exploits – Page 4 – WindowsTechs.com

Rogue “Malware Spreading Security Researchers” Launch Malicious Social Engineering Campaign Against Legitimate Researchers – OSINT Analysis

Posted on February 5, 2021 by Dancho Danchev

Security researchers from Google have recently spotted and properly analyzed a currently circulation malicious software spreading social engineering driven malicious campaign that’s actively interacting with legitimate researchers on social media and p… Continue reading Rogue “Malware Spreading Security Researchers” Launch Malicious Social Engineering Campaign Against Legitimate Researchers – OSINT Analysis→

SolarWinds issues patches for two new critical bugs found in Orion software

Posted on February 3, 2021 by Sean Lyngaas

Researchers at security firm Trustwave on Wednesday disclosed two critical vulnerabilities in the same software that suspected Russian spies have exploited to infiltrate multiple U.S. government agencies. One of the bugs could offer an attacker a similar level of control over the software made by federal contractor SolarWinds that the alleged Russians enjoyed, the researchers said. The analysis of SolarWinds’ Orion software platform — which is used by numerous Fortune 500 firms — illustrates the greater scrutiny the firm is under since disclosing the supply-chain hack. But it also shows the security benefits of having more outside researchers sift through Orion’s code. “As people were patching against the implant backdoor [used in the espionage campaign], this would provide the ability to get back into those systems, even though the backdoor had been removed,” Trustwave’s Karl Sigler said of one of the vulnerabilities, which could allow an attacker to remotely execute […]

The post SolarWinds issues patches for two new critical bugs found in Orion software appeared first on CyberScoop.

Continue reading SolarWinds issues patches for two new critical bugs found in Orion software→

Sophisticated Watering Hole Attack

Posted on January 20, 2021 by Bruce Schneier

Google’s Project Zero has exposed a sophisticated watering-hole attack targeting both Windows and Android:

Some of the exploits were zero-days, meaning they targeted vulnerabilities that at the time were unknown to Google, Microsoft, and most outside … Continue reading Sophisticated Watering Hole Attack→

6 Questions Attackers Ask Before Choosing an Asset to Exploit

Posted on December 29, 2020 by David “moose” Wolpoff

David “moose” Wolpoff at Randori explains how hackers pick their targets, and how understanding “hacker logic” can help prioritize defenses. Continue reading 6 Questions Attackers Ask Before Choosing an Asset to Exploit→

Breaking Aave Upgradeability

Posted on December 16, 2020 by josselinfeist

On December 3rd, Aave deployed version 2 of their codebase. While we were not hired to look at the code, we briefly reviewed it the following day. We quickly discovered a vulnerability that affected versions 1 and 2 of the live contracts and reported t… Continue reading Breaking Aave Upgradeability→

Think-Tanks Under Attack by Foreign APTs, CISA Warns

Posted on December 2, 2020 by Tara Seals

The feds have seen ongoing cyberattacks on think-tanks (bent on espionage, malware delivery and more), using phishing and VPN exploits as primary attack vectors. Continue reading Think-Tanks Under Attack by Foreign APTs, CISA Warns→

Impressive iPhone Exploit

Posted on December 2, 2020 by Bruce Schneier

This is a scarily impressive vulnerability:

Earlier this year, Apple patched one of the most breathtaking iPhone vulnerabilities ever: a memory corruption bug in the iOS kernel that gave attackers remote access to the entire device — over Wi-Fi, with no user interaction required at all. Oh, and exploits were wormable — meaning radio-proximity exploits could spread from one nearby device to another, once again, with no user interaction needed.

[…]

Beer’s attack worked by exploiting a buffer overflow bug in a driver for AWDL, an Apple-proprietary mesh networking protocol that makes things like Airdrop work. Because drivers reside in the kernel — one of the most privileged parts of any operating system — the AWDL flaw had the potential for serious hacks. And because AWDL parses Wi-Fi packets, exploits can be transmitted over the air, with no indication that anything is amiss…

Continue reading Impressive iPhone Exploit→

Smart (and simple) ways to prevent symlink attacks in Go

Posted on November 24, 2020 by Johanna Ratliff

After writing Go for years, many of us have learned the error-checking pattern down to our bones: “Does this function return an error? Ope, better make sure it’s nil before moving on.” And that’s great! This should be our default behavior when writing … Continue reading Smart (and simple) ways to prevent symlink attacks in Go→

Reverse Engineering a PokeWalker

Posted on November 21, 2020 by Matthew Carlson

The PokeWalker is part of Nintendo’s long quest to get children (and likely some adults) walking and exercising. There’s the PokeWalker, Pokemon Pikachu, PokeBall Plus, Pokemon Pikachu 2, Pokemon mini, and of course Pokemon Go. Despite being out a decade, there wasn’t a ROM dump for the device and there …read more

Continue reading Reverse Engineering a PokeWalker→

New Windows Zero-Day

Posted on November 2, 2020 by Bruce Schneier

Google’s Project Zero has discovered and published a buffer overflow vulnerability in the Windows Kernel Cryptography Driver. The exploit doesn’t affect the cryptography, but allows attackers to escalate system privileges:

Attackers were combining an exploit for it with a separate one targeting a recently fixed flaw in Chrome. The former allowed the latter to escape a security sandbox so the latter could execute code on vulnerable machines.

The vulnerability is being exploited in the wild, although Microsoft says it’s not being exploited widely. Everyone expects a fix in the next Patch Tuesday cycle…

Continue reading New Windows Zero-Day→