The Internet of Things (IoT) botnet known as <a href="https://www.securityweek.com/hide-n-seek-iot-botnet-ensnares-20000-devices-days" style="text-d
http://feedproxy.google.com/~r/Securityweek/~3/0xwpv4rtqXE/hide-n-seek-iot-botnet-can-survive-device-reboots
An unofficial patch has been released for the zero-day vulnerabilities affecting a large number of routers made by South Korea-based Dasan Networks.
http://feedproxy.google.com/~r/Securityweek/~3/0CJZiyB86oQ/unofficial-patch-released-zero-days-affecting-dasan-routers
Two critical vulnerabilities have been discovered by a researcher in industrial device servers from Taiwan-based industrial networking solutions provider Lantech. The flaws can be exploited remotely even by an attacker with a low skill level, but the vendor has not released any patches.
http://feedproxy.google.com/~r/Securityweek/~3/MOO0k-umqWI/unpatched-flaws-expose-lantech-industrial-device-servers-attacks
FireEye researchers have discovered several vulnerabilities in the Logitech Harmony Hub home control system. The vendor has released a firmware update that patches the flaws.
http://feedproxy.google.com/~r/Securityweek/~3/fyWeu8yQfDU/logitech-patches-several-flaws-harmony-hub
Just a few days after they were disclosed, malicious actors started targeting a couple of flaws affecting routers made by South Korea-based Dasan Networks. There are roughly one million potentially vulnerable devices accessible directly from the Internet.
vpnMentor on Monday disclosed the details of two vulnerabilities in Gigabit-capable Passive Optical Network (GPON) routers made by Dasan and distributed to users by ISPs that provide fiber-optic Internet.
One of the flaws (CVE-2018-10561) allows a remote attacker to bypass a router’s authentication mechanism simply by appending the string “?images/” to a URL in the device’s web interface. The second vulnerability (CVE-2018-10562) can be exploited by an authenticated attacker to inject arbitrary commands.
Researchers warned that cybercriminals could combine the two security holes to remotely take control of vulnerable devices and possibly the victim’s entire network.
A Shodan search shows that there are roughly one million GPON home routers exposed to the Internet, a majority located in Mexico, Kazakhstan, and Vietnam.
The Network Security Research Lab at Chinese security firm Qihoo 360 reported on Thursday that it had already started seeing attempts to exploit CVE-2018-10561 and CVE-2018-10562. The company has promised to provide more details soon.
The fact that cybercriminals have started exploiting these vulnerabilities is not surprising considering that devices made by Dasan have been known to be targeted by botnets.
Researchers revealed in February that the Satori botnet had ensnared thousands of Dasan routers by exploiting a remote code execution vulnerability disclosed in December 2017 by Beyond Security, which claimed the vendor had ignored repeated attempts to report the issue.
vpnMentor said its attempts to report CVE-2018-10561 and CVE-2018-10562 to Dasan were also unsuccessful before its disclosure, but a representative of the manufacturer did reach out to the company after details of the security holes were made public.
Related: Remotely Exploitable Vulnerability Discovered in MikroTik’s RouterOS
Related: Flaws Affecting Top-Selling Netgear Routers Disclosed
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
Tags:
http://feedproxy.google.com/~r/Securityweek/~3/IM5TGlBYSCM/hackers-target-flaws-affecting-million-internet-exposed-routers
Researchers have discovered a total of eight new Spectre-like vulnerabilities, including flaws that may be more serious and easier to exploit, according to German magazine c’t.
The flaws were reportedly identified by several research teams, including Google Project Zero, whose employees were among those who initially discovered the Meltdown and Spectre attack methods. C’t, which is owned by Heise, claims it has obtained the information exclusively and confirms the existence of the vulnerabilities and their severity.
The new vulnerabilities, dubbed “Spectre Next Generation” or “Spectre-NG,” are said to affect processors from Intel and at least some ARM chips. AMD processors are currently being analyzed to determine if they are impacted as well.
Intel has confirmed that it’s working on patching some vulnerabilities, but it has not provided any details. C’t reports that Intel will release updates in two waves – the first expected in May and the second in August.
There are currently two main versions of the Spectre vulnerability: variant 1 and variant 2. Variant 1 attacks can be mitigated using software updates, but variant 2 requires microcode updates as well. C’t says Microsoft is also working on mitigations, which indicates that the Spectre-NG flaws require both software and firmware updates.
Of the eight Spectre-NG flaws, four have been classified as high severity and four as medium severity, with CVE identifiers being prepared for each issue.
While the risk and attack scenarios are similar to the original Spectre, c’t says there is one exception. One of the flaws can be exploited to execute arbitrary code in virtual machines and compromise the host system, and the attack is relatively easy to conduct, especially compared to the original Spectre. Cloud service providers such as Cloudflare and Amazon are reportedly affected the most.
On the other hand, c’t reports that the Spectre-NG flaws are unlikely to be exploited at scale against personal and corporate computers.
“Assuming they prove to be legitimate, the group of vulnerabilities coined as ‘Spectre-NG’ may pose significantly higher risks to cloud operators and multi-tenant environments than the original variants of Spectre. The information provided to the German technology site Heise seems to imply that a few of the eight new vulnerabilities facilitate VM-escape mechanisms, allowing a threat actor to compromise the hypervisor and/or other tenants from their own VM, apparently with little-to-no effort,” Craig Dods, Chief Security Architect at Juniper Networks, told SecurityWeek.
“As a point of reference, Spectre v1/v2 were quite difficult to use for the purposes of VM-escape within cloud environments. The details that are available for ‘Spectre-NG’ hint that it’s incredibly easy to use, but we won’t know for sure until we can see what the actual problems are,” Dods added.
Satya Gupta, CTO and co-founder of Virsec, is not surprised that new variants of the Spectre attack have emerged.
“Now that the core vulnerabilities of speculative execution have been publicized, many well-funded hacking groups globally are racing to find new ways to exploit them. These are advanced attacks exploiting small, but repeatable flaws that skip important security controls in literally billions of processors,” Gupta said via email. “While not all applications will be vulnerable and some compensating controls will be effective, the attackers are relentless and will continuously search for cracks in other defenses that allow Spectre to be exploited.”
Several other side-channel attack methods have been identified since the disclosure of Spectre and Meltdown, including ones dubbed BranchScope, SgxPectre, and MeltdownPrime and SpectrePrime.
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
Tags:
http://feedproxy.google.com/~r/Securityweek/~3/qMdTQVP8tfI/intel-working-patches-8-new-spectre-flaws-report
In an attempt to improve Hyper-V technology, which Microsoft considers central to the security of its cloud services, the software giant has released Hyper-V debugging symbols to the public.
Microsoft is now offering access to most Hyper-V-related symbols through the public symbol servers, starting with symbols for Windows Server 2016 with an installed April 2018 cumulative update.
“We would like to share with the security community that we have now released debugging symbols for many of the core components in Hyper-V, with some exceptions such as the hypervisor where we would like to avoid our customers taking a dependency on undocumented hypercalls for instance,” Microsoft announced.
This move, the company says, should prove handy for partners building solutions leveraging Hyper-V, for developers attempting to debug specific issues, and to security researchers to better analyze Hyper-V’s implementation and report any vulnerabilities as part of the Microsoft Hyper-V Bounty Program.
Microsoft is offering consistent rewards for vulnerabilities discovered in the Hyper-V client running on Windows 10 (latest builds of Windows Insider Preview slow) and Windows Server 2016 (latest available version).
The highest payouts reach $250,000 for eligible Critical Remote Code Execution bugs in Hypervisor and Host Kernel. Microsoft is also willing to pay up to $20,000 for issues discovered in Remotefx, Legacy Network Adapter (Generation 1) and Fibre Channel Adapter.
At this year’s Pwn2Own hacking competition, Microsoft was willing to pay up to $150,000 for vulnerabilities in the Hyper-V client, the highest rewards offered at the event.
Developers and security researchers interested in learning more on Microsoft’s Hyper-V Bounty Program should head to this TechNet article.
The list of components that now have debugging symbols made public was published by the Microsoft Virtualization team in a blog post last week.
The set is likely to be updated as the company decides to make more symbols public: “With newer releases, we are evaluating whether we can make even more symbols available,” Microsoft’s Lars Iwer notes.
A limited set of virtualization-related symbols that haven’t been released as of now includes storvsp.pdb, vhdparser.pdb, passthroughparser.pdb, hvax64.pdb, hvix64.pdb, and hvloader.pdb.
Related: Microsoft Launches Windows Bug Bounty Program
Related: Hackers Awarded $267,000 at Pwn2Own 2018
Ionut Arghire is an international correspondent for SecurityWeek.
Tags:
http://feedproxy.google.com/~r/Securityweek/~3/KmgEkmKGUsk/microsoft-makes-hyper-v-debugging-symbols-public
A researcher has discovered that a mitigation implemented by Microsoft in Windows 10 for the Meltdown vulnerability can be bypassed. The tech giant says it’s working on an update.
According to Windows internals expert Alex Ionescu, a Meltdown mitigation in Windows 10 has what he describes as “a fatal flaw.”
“Calling NtCallEnclave returned back to user space with the full kernel page table directory, completely undermining the mitigation,” Ionescu wrote on Twitter.
The researcher said Microsoft included a patch for this issue in the recently released Windows 10 version 1803, also known as April 2018 Update, Redstone 4 and RS4.
Microsoft told SecurityWeek that the company is working on providing an update for Windows 10 version 1790, also known as the Fall Creators Update, which appears to be the only version affected.
While the Meltdown mitigation bypass is interesting from a research perspective, exploitation requires local code execution privileges and the risk of malicious attacks is low.
The patches released by Microsoft for the Meltdown vulnerability have caused problems from day one. Shortly after the Meltdown and Spectre flaws were disclosed in early January, users started complaining that Microsoft’s updates had been causing Windows to break down on computers with AMD processors.
More recently, a researcher discovered that Meltdown mitigations for Windows 7 and Windows Server 2008 R2 introduced a serious privilege escalation vulnerability that may be worse than Meltdown.
Related: Microsoft Releases More Patches for Meltdown, Spectre
Related: Microsoft Releases More Microcode Patches for Spectre Flaw
Related: Windows Updates Deliver Intel’s Spectre Microcode Patches
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
Tags:
http://feedproxy.google.com/~r/Securityweek/~3/MncoKzGJFLM/meltdown-patch-windows-10-can-be-bypassed
A team of researchers has shown how malicious actors could leverage graphics processing units (GPUs) to launch Rowhammer attacks remotely against Android smartphones.
http://feedproxy.google.com/~r/Securityweek/~3/M4XUVWO8Jsc/android-phones-vulnerable-remote-rowhammer-attack-gpu
Hackers could in many organizations easily gain access to industrial environments from the corporate network, according to an analysis conducted by Positive Technologies.
http://feedproxy.google.com/~r/Securityweek/~3/YbMFiy3Yu4k/industrial-networks-easy-hack-corporate-systems-study