[ad_1]
For the second time, Microsoft unsuccessfully attempted to fix the PrintNightmare vulnerability. Tracked initially as CVE-2021-1675, and the second RCE as CVE-2021-34527. We notified you last week, but a few more details are available now. The original journalist, [Yunhai Zhang] confirms our suspicion, stating on Twitter that “it looks like they just tested with the test case in my report.”
CVE-2021-1675 is intended to fix PrintNightmare, but it looks like they’re just testing with my report’s test case, which is sleeker and also smaller. The patch is therefore incomplete. : (
– Yunhai Zhang (@ _f0rgetting_) July 1, 2021
Microsoft has now delivered an out-of-band patch to resolve the issue, with the caveat that this is not a perfect solution, but should eliminate the RCE element of the vulnerability. Except… if the server in question has the Point and Print feature installed, it is probably still vulnerable. And to make it even more interesting, Microsoft says it has already seen this vulnerability being exploited in the wild.
Ransomware, the big one
Kaseya manufactures remote management, security and network monitoring products for IT departments and businesses. Their VSA product specifically performs remote monitoring and management, and had an optional on-site component. In other words, you put their server on your network, and then you install their client on every computer you manage. The clients report to the server, and you can install updates or troubleshoot issues remotely. Sounds good, actually. The only problem is that there were a pair of vulnerabilities in these servers.
The Dutch Vulnerability Disclosure Institute had researched Kaseya systems and revealed a number of flaws, which were functioning as part of the normal remediation process. CVE-2021-30116 appears to be the main vulnerability used, and Kaseya was about to deploy a patch. The timing faintly suggests an in-depth knowledge of Kaseya’s vulnerability and the remediation process, but that is by no means certain. Regardless, the attack was launched on the weekend of July 4 in the United States and many Kaseya VSA machines were targeted. Once these management endpoints were compromised, a REvil malware binary was sent to all connected clients as an update to install. REvil boasted of having logged over a million infections and offered a universal decryptor for $ 70,000,000.
Here we’ve explained how ransomware groups have gone to great lengths not to make too much noise, as too much publicity can result in the seizure of servers, bitcoins mysteriously recovered by the FBI, and actual arrests, depending on the country in which the group operates. out of. It will be interesting to see if an event of this magnitude results in further action.
NFC ATM Jackpot
Near Field Communications (NFC) is the technology that powers contactless smart cards. You can use any of them to control access to your workplace. You’ve probably incorporated NFC technology into your credit cards, and possibly your passport as well. Most cell phones can perform NFC communications, and here is the important point, they can imitate a smart card. What do you think a security researcher would do with such a capacity? Naturally, use that ability to send malformed smart card data to a reader and see what happens.
It’s just what [Josep Rodriguez] done, to a bunch of ATMs. It’s part of IOActive, a security research company, and they have a consultancy contract with one of the ATM providers. It appears that his work on a single device inspired the safety testing of several brands. A good number of them can be blocked via an unexpected NFC entry, and if we know anything from the last few years of security research, that often means things are vulnerable to a full exploit. And, as expected, on the machine he could legally attempt a full exploit against, [Rodriguez] hit the jackpot. Literally.
The jackpot of an ATM is when an attacker can convince them to give out all of their money at once. There have been a number of ways to do this in the past, from stealing manufacturer tools to physically attacking the machine. This is the first time that such an attack has been discovered on NFC, or at least that we are talking about publicly. More information on the attacks is to come. It looks like this initial story is meant to be a wake-up call for vendors that it’s time to take repairing their equipment seriously.
Vulnerable training application
Interested in Android Application Security? There is a training tool that you might be interested in, the Damn Vulnerable Bank. It’s an Android app that looks and works like a real app, but without the legal issues of hacking into a real bank’s infrastructure. And there’s a getting started guide that walks you through the process of running the app in an emulator, including removing the built-in protections against such searches.
Password theft becomes tricky
Android apps that attempt to harvest user data are nothing new, are they? I almost ignored this story, until I noticed that these apps were doing something smart. The set of apps found by Doctor Web analysts are working apps and serve ads exactly as we expected. These apps have a unique option to get rid of the displayed advertisements, just log into your Facebook account. Press this button and the Facebook login page will appear directly in the app, making the experience easier.
Does this trigger your spider sense of security? It should. This app has full control over what happens in its own browser implementation. In this case, it loads the real Facebook page and then loads additional JavaScript code to steal the password as it is typed. Thanks to that research, Google removed apps from the Play Store, but not before it had racked up 5.8 handsets. million installations.
All your databases belong to us
One of the ways private data is leaked around the world is through an insecure database. There are a number of nontraditional databases that either completely lack integrated security or that default to an insecure installation. This is not a problem, as long as the people using the database take the appropriate steps to secure the data. How many of these databases do you think are currently exposed to the Internet?
RedHunt Labs researchers wanted to know, so they started scanning the IPv4 space for unsecured databases. They selected eight databases and began to search and found a total of 95,321 unsecured or completely unsecured databases exposed to the Internet. It is difficult to know how many of them have proprietary data, but it is also possible that each of them represents an anchor point in a network. Keep your databases off the Internet!
How good can you create a password manager
And finally, in the facepalm category, Kaspersky’s password manager generated extremely insecure passwords. There were several weird issues involved, but by far the worst was that the only source of randomness the generator used was the current time… in seconds. To quote the article, “Every instance of Kaspersky Password Manager in the world will generate exactly the same password at any given second.” To put it another way, if you know the day a password was generated by this system, you can immediately narrow it down to a list of 86,400 passwords. It’s just a little more than 16 bits, or the equivalent of a three character password. Phew.
[ad_2]
Source link