionut_ilascu


August 27, 2019
Ionut Ilascu / Bleeping Computer

Ionut Ilascu / Bleeping Computer  
Threat Actor Lyceum Group, Also Known as Hexane, Uses Simple Techniques to Compromise Oil and Gas Firms in Middle East

A threat actor called the Lyceum group focuses on critical infrastructure organizations in the Middle East, particularly oil and gas firms, and uses simple techniques to compromise victims and deploy post-intrusion tools, researchers at Secure Works report. The group first came to public attention at the beginning of the month, when ICS security firm Dragos released a brief report on the activity of this new actor, calling it Hexane. The goal of the Lyceum Group is to collect information, not to disrupt operations both firms say. Lyceum’s targets include executives, human resources and IT staff who are targeted with spearphishing emails from compromised internal accounts.

August 16, 2019
Ionut Ilascu / Bleeping Computer

Ionut Ilascu / Bleeping Computer  
Kaspersky Antivirus Injected Unique Identification Numbers Into Web Pages Visited by Users That Could Track Browsing Interests

Kaspersky antivirus solutions injected in the web pages visited by its users an identification number unique for each system starting in late 2015 up through 2019 that could be used to track a user’s browsing interests. The problem originated with a JavaScript from a Kaspersky server loaded from an address that included a unique ID for every user. The issue, now identified as CVE-2019-8286, is not restricted to Kaspersky antivirus. Kaspersky issued a patch for the vulnerability in June but users of older Kaspersky antivirus still face the same tracking problem.

Related: Security Week, Security Affairs, Slashdot, The Hacker News, fossBytesTechNadu, Mashable, The Mac Observer, Ars Technica, ExtremeTech, Techradar


August 12, 2019
Ionut Ilascu / Bleeping Computer

Ionut Ilascu / Bleeping Computer  
Over 40 Drivers From At Least 20 Hardware Vendors Have Vulnerabilities That Can Lead to Privilege Escalation

More than 40 drivers from at least 20 hardware vendors contain vulnerabilities that can be abused to achieve privilege escalation, researchers at firmware and hardware security firm Eclypsium discovered. The vendors affected include every major BIOS vendor and big names in the computer hardware business like ASUS, Toshiba, Intel, Gigabyte, Nvidia, or Huawei and these drivers affect all modern versions of Windows, including Windows 10. Currently, no mechanism exists at a wider scale to prevent vulnerable drivers from loading.