A tale of two zero-days Late in March 2018, ESET researchers identified an interesting malicious PDF sample. A closer look revealed that the sample exploits two previously unknown vulnerabilities: a remote-code execution vulnerability in Adobe Reader and a privilege escalation vulnerability in Microsoft Windows. The use of the combined vulnerabilities is extremely powerful, as it allows an attacker to execute… Read More
Packets over a LAN are all it takes to trigger serious Rowhammer bit flips For the first time, researchers have exploited the Rowhammer memory-chip weakness using nothing more than network packets sent over a local area network. The advance is likely to further lower the bar for triggering bit flips that change critical pieces of data stored on vulnerable computers and servers. Until now, Rowhammer exploits had to execute… Read More
5 Powerful Botnets Found Exploiting Unpatched GPON Router Flaws Within just 10 days of the disclosure of two critical vulnerabilities in GPON router at least 5 botnet families have been found exploiting the flaws to build an army of million devices. Security researchers from Chinese-based cybersecurity firm Qihoo 360 Netlab have spotted 5 botnet families, including Mettle, Muhstik, Mirai, Hajime, and Satori, making use… Read More
One year later: EternalBlue exploit more popular now than during WannaCryptor outbreak It’s been a year since the WannaCryptor.D ransomware (aka WannaCry and WCrypt) caused one of the largest cyber-disruptions the world has ever seen. And while the threat itself is no longer wreaking havoc around the world, the exploit that enabled the outbreak, known as EternalBlue, is still threatening unpatched and unprotected systems. And as ESET’s… Read More
This Russian Company Sells Zero-Day Exploits for Hospital Software In one video uploaded to Vimeo, Gleg shows an exploit being used against a hospital health information management system (HHIMS). A list of MedPack updates includes a zero-day to replace files in a piece of software from a company called MediTEX. MediTEX makes scheduling software as well as a platform for documenting therapy and quality… Read More
Windows Exploitation Tricks: Exploiting Arbitrary File Writes for Local Elevation of Privilege An arbitrary file write vulnerability is where a user can create or modify a file in a location they could not normally access. This might be due to a privileged service incorrectly sanitizing information passed by the user or due to a symbolic link planting attack where the user can write a link into a… Read More
Getting any Facebook user’s friend list and partial payment card details Facebook has a GraphQL endpoint which can only be used by some of their own first-party applications. Generally, you need a user (or page) access_token to query the GraphQL endpoint. I have decided to try using Facebook for Android application’s client token, but the endpoint returned an error message: Source: josipfranjkovic… Read More
Adware vendors buy Chrome Extensions to send ad- and malware-filled updates One of the coolest things about Chrome is the silent, automatic updates that always ensure that users are always running the latest version. While Chrome itself is updated automatically by Google, that update process also includes Chrome’s extensions, which are updated by the extension owners. This means that it’s up to the user to decide if… Read More
Ethereum fixes serious “eclipse” flaw that could be exploited by any kid Developers of Ethereum, the world’s No. 2 digital currency by market capitalization, have closed a serious security hole that allowed virtually anyone with an Internet connection to manipulate individual users’ access to the publicly accessible ledger. Source: arstechnica… Read More
WebKit exploit write-up The proof of concept for this exploit can be found on the Chromium bug page. This bug was reported by lokihardt from Google Project Zer0. The bug can be found in Element::setAttributeNodeNS(). Let’s take a look at a code snippet: Source: github… Read More