New ransomware (Lilu, Lilocked) infects thousands of Linux servers using a buffer overflow vulnerability in a popular message transfer agent (EXIM)

Over the course of this past month, more and more data have been made available about the new strand of ransomware that has infected Linux servers since July 2019 and has recently grown more aggressive.

Image for post
Image for post

Why is it important?

This attack is not only important because of it making use of a buffer overflow vulnerability, but also because of the number of vulnerable high-value servers deployed around the world. …


Image for post
Image for post

Why is it important?

Cisco Systems is a technology company headquartered in San Jose california, and is one of the giants in the tech industry, widely known for inventing and manufacturing networking hardware, telecommunications equipment, and other high-technology services and products [1]. In particular, cisco is a huge player in the networking and ethernet markets, dominating the market with a 59 percent market share as of 2018 [3]. Most data centers owned by large corporations use Cisco ethernet switches and routers to provide network connectivity at high speeds. …


Image for post
Image for post

Multiple news outlets have reported a security flaw on mortgage settlement and title insurance company First American Financial’s website that allowed public access to private client documentation when exploited.

Why is it important?

The security flaw in First American Financial’s website made its real estate transaction records susceptible to theft. It is unclear if any malicious users have already exploited it to access the records [1]. If the records have been illegally accessed prior to the software patch, the privacy and financial security of millions of the company’s clients would be compromised.

Like many similar incidents that have happened in the past, First American Financial’s security flaw reminds us of the importance of keeping security in mind when designing external-facing systems and applications. …


Image for post
Image for post

iLnkP2P, which runs on over two million IoT devices, mostly security cameras, allows anyone to hijack the devices, and thus spy on their owners.

Why is it important?

Because the privacy of hundreds of thousands of people may be compromised. Users may purchase IoT cameras (among other devices) to monitor parts of their home or business, attackers can access and control this monitoring. Many users set up cameras within their homes to monitor activity, and remote attackers now have access to this footage. That someone could be watching you in your own home is an alarming idea.

This problem can’t be patched, nor will a physical recall occur [https://hacked.camera/]. Many users set up their cameras and then don’t think about them, which means many of these devices will be accessible and vulnerable for years. …


Image for post
Image for post

Security updates for Windows 10 were released this past Tuesday. Exploit developer SandboxEscaper released an exploit for the update within less than 24 hours of the security updates. This particular exploit targets a privilege escalation vulnerability that exists because of the way one of the Task Scheduler functions work. It allows the attacker to gain SYSTEM privileges on a compromised machine [1]. …


Related image

A malicious campaign is currently in progress to exploit outdated Jenkins installations, allowing attackers to obtain root privileges and mine the Monero cryptocurrency. Details on the attack have been recently made available.

Why is it important?

The importance of the issue comes from the large scale of Jenkins. Jenkins is the leading open source project providing automation tools for continuous integration. It is widely used in the software industry and currently used by over 26000+ companies[1]. Therefore, this vulnerability can potentially compromise a wide scope of products and services. Especially since upon successful launch of the cryptocurrency miner, the program will attempt to spread the attack across the network using local SSH keys[2]. It is also known that the attackers have malicious intent and have the potential to do more harm than simply mine cryptocurrency. …


In the last month, there has been research released about a critical vulnerability for the D-Link DCS-2132L WiFi camera, which would allow an unauthorized attacker to access audio and videos packets from a victim’s device, resulting in privacy issues.

Image for post
Image for post

Why is it important?

Many people use WiFi cameras to improve security of their homes or private property. However, in return, this type of vulnerability worsens security and could result in loss of privacy.

The DCS-2123L WiFi camera is one of the most popular models in D-Link and it is available for sale at large retailers and online [1]. According to the research released by ESET [2], there are multiple vulnerabilities which allow attackers to intercept and view video streams of this camera model, which poses critical privacy issues and dangers to the users. …


Image for post
Image for post

A vulnerability was recently found in the web client of the massively popular collaboration tool Slack that had the potential to allow malicious attackers to manipulate file downloads via specially crafted hyperlinks [1]. Given that Slack is now used by over 10 million daily active users each month [2] this bug presented a massive security risk for the many Slack users that use the platform for exchanging files with their colleagues.

Why is it important?

Many corporations rely on Slack to be a reliable and safe tool for their employees to collaborate on work related matters, and in many cases share work related documents. While it’s clear that all corporations would prefer that the transfer of work related documents be secure and safe from tampering, there are many companies that operate in industries such as healthcare where the exchange of documents and required safety nets is heavily regulated by laws such as HIPAA [3]. As Slack is hoping to achieve HIPAA compliancy and be able to serve customers in the healthcare industry [4] as well as customers that may exist in countries with more general data privacy laws such as Europe and GDPR [5] it is essential that file transfer is held to the highest security standard on the Slack platform. …


It seems that researchers have found yet another vulnerability rooted within Intel’s chips that could potentially allow attackers to access sensitive data from computers using their hardware. Since an overwhelming majority of PCs today use Intel, this puts millions of computers at risk.

Why is it important?

A little over a year ago, a security flaw was found with Intel’s microprocessors. Both of these flaws, named “Meltdown” and “Spectre”, when exploited, would allow attackers to access data from parts of a computer’s memory that should normally be protected [1]. These vulnerabilities were quickly patched, but it seems that they were not the end of the problems. Along with a group of microarchitecture security researchers, Intel has now decided to announce a new class of attacks, labeled MDS (Microarchitectural Data Sampling) [2]. …


Last week, TP-Link released a security update for the WR740N router. The patch resolves buffer overflow vulnerabilities that can be exploited to achieve remote code execution on the router. What is most concerning about this situation is that the vulnerabilities were discovered over one year ago. Furthermore, an exploit has been publicly available in the meantime.

Why is it important?

This news is important as a leading router company left a reported vulnerabilities leading to remote code execution in their firmware. The vulnerabilities were first discovered and disclosed by Andrew Mabbitt, founder of U.K. cybersecurity firm Fidus Information Security, in October 2017 [1]. Mabbitt identified the vulnerability in the WR940N router, upon which TP-Link promptly released a patch. However, the WR740N router was found to contain the same vulnerabilities, as a consequence of code reuse between the two routers [2]. Mabbitt notified TP-Link of the remaining vulnerabilities in January 2018 [1]. …

About

Pizza Guy

“From error to error one discovers the entire truth.” -Sigmund Freud

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store