• Tag Archives vulnerability
  • Microsoft released eight security bulletins on Tuesday that address dozens of vulnerabilities including a zero-day flaw

    Microsoft Patches 3 Zero-day Vulnerabilities actively being Exploited in the Wild

    As part of monthly patch update, Microsoft released eight security bulletins on Tuesday that address dozens of vulnerabilities including a zero-day flaw reportedly being exploited by Russian hackers to target NATO computers and a pair of zero-day Windows vulnerabilities that attackers have been exploiting to penetrate major corporations’ networks.

    Just a day before yesterday, our team reported you about a Zero-day vulnerability discovered by the cyber intelligence firm iSight Partners affecting all supported versions of Microsoft Windows and is being exploited in a five-year old cyber-espionage campaign against the Ukrainian government and U.S organisations.

    Researchers at FireEye found two zero-day flaws, used in separate, unrelated attacks involving exploitation of Windows kernel, just a day after iSight partners disclosed zero-day in Windows. The pair of zero-day vulnerabilities could allow an attacker to access a victim’s entire system.

     

    According to the researchers at FireEye, the two of three so-called zero-day flaws are being actively exploited in the wild by hackers and are being used as “part of limited, targeted attacks against some major corporations.”

    Microsoft updates for the month of October 2014 Patch Tuesday address several vulnerabilities in all currently supported versions of Windows, Internet Explorer, Office, Sharepoint Server and the .Net framework. Three of the bulletins are marked “critical” and rest are “important” in severity. Systems administrators are recommended to apply the patches immediately for the critical updates.

    The zero-day flaw (CVE-2014-4114) discovered by iSight partners in all supported versions of Microsoft Windows and Windows Server 2008 and 2012 that is being exploited in the “Sandworm” cyberattack, are patched as part of MS14-060. Microsoft rated Bulletin MS14-060 as important rather than critical because it requires a user to open a Microsoft Office file to initiate the remote code execution.

    The vulnerability [exists in Windows OLE] could allow remote code execution if a user opens a Microsoft Office file that contains a specially crafted OLE object,” Microsoft warned in its bulletin. “An attacker who successfully exploited this vulnerability could run arbitrary code in the context of the current user.” (OLE is Microsoft technology for creating complex documents that contain a combination of text, sound, video and other elements.)

    However, the two zero-days discovered by FireEye are patched as part of MS14-058 and are marked critical. They are designated CVE-2014-4148 and CVE-2014-4113.

    We have no evidence of these exploits being used by the same actors. Instead, we have only observed each exploit being used separately, in unrelated attacks,” FireEye explained.

    CVE-2014-4148 exploits a vulnerability in TrueType Font (TTF) processing. TTF processing is performed in kernel mode as part of the GDI and has been the source of critical vulnerabilities in the past as well.

    The vulnerability affects Windows 8.1/Windows Server 2012 R2, Windows 8/Windows Server 2012, Windows 7/Windows Server 2008 R2 (Service Pack 0 and 1) and Windows XP Service Pack 3. It affects both 32-bit and 64-bit versions of the Operating System, but the attacks have only been observed against 32-bit systems.

    However, CVE-2014-4113 is a local Elevation of Privilege (EoP) vulnerability that affects all versions of Windows including Windows 7, Vista, XP, Windows 2000, Windows Server 2003/R2, Windows Server 2008/R2, Windows 8.x and Windows Server 2012/R2.

    Out of remaining bulletins, two are rated critical, both address remote code execution vulnerability in Internet Explorer and Microsoft .NET Framework respectively. Remaining bulletins are rated important in severity, include elevation of privilege bugs, Security Feature Bypass, and a remote code execution flaw.

    Please Visit our Computer News Website and Blog

    for latest computer repair and online news.

    Local and Online Virus removal and computer repairs anytime, anywhere

    Fort Lauderdale, Miami, Boca Raton, Boynton Beach and all South Florida


  • 4chan Hacked, Attacker Mainly Targeted Moderator Accounts

    Complete Computer Repair Latest News and Virus Threats Fort Lauderdale
    Complete Computer Repair News

     

    A few hours ago, Christopher Poole, aka “moot,” the founder of 4chan, revealed that the popular image-based bulletin board was hacked.

    The attack took place last week. The hacker leveraged a software vulnerability to gain access to administrative functions and data from a 4chan database. The attacker apparently wanted to expose the posting habits of a specific user he didn’t like.

    “After careful review, we believe the intrusion was limited to imageboard moderation panels, our reports queue, and some tables in our backend database,” moot noted.

    “Due to the way the intruder extracted information from the database, we have detailed logs of what was accessed. The logs indicate that primarily moderator account names and credentials were targeted.”

    The hacker accessed the Pass credentials of three 4chan Pass users. The impacted individuals have been notified and offered refunds and lifetime Passes.

    moot highlights the fact that 4chan doesn’t process any payment information, so the attacker couldn’t have gained access to financial data. Payment information is processed by Stripe.

    As far as the vulnerability leveraged by the hacker is concerned, it has been patched shortly after 4chan became aware of it. Software and systems are being reviewed to prevent future breaches.

    In a 4chan post published last week (removed since), a user revealed that the attacker was an Australian individual who wanted to expose “multiple abuses of power and violations of proper mod stewardship.” The attacker allegedly gained access to the details of over 12,000 sold Passes. He’s said to have had access to 4chan’s systems for a week.

    This isn’t the first time 4chan is targeted by hackers. Back in June 2012, hackers of UGNazi redirected the site’s visitors to their Twitter account.

    Please visit ccrepairservices.com

    for latest computer repair and online news.

    Local and Online Virus removal and computer repairs anytime, anywhere

     


  • New Zero Day Vulnerability Found In Internet Explorer All versions


    A new zero-day vulnerability that resides in all versions of Internet Explorer has been spotted in the wild, Microsoft confirmed late Saturday.

    The vulnerability, which could allow remote code execution, is being used in “limited, targeted attacks,” according to an advisory issued by Microsoft. While all versions of the web browser, IE 6 through 11, are affected by the vulnerability, attacks are currently targeting IE versions 9, 10 and 11, according to security firm FireEye, which first reported the flaw Friday.

    The attack leverages a previously unknown “use after free” vulnerability — data corruption that occurs after memory has been released — and bypasses both Windows DEP (data execution prevention) and ASLR (address space layout randomization) protections, according to FireEye.

    The vulnerability is currently being exploited by a group of hackers targeting financial and defense organization in the US, FireEye told CNET.

    “The APT [advanced persistent threat] group responsible for this exploit has been the first group to have access to a select number of browser-based 0-day exploits (e.g. IE, Firefox, and Flash) in the past,” FireEye said. “They are extremely proficient at lateral movement and are difficult to track, as they typically do not reuse command and control infrastructure.”

    FireEye said the flaw was significant because it affects more than a quarter of the total browser market.

    “Collectively, in 2013, the vulnerable versions of IE accounted for 26.25% of the browser market,” FireEye said in its advisory.

    An attack could be triggered by luring visitors to a specially crafted web page, Microsoft explained.

    “The vulnerability exists in the way that Internet Explorer accesses an object in memory that has been deleted or has not been properly allocated,” Microsoft said. “The vulnerability may corrupt memory in a way that could allow an attacker to execute arbitrary code in the context of the current user within Internet Explorer.”

    Microsoft said it is investigating the vulnerability and may issue an out-of-cycle security update to address the issue.

    Please visit ccrepairservices.com

    for latest computer repair and online news.

    Local and Online Virus removal and computer repairs anytime, anywhere



  • Mass Exploit of Linksys Routers

    It has been revealed that a vulnerability in possibly 23 different models of Linksys (Belkin) routers has been exploited by a worm known as The Moon.

     

    The exploit was first noticed about a week ago and reported by the Internet Storm Center. The Worm bypasses authentication on the router to take control. Linksys state that “the router starts flooding the network with ports 80 and 8080 outbound traffic, resulting in heavy data activity”. The worm also attempts to detect any vulnerable systems on the router’s network for exploitation.

     

    Current intentions of The Moon are not yet known, however, there is code within the worm which seems to suggest that it may be gathering infected routers into a network of compromised devices through a command and control system.

     

    Linksys will be issuing a firmware update to fix the vulnerability in the next few weeks. But for now, if you’re using a Linksys router, you should read the advice given here to disable Remote Access Management.

     

    Latest Computer news and virus and malware threats at Complete computer Repair Services

    www.ccrepairservices.com