Rallies partners and shares tools to reduce software bugsGitHub, Microsoft's cloud version control service and gripe forum, has joined with a handful of like-minded partners to form GitHub Security Lab (GSL) to better find bugs in open source software.Consisting of GitHub security researchers, third-party code maintainers and interested parties from partner companies, GSL aspires to provide a bit more organization to the daunting task of securing open source code."We recognize this is a problem that no one company can solve, including GitHub," he said.For example, Google, he said, is bringing software fuzzing tools, while Trail of Bits, a security consultancy, has committed to devoting time to open source bug hunting when not otherwise engaged.Initially, GSL intends to lead by example, having already driven the creation of more than 100 CVEs detailing flaws that need fixing.
Consider a wearable health and fitness tracker, smart thermostat, smart speaker or smart home assistant.But that identifier itself is also embedded into the mobile app code."At a minimum, a hacker could determine whether you have a particular Bluetooth device, such as a smart speaker, at your home, by identifying whether or not your smart device is broadcasting the particular UUIDs identified from the corresponding mobile apps," Lin said."But in some cases in which no encryption is involved or encryption is used improperly between mobile apps and devices, the attacker would be able to 'listen in' on your conversation and collect that data."Still, that doesn't mean you should throw your smartwatch away.They built a "sniffer" - a hacking device that can identify Bluetooth devices based on the broadcasting messages sent by the devices.
The government has shown time and time again that it is pretty fucking clueless when it comes to technology.So when it comes to being high-tech, it's never a surprise to hear that things have gone catastrophically wrong - as has just happened with the EU citizen settled status application app.It has been a shitshow from the beginning, since the app was only initially available on Android and didn't work most of the time.It eventually did make it to iPhones about a month ago, and less than two weeks before we were supposed to leave the EU.Great going so far, Home Office!Now, though, it turns out that the app has a bunch of whopping great big security flaws.
'Unnecessary scaremongering' but still some work to be doneReports that the Home Office's Brexit app contains "serious vulnerabilities" that could expose the phone numbers, addresses and passport details of EU citizens are overblown, say security experts.The Financial Times today splashed with the headline "Home Office app for EU citizens easy to hack" based on a report by Norwegian security firm Promon.The company's researchers found the app contains loopholes allowing them to access any information that was entered into it, including the facial scans and images of passport pages.Instead they tested the app's resilience against basic and commonly used attack methods and tools, and themselves noted these "often require very limited technical skills to use".Promon found the "ID Document Check Android" app lacked functionality to "prevent" malware from reading and stealing sensitive information provided by users, including passport details and photo IDs.
It doesn’t always take the drama of a zero-day vulnerability like we saw in September to get our attention.And the second, (CVE-2019-1457) is a publicly reported exploit in Microsoft Excel.Second, the IT department doesn’t have to rush out urgent fixes and can take the time to properly test and stage their desktop and server platform changes.You can find out more with our helpful infographic found here.Microsoft has documented a few known issues for this November Patch Tuesday, which we have broken down into two sections including:[ Got a spare hour?
ZoneAlarm, the consumer brand of the security firm Check Point, has fallen victim to a data breach in which hackers were able to gain unauthorized access to one of it web forums.Once inside the web forum, the hackers were able to obtain the names, email addresses, hashed passwords and dates of birth of almost 4,500 of the company's customers.Although neither ZoneAlarm nor Checkpoint publicly announced the breach, ZoneAlarm did sent out emails to subscribers who had been affected and urged them to change their forum account passwords immediately, which read:"The website became inactive in order to fix the problem and will resume as soon as it is fixed.You will be requested to reset your password once joining the forum.ZoneAlarm is conducting a thorough investigation into the whereabouts of this incident and views this as a serious matter.”
One of the new technological developments that are about to expand on a large scale is the use of 5G networks.One of the main turning points related to 5G is certainly the speed of data transfer and the stability of the connections.However, the aspect of privacy and security of users who use this technology should not be overlooked.A team of researchers from Purdue University and the University of Iowa has published an interesting research paper in which it tests the safety of the new 5G network protocols.The results of the research are not absolutely encouraging.And question the fact that 5G networks will be more secure than previous 4Gs.
A team of researchers have uncovered nearly a dozen 5G vulnerabilities, showing the latest generation may not provide the leap in security we hoped for.The researchers, from the universities of Iowa and Purdue, were able to perform a range of concerning attacks.Some examples of attacks the researchers conducted include location tracking, broadcasting fake emergency alerts, and cutting devices off from the 5G network.With 5G networks expected to proliferate rapidly and be used for ever more critical applications, including remote healthcare and smart cities, you'd expect standards bodies to ensure security is a number one priority.In their paper, the researchers note that the 5G protocol "lacks a formal specification and hence is prone to ambiguity and underspecification."As if the researchers' critique of 5G security wasn't damning enough, they state that conformance test suites only encompass "primitive security requirements lacking both completeness and the consideration of adversarial environments."
“The bulletin does not state what level of privileges are required to exploit…”Patch Tuesday looks a little more substantial this month, with Microsoft security updates now available to address a total of 74 vulnerabilities, 13 of them labelled critical, including one zero day being actively exploited in the wild.The fixes are up from last month’s 60 CVEs; nine of which were critical.Security teams are being urged to update their systems as soon as possible.One of the patches (CVE-2019-1429) is for a remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer.Chris Goettl, Director of Security Solutions at Ivanti said in an emailed comment: “The vulnerability only gains them equal access to the current user, so proper privilege management would mitigate the attacker’s ability to take full control of the system without using additional elevation of privilege exploits.
Editor's note: An earlier version of this story incorrectly included references to a re-released version of Windows 10 1809.The patches haven’t yet been out for 24 hours and already we’re seeing a lot of activity.Here’s where we stand with the initial wave of problems.Malicious Software Removal Tool installation error 800B0109Many early patchers found that the MSRT, KB 890830, kept installing itself over and over again.There are hundreds of reports online of people who found that the MSRT installer threw an 800B0109 and wouldn’t install; or installed but then reinstalled on reboot; showed up multiple times in the Installed Updates list; didn’t show up in the Installed Updates list in spite of running; and several variations on those themes.
The ‘hot fix’ does not mitigate the “effects of an earlier attack.”Ecommerce platform Magento is “strongly” recommending that its customers install its latest security patches, with hackers exploiting a recently disclosed remote code execution vulnerability on unpatched shopping sites to steal card details.Magento, bought by Adobe for $1.68 billion in May 2018, is an open-source ecommerce platform through which users build online stores, making it a ripe target for threat actors looking to steal shoppers’ financial credentials.Magento-powered stores have previously been widely hit by the so-called Magecart threat group(s), which exploit code vulnerabilities in the platform to layer fake payments pages on ecommerce sites, then skim payments.The platform is warning users that Magento Commerce v2.3.1 and Page Builder Beta are in urgent need of a security update.Otherwise attackers can “enable an unauthenticated user to insert a malicious payload into a merchant’s site and execute it.”
Microsoft's monthly batch of fixes addresses 74 CVE-listed security vulnerabilities, more than a dozen of them considered to be critical risks.The flaw is a remote code execution vulnerability, specifically a memory-corrupting hole, in Internet Explorer, which also affects Office."This vague description for memory corruption means that an attacker can execute their code if an affected browser visits a malicious web page or opens a specially crafted Office document," explained Dustin Childs of the Trend Micro Zero Day Initiative.Four guest-escape bugs (CVE-2019-0721, CVE-2019-1389, CVE-2019-1397, CVE-2019-1398) were found in Hyper-V.A remote code execution vulnerability in Exchange (CVE-2019-1373) was attributed to "deserialization of metadata via PowerShell," and would allow the attacker to run code with the security clearance of the logged-in user: almost certainly an admin if we are talking about PowerShell access.This month also brings the usual assortment of browser-based attacks with three remote code execution bugs for the Edge scripting engine (CVE-2019-1426, CVE-2019-1427, CVE-2019-1428) and one for VBScript (CVE-2019-1390.
Security researchers who played a role in uncovering the Spectre and Meltdown attacks that targeted microprocessors revealed on Tuesday a new vulnerability in Intel chips which they claim the company failed to address after it was first alerted a year ago.While Intel has said it’s received no reports of real-world exploits linked to this particular flaw, the potential risk to users is nevertheless significant and serves as the latest example of chip manufacturers struggling with security.According to the research, the attack is a variant of Zombieload, which targets a class of vulnerabilities Intel calls Microarchitectural Data Sampling (MDS).The attacks have also been referred to as RIDL, or Rogue In-Flight Data Load.Such attacks may permit a malicious hacker to force a microprocessor to leak potentially sensitive information temporarily stored in its data buffer.Researchers at Vrije Universiteit in Amsterdam, KU Leuven in Belgium, the German Helmholtz Centre for Information Security, and the Graz University of Technology in Austria collectively disclosed the bug, according to Wired.
Boffins say even latest chips can be twisted into leaking data between processor coresIntel is once again moving to patch its CPU microcode following the revelation of yet another data-leaking side-channel vulnerability.The same group of university boffins who helped uncover the infamous Spectre and Meltdown flaws say that a third issue, reported back in May under the name ZombieLoad, extends even further into Chipzilla's processor line than previously thought.A previously unreported ZombieLoad eavesdropping technique will work even on fully up-to-date processors that feature Intel's Transactional Synchronization Extensions (TSX) and TSX Asynchronous Abort (TAA) mechanisms – even on Meltdown and Foreshadow-resistant silicon.The crew of Michael Schwarz, Moritz Lipp, Daniel Moghimi, Jo Van Bulck, Julian Stecklina, Thomas Prescher, and Daniel Gruss will today reissue their original ZombieLoad paper to say as much."Hence, despite Intel's claims, we show that the hardware fixes in new CPUs are not sufficient."
Three of McAfee's anti-malware tools have been found to contain a vulnerability that could potentially allow an attacker to bypass its security protections and take control of a PC.The team with SafeBreach says that it has already privately reported the bug to McAfee, and the security shop was able to release a patch on Tuesday prior to the report going public.Users and admins running McAfee Total Protection, Anti-Virus Plus, and Internet Security are all advised to update their software to version 12.0.R22 Refresh 1 or later.According to SafeBreach, the vulnerability can be traced back to an error in the McAfee software that causes the security tools to try and load a DLL file (wbemcomn.dll) from the wrong file path.This means an attacker could write their own poisoned version of wbemcomn.dll, insert it into the directory where the software tries to look, and then could have the file automatically loaded and run without any checks."We suspected that a vulnerability could be exploited if we could load an arbitrary unsigned DLL into these processes," SafeBreach Labs researcher Peleg Hadar explains in a write-up.
Privacy and security have always been one of Apple’s core competencies.However, in recent times, security experts found a bug in macOS Catalina that could lead to email leaks.According to Bob Gendler, he was trying to figure out how macOS Siri provides recommendations to users.He came across a process called suggestd, run by the system level LaunchAgent com.apple.suggestd.The Suggestions folder in the user-level Library folder contains multiple files and some potentially important database files (.db files).Some of these files contain information on Apple Mail and other apps.
Over the past two years, attacks like Spectre, Meltdown, and variants on those techniques—all capable of tricking a broad range of processors into coughing up sensitive data—have shown how hard it can be to secure a chip.But it's one thing for a company like Intel to scramble to fix a vulnerability, and a very different one when it fails to act on one of those flaws for more than a year.Today researchers at Vrije Universiteit in Amsterdam, KU Leuven in Belgium, the German Helmholtz Center for Information Security, and the Graz University of Technology in Austria revealed new versions of a hacking technique that takes advantage of a deep-seated vulnerability in Intel chips.Like the Spectre and Meltdown vulnerabilities—which some of the same Graz researchers were involved in uncovering in early 2018—the new MDS variants represent flaws that could allow any hacker who manages to run code on a target computer to force its processor to leak sensitive data.The scenarios for that attack could include anything from a website's Javascript running in a victim's browser to a virtual machine running on a cloud server, which could then target a virtual machine on the same physical computer.But in this case, the researchers are pointing to a more serious failing on Intel's part than just another bug.
It's not yet prime time for 5G networks, which still face logistical and technical hurdles, but they're increasingly coming online in major cities worldwide.Which is why it's especially worrying that new 5G vulnerabilities are being discovered almost by the dozen.At the Association for Computing Machinery's Conference on Computer and Communications Security in London today researchers are presenting new findings that the 5G specification still has vulnerabilities.The researchers from Purdue University and the University of Iowa are detailing 11 new design issues in 5G protocols that could expose your location, downgrade your service to old mobile data networks, run up your wireless bills, or even track when you make calls, text, or browse the web."We had a hunch when we started this work that there were more vulnerabilities to find," says Syed Rafiul Hussain, a mobile security researcher from Purdue who led the study.One purported benefit of 5G is that it protects phone identifiers, like your device's "international mobile subscriber identity," to help prevent tracking or targeted attacks.
Time to reset your “days since last major chip vulnerability” counter back to zero.Security researchers have found another flaw in Intel processors — this time it’s a new variant of the Zombieload attack they discovered earlier this year, but targeting Intel’s latest family of chips, Cascade Lake.Intel calls the vulnerability Transactional Asynchronous Abort, or TAA.It’s similar to the microarchitectural data sampling vulnerabilities that were the focus of earlier chip-based side-channel attacks, but TAA applies only to newer chips.The new variant of the Zombieload attack allows hackers with physical access to a device the ability to read occasionally sensitive data stored in the processor.The vulnerability is found in how the processor tries to predict the outcome of future commands.
5G is faster and more secure than 4G.But new research shows it also has vulnerabilities that could put phone users at risk.Security researchers at Purdue University and the University of Iowa have found close to a dozen vulnerabilities, which they say can be used to track a victim’s real-time location, spoof emergency alerts that can trigger panic or silently disconnect a 5G-connected phone from the network altogether.5G is said to be more secure than its 4G predecessor, able to withstand exploits used to target users of older cellular network protocols like 2G and 3G like the use of cell site simulators — known as “stingrays.” But the researchers’ findings confirm that weaknesses undermine the newer security and privacy protections in 5G.Worse, the researchers said some of the new attacks also could be exploited on existing 4G networks.The researchers expanded on their previous findings to build a new tool, dubbed 5GReasoner, which was used to find 11 new 5G vulnerabilities.