Instagram Accidentally Exposed Some Users' Passwords In Plaintext

instagram password hack

Instagram has recently patched a security issue in its website that might have accidentally exposed some of its users’ passwords in plain text.

The company recently started notifying affected users of a security bug that resides in a newly offered feature called “Download Your Data” that allows users to download a copy of their data shared on the social media platform, including photos, comments, posts, and other information that they have shared on the platform.

To prevent unauthorized users from getting their hands on your personal data, the feature asks you to reconfirm your password before downloading the data.

However, according to Instagram, the plaintext passwords for some users who had used the Download Your Data feature were included in the URL and also stored on Facebook’s servers due to a security bug that was discovered by the Instagram internal team.

The company said the stored data has been deleted from the servers owned by Facebook, Instagram’s parent company and the tool has now been updated to resolve the issue, which “affected a very small number of people.”

Download Your Data was rolled out by Instagram in April to comply with the new European data privacy regulations, General Data Protection Regulation (GDPR), and to address the privacy concerns of users worldwide amid Facebook’s Cambridge Analytica scandal.

Affected users are highly recommended to change their passwords and clear their browser history as soon as possible.

If you have not received any notification from the photo-sharing service yet, it means your Instagram account and password are apparently not affected by the bug. If you are still concerned about the privacy and security of your account, you can also consider changing your password.

Users are also advised to enable two-factor authentication (2FA) and always secure their accounts with a strong and unique password.

Facebook had recently addressed a much more severe bug linked to its “View As” feature that was being actively exploited by unknown hackers to steal secret access tokens for 30 million Facebook users.

In late August, Instagram fixed another severe flaw in its API that unknown hackers exploited in the wild to gain access to the phone numbers and email addresses for many “high-profile” users with verified accounts.

In the same month, Instagram was also reportedly hit by a widespread hacking campaign that mysteriously locked out hundreds of users of their accounts with their email addresses, account names, profile pictures, and passwords changed.

Let’s block ads! (Why?)

Link to original source

Secret Charges Against Julian Assange Revealed Due to "Cut-Paste" Error

secret indictment against wikileaks founder julian assange

Has Wikileaks founder Julian Assange officially been charged with any unspecified criminal offense in the United States? — YES

United States prosecutors have accidentally revealed the existence of criminal charges against Wikileaks founder Julian Assange in a recently unsealed court filing in an unrelated ongoing sex crime case in the Eastern District of Virginia.

Assistant US Attorney Kellen S. Dwyer, who made this disclosure on August 22, urged the judge to keep the indictment [pdf] prepared against Assange sealed (secret) “due to the sophistication of the defendant, and the publicity surrounding the case.”

Dwyer is assigned to the WikiLeaks case.

Dwyer also said the charges would “need to remain sealed until Assange is arrested in connection with the charges” in the indictment and can, therefore “no longer evade or avoid arrest and extradition in this matter.”

WikiLeaks, the website that published thousands of classified U.S. government documents in 2010, said on social network Twitter that the Assange’s name appearing in those court documents was due to an “apparent cut-and-paste error.”

The charges America is bringing against the WikiLeaks Founder remains unclear, but the Justice Department last year was reportedly considering filing criminal charges against WikiLeaks and Assange in connection with the leak of diplomatic cables and military documents in 2010.

Special counsel Robert S. Mueller is probing leaks during the U.S. 2016 presidential election, and it was WikiLeaks who made public stolen emails from officials of Democratic National Committee (DNC), including Hillary Clinton’s campaign chairman John Podesta.

Assange, the 47-year-old Australian hacker, founded WikiLeaks in 2006 and has since made many high-profile leaks, exposing ‘dirty’ secrets of several individuals, political parties as well as government organizations across the world.

Assange has been forced to live in the Ecuadorian Embassy in London since June 2012, after he was granted asylum by the Ecuador government when a British court ordered his extradition to Sweden to face questioning sexual assault and rape.

However, Assange’s relationship with Ecuador has deteriorated in recent months, leaving his future uncertain. Ecuador has cut him off the Internet and any communication with the outside world except for his lawyers since this March.

The circumstances even made it difficult for him to do his job of editor-in-chief to run WikiLeaks and forced the whistleblower organization to appoint its new editor-in-chief, Kristinn Hrafnsson.

The new charges against Assange could ultimately have additional cascading effects.

“The news that criminal charges have apparently been filed against Mr. Assange is even more troubling than the haphazard manner in which that information has been revealed,” Assange lawyer Barry Pollack told The New York Times.

“The government bringing criminal charges against someone for publishing truthful information is a dangerous path for a democracy to take.”

Let’s block ads! (Why?)

Link to original source

Why you need to know about Penetration Testing and Compliance Audits?

penetration testing compliance audit

We live in an age where data flows like water, becoming the new life source of our everyday ventures.

As such, you can just imagine what all of that entails and the weight that data receive, especially when it comes to a decision making on how to handle this fairly new and arguably invaluable resource.

Of course, we are well aware from a very young age that our water needs to be pure, filtered and possibly protected, so this pops the question and makes us wonder:

How exactly does all of this translate for our data, its handling processes and ultimately our Security?

It is no secret that our personal information is as valuable if not more than actual currency. Imagining your social security number, medical bills or paycheck amounts flowing through vast amounts of seemingly random servers all across the globe can be unnerving.

It brings out the same questions that we would have for anything else of value:

Where is it going?
Who can see it?
Why are they holding it?

Is it safe?

As with anything else, the best way to understand is to get examples, more importantly from a person who is experienced and deals with these types of questions about your data every day.

Let’s assess a small visit to your local hospital.

You check in.

What did you just do?

You gave away your social security number, address, bio information, and financial status.

Did you stop and think if the hospital really needs all of that information or are they just hoarding it for no reason?

Of course, you did not!

Currently, you’re more worried about your well being and not some hospital records. This happens more often than we would like to believe. Being brought in situations from various types of establishments where our data is not the first thing on our minds when entering.

But what does all of this have to do with Penetration Testing & Compliance Audits? We will get there soon enough.

For starters, know that people are working over the clock right now analyzing these everyday situations that everyone is facing. They are the ones that do ask questions about our data and how it is handled in such proceedings when we can not.

These people range in various fields, from Security Engineers, Penetration Testers, Auditors, HR Staff, etc.

Some of these titles, understandably, are not familiar to people that are not interested in the IT sector, but nonetheless, as with everything else, there will be a field to fit a certain need.

Here that need is “Security.”

But for now, let’s go back to the hospital for a bit.

After you left, what happened?

All of that information got stored somewhere, quite possibly digitally.

For papers, we have lockers, for money we have safes, for vials we have 24/7 protected laboratories.

Just what do we have for the data we just gave out?

We saw that the front desk person typed it in their computer. Which means that now all of that information is sitting either on their server at local grounds or has been sent off to random nodes across the globe as we previously mentioned. But that still does not answer the main question, how is it protected? Can’t someone just barge in and take it?

In most cases, that would be improbable and somewhat difficult. But, most examples are not all cases, and as will any Security Engineer attest, we get more breaches like that than we would like to admit. So how this happen?

Well now we got to the technical bit, how does one actually steal all of that information and why are they able to.

First, they can steal it because the systems that hold it, like anything else physical as well, has not had its security properly checked! There is a loophole in the system.

This is where Penetration Testing comes along.

Secondly, why they are able to steal it is because there is data there that should not be there in the first place.

This is where Compliance Auditing comes along.

Let’s talk about the first issue, lack of security measures and/or checkups and how to prevent it.

Penetration Testing, as the name might suggest, is the act of trying to breach the security of an object and steal valuable data exactly as an attacker would do. This means using their methods and tactics as well. But what is the difference? Penetrating Testing is carried out by specialized and authorized organizations or individuals to help businesses identify potential risks in their system.

These specialized organizations or individuals (Penetration Testers) would try to break in, as previously mentioned using all of the tips and tricks that attackers would, and then they would report to the businesses (whom they are working for) where all of their weak areas are and more importantly how and why they should fix them.

Basically, if the Penetration Tester stole valuable information, that means that an attacker could do this as well. By covering all of the vulnerabilities found previously by the Penetration Tester, you are making sure that when the actual attackers try to break in, it will be substantially harder or almost impossible because most of the vulnerabilities have already been fixed.

We will take the hospital for our example again.

We left our personal information (data) in the hospital, and they probably stored it. Malicious actors just a few hours later know where that location is and they try to break in. One of two things will happen, either they will succeed (the penetration test might not have been conducted). Or in their attempt, they found out that most of the ways they knew how to break in have already been patched up and now it is a lot more difficult or impossible, leaving them with nothing.

Now as for the first issue, imagine that the attackers did break in, there were lack of security measures and a Penetration Test beforehand was probably not conducted. What did they steal or rather what can they steal?

They stole the following information:

  • Name/Surname
  • Date Of Birth
  • Blood Type
  • Address
  • Credit Card Number

The major issue here is why did the hospital, at the first place, stored the credit card number when surely it will not need the credit card for constant use?

That is where the need for Compliance Audit comes. A compliance audit is the complete and thorough assessment of an organization’s (hospital in our case) compliance to laws and guidelines set out by the respective regulatory authority of that particular industry.

Compliance is mostly a set of security checklists, that a company, for example, should follow depending on their type of business.

For example, if it is a private hospital, they would have to follow a medical type of compliance. If it is a broker firm, they would have to follow a financial type of compliance and so on.

The medical type of compliance, in this case, would state that there is probably no need to store credit card number, lumped together with all of the other types of information and that each type of data has their own type of protection checklist.

So if the compliance beforehand were conducted and followed, the credit card number would probably not have been stored in the first place, as they are not vitally needed. If this had happened, even after the attackers broke in, they would not have been able to steal such information because it simply did not exist. This way you mitigate the risk of breaches.

Basically, only the information that is absolutely needed should be stored. Similarly, businesses cannot keep their employee’s records forever if they have left. Every business should hire a compliance auditor to understand the rules and regulations of their business and carry out in a legal way.

On the other hand, it is not entirely up to the auditors to conduct such thorough search, it is up to the company and its general security sense to build up everything properly in order for these kinds of tests and checklists to never be a substantial issue.

Attacks could also come from inside a company as well. Mainly from provoked, overworked or unsatisfied employees. These are the most dangerous types of attacks because the employees already have access to everything.

Basically, their psychological well being is extremely important! Taking the time and effort to care for your colleagues will make them less eager to betray you or your assets.

As a conclusion, we went through various scenarios that all of those ambiguous titles above go through each day and hope you are more understanding now of the importance of Penetration Testing & Compliance for the security of your data than you were before!

Let’s block ads! (Why?)

Link to original source

Popular AMP Plugin for WordPress Patches Critical Flaw – Update Now

amp plugin for wordpress

A security researcher has disclosed details of a critical vulnerability in one of the popular and widely active plugins for WordPress that could allow a low-privileged attacker to inject malicious code on AMP pages of the targeted website.

The vulnerable WordPress plugin in question is “AMP for WP – Accelerated Mobile Pages” that lets websites automatically generate valid accelerated mobile pages for their blog posts and other web pages.

AMP, stands for Accelerated Mobile Pages, is an open-source technology that has been designed by Google to allow websites build and server faster web pages to mobile visitors.

Though I am pretty sure the main version of “The Hacker News” website is enough fast for both desktop and mobile device users, you can also check the AMP version for this specific article here.

Out of hundreds of plugins that allows WordPress websites to create Google-optimize AMP pages, “AMP for WP” is the most popular among others with more than 100,000 installations.

The affected plugin was recently removed temporarily from the WordPress plugins library due to vulnerable code, but neither its developer nor the WordPress team revealed the exact issue in the plugin.

[embedded content]

Cybersecurity researcher Luka Sikic from web security firm WebARX analyzed the vulnerable plugin version and spotted a code-injection vulnerability in the “AMP for WP” that was later patched in its updated version.

The vulnerability resided in the way the ‘AMP for WP – Accelerated Mobile Pages’ plugin handled permissions for user accounts and WordPress AJAX hooks.

“The AMP plugin vulnerability is located in the ampforwp_save_steps_data which is called to save settings during the installation wizard. It’s been registered as wp_ajax_ampforwp_save_installer ajax hook,” Sikic says in a blog post published today.

“This particular plugin vulnerability is a critical issue for websites that allow user registration.”

Under its settings, the plugin offers website administrators options to add advertisements and custom HTML/JavaScript code in the header or footer of an AMP page. To do this, the plugin uses WordPress’ built-in /AJAX hooks functionality in the background.

Since every registered user on a WordPress site, even with the lowest privileges, are authorized to call AJAX hooks and also since the vulnerable plugin doesn’t check if the account calling the AJAX hooks is admin or not, any user of the site can make use of this function to inject custom code.

As demonstrated by the researcher in a video, a low-privileged user can simply temper any request to call AJAX hooks and can submit malicious JavaScript code in the site.

This vulnerability has now been addressed in the latest version of AMP for WP – Accelerated Mobile Pages.

“In the updated version, the plugin is checking for wpnonce value and check if logged in user can manage options,” the researcher says.

If your WordPress website also uses the affected plugin, you are highly recommended to install the latest available security updates as soon as possible.

It’s just 15th of this month, and a weakness in another popular WordPress plugin has been discovered affecting hundreds of thousands of websites out there.

Just last week, an arbitrary file deletion vulnerability was disclosed in the popular WooCommerce plugin that could have allowed a malicious or compromised privileged user to gain full control over the WordPress websites.

Let’s block ads! (Why?)

Link to original source

0-Days Found in iPhone X, Samsung Galaxy S9, Xiaomi Mi6 Phones

Pwn2Own Tokyo

At Pwn2Own 2018 mobile hacking competition held in Tokyo on November 13-14, white hat hackers once again demonstrated that even the fully patched smartphones running the latest version of software from popular smartphone manufacturers can be hacked.

Three major flagship smartphones—iPhone X, Samsung Galaxy S9, and Xiaomi Mi6—were among the devices that successfully got hacked at the annual mobile hacking contest organized by Trend Micro’s Zero Day Initiative (ZDI), earning white hat hackers a total of $325,000 in reward.

Teams of hackers participated from different countries or representing different cybersecurity companies disclosed a total of 18 zero-day vulnerabilities in mobile devices made by Apple, Samsung, and Xiaomi, as well as crafted exploits that allowed them to completely take over the targeted devices.

Apple iPhone X Running iOS 12.1 — GOT HACKED!

A team of two researchers, Richard Zhu and Amat Cama, who named themselves Fluoroacetate, discovered and managed to exploit a pair of vulnerabilities in a fully patched Apple iPhone X over Wi-Fi.

The duo combined a just-in-time (JIT) vulnerability in the iOS web browser (Safari) along with an out-of-bounds write bug for the sandbox escape and escalation to exfiltrate data from the iPhone running iOS 12.1.

For their demonstration, the pair chose to retrieve a photo that had recently been deleted from the target iPhone, which certainly came as a surprise to the person in the picture. The research earned them $50,000 in prize money.

Pwn2Own Mobile Hacking Competition
Richard Zhu and Amat Cama (Team Fluoroacetate)

Fluoroacetate team also attempted to exploit the baseband on the iPhone X, but could not get their exploit working in the time allotted.

Another team of researchers from UK-based MWR Labs (a division of F-Secure), which included Georgi Geshev, Fabi Beterke, and Rob Miller, also targeted the iPhone X in the browser category but failed to get their exploit running within the time allotted.

ZDI said it will acquire those vulnerabilities through its general ZDI program.

Samsung Galaxy S9 — Also, GOT HACKED!

Besides iPhone X, Fluoroacetate team also hacked into the Samsung Galaxy S9 by exploiting a memory heap overflow vulnerability in the phone’s baseband component and obtaining code execution. The team earned $50,000 in prize money for the issue.

“Baseband attacks are especially concerning since someone can choose not to join a Wi-Fi network, but they have no such control when connecting to baseband,” Zero Day Initiative wrote in a blog post (Day 1).

Three more different vulnerabilities were discovered by the MWR team, who combined them to successfully exploit the Samsung Galaxy S9 over Wi-Fi by forcing the device to a captive portal without any user interaction.

Next, the team used an unsafe redirect and an unsafe application load in order to install their custom application on the target Samsung Galaxy S9 device. MWR Labs was rewarded $30,000 for their exploit.

Xiaomi Mi6 — Yes, This Too GOT HACKED!

Fluoroacetate did not stop there. The team also managed to successfully exploit the Xiaomi Mi6 handset via NFC (near-field communications).

“Using the touch-to-connect feature, they forced the phone to open the web browser and navigate to their specially crafted webpage,” ZDI said.

“During the demonstration, we didn’t even realize that action was occurring until it was too late. In other words, a user would have no chance to prevent this action from happening in the real world.”

The vulnerability earned the Fluoroacetate team $30,000 in prize money.

On Day 2 of the competition, the Fluoroacetate team also successfully utilized an integer overflow vulnerability in the JavaScript engine of the web browser of the Xiaomi Mi6 smartphone that allowed them to exfiltrate a picture from the device.

The bug earned them another $25,000.

Pwn2Own Mobile Hacking Competition
Georgi Geshev, Fabi Beterke, and Rob Miller (MWR Labs)

MWR Labs also tried its hands on the Xiaomi Mi6 smartphone and combined five different bugs to silently install a custom application via JavaScript, bypass the application whitelist, and automatically launch the app.

To achieve their goal, the white hat hackers first forced the Xiaomi Mi6 phone’s default web browser to navigate to a malicious website, when the phone connected to a Wi-Fi server controlled by them.

The combination of vulnerabilities earned the MWR team $30,000.

On Day 2, the MWR team combined a download flaw along with a silent app installation to load their custom application and exfiltrate some pictures from the phone. This earned them another $25,000.

A separate researcher, Michael Contreras, managed to exploit a JavaScript type confusion vulnerability to obtain code execution on the Xiaomi Mi6 handset. He earned himself $25,000.

Fluoroacetate Won ‘Master of Pwn’ Title This Year

With the highest of 45 points and a total of $215,000 prize money, Fluoroacetate researchers Cama and Zhu earned the title ‘Master of Pwn,’ logging five out of six successful demonstrations of exploits against iPhone X, Galaxy S9, and Xiaomi Mi6.

Details of all the zero-day vulnerabilities discovered and exploited in the competition will be available in 90 days, as per the pwn2Own contest’s protocol, which includes notifying vendors and OEM patch deployments.

The vulnerabilities will remain open until the affected vendors issue security patches to address them.

Let’s block ads! (Why?)

Link to original source

7 New Meltdown and Spectre-type CPU Flaws Affect Intel, AMD, ARM CPUs

meltdown and spectre vulnerabilities

Disclosed earlier this year, potentially dangerous Meltdown and Spectre vulnerabilities that affected a large family of modern processors proven that speculative execution attacks can be exploited in a trivial way to access highly sensitive information.

Since then, several more variants of speculative execution attacks have been discovered, including Spectre-NG, SpectreRSB, Spectre 1.1, Spectre1.2, TLBleed, Lazy FP, NetSpectre and Foreshadow, patches for which were released by affected vendors time-to-time.

Speculative execution is a core component of modern processors design that speculatively executes instructions based on assumptions that are considered likely to be true. If the assumptions come out to be valid, the execution continues, otherwise discarded.

Now, the same team of cybersecurity researchers who discovered original Meltdown and Spectre vulnerabilities have uncovered 7 new transient execution attacks affecting 3 major processor vendors—Intel, AMD, ARM.

While some of the newly-discovered transient execution attacks are mitigated by existing mitigation techniques for Spectre and Meltdown, others are not.

“Transient execution attacks leak otherwise inaccessible information via the CPU’s microarchitectural state from instructions which are never committed,” the researchers say. 

“We also systematically evaluated all defenses, discovering that some transient execution attacks are not successfully mitigated by the rolled out patches and others are not mitigated because they have been overlooked.”

Out of 7 newly discovered attacks, as listed below, two are Meltdown variants, named as Meltdown-PK and Meltdown-BR, and other 5 are new Spectre mistraining strategies.

1. Meltdown-PK (Protection Key Bypass)—On Intel CPUs, an attacker with code execution ability in the containing process can bypass both read and write isolation guarantees enforced through memory-protection keys for userspace.

2. Meltdown-BR (Bounds Check Bypass)—Intel and AMD x86 processors that ship with Memory Protection eXtensions (MPX) for efficient array bounds checking can be bypassed to encode out-of-bounds secrets that are never architecturally visible.

Spectre-PHT (Pattern History Table)

3. Spectre-PHT-CA-OP (Cross-Address-space Out of Place)—Performing previously disclosed Spectre-PHT attacks within an attacker-controlled address space at a congruent address to the victim branch.

4. Spectre-PHT-SA-IP (Same Address-space In Place)—Performing Spectre-PHT attacks within the same address space and the same branch location that is later on exploited.

5. Spectre-PHT-SA-OP (Same Address-space Out of Place)—Performing Spectre-PHT attacks within the same address space with a different branch.

Spectre-BTB (Branch Target Buffer)

6. Spectre-BTB-SA-IP (Same Address-space In Place)—Performing Spectre-BTB attacks within the same address space and the same branch location that is later on exploited.

7. Spectre-BTB-SA-OP (Same Address-space Out of Place)—Performing Spectre-BTB attacks within the same address space with a different branch.

Researchers demonstrate all of the above attacks in practical proof-of-concept attacks against processors from Intel, ARM, and AMD. For Spectre-PHT, all vendors have processors that are vulnerable to all four variants of mistraining, they say.

“We performed a vulnerability assessment for these new attack vectors on Intel, ARM, and AMD. For Intel, we tested our proofs-of-concept on a Skylake i5-6200U and a Haswell i7-4790. Our AMD test machines were a Ryzen 1950X and a Ryzen Threadripper 1920X. For experiments on ARM, a NVIDIA Jetson TX1 has been used,” the researchers say.

Researchers responsibly disclosed their findings to Intel, ARM, and AMD, of which Intel and ARM acknowledged the report. The team also said since the vendors are working to address the issues, they decided to hold their proof-of-concept exploits for some time.

For in-depth details about the new attacks, you can head on to the research paper titled, “A Systematic Evaluation of Transient Execution Attacks and Defenses,” published by the team of researchers today.

Let’s block ads! (Why?)

Link to original source

63 New Flaws (Including 0-Days) Windows Users Need to Patch Now

windows patch update

It’s Patch Tuesday once again…time for another round of security updates for the Windows operating system and other Microsoft products.

This month Windows users and system administrators need to immediately take care of a total of 63 security vulnerabilities, of which 12 are rated critical, 49 important and one moderate and one low in severity.

Two of the vulnerabilities patched by the tech giant this month are listed as publicly known at the time of release, and one flaw is reported as being actively exploited in the wild by multiple cybercriminal groups.

Zero-Day Vulnerability Being Exploited by Cyber Criminals

The zero-day vulnerability, tracked as CVE-2018-8589, which is being exploited in the wild by multiple advanced persistent threat groups was first spotted and reported by security researchers from Kaspersky Labs.

windows zero-day vulnerability

The flaw resides in the Win32k component (win32k.sys), which if exploited successfully, could allow a malicious program to execute arbitrary code in kernel mode and elevate its privileges on an affected Windows 7, Server 2008 or Server 2008 R2 to take control of it.

“The exploit was executed by the first stage of a malware installer in order to gain the necessary privileges for persistence on the victim’s system. So far, we have detected a very limited number of attacks using this vulnerability,” Kaspersky said.

Two Publicly Disclosed Zero-Day Vulnerabilities

The other two publicly known zero-day vulnerabilities which were not listed as under active attack reside in Windows Advanced Local Procedure Call (ALPC) service and Microsoft’s BitLocker Security Feature.

The flaw related to ALPC, tracked as CVE-2018-8584, is a privilege escalation vulnerability that could be exploited by running a specially crafted application to execute arbitrary code in the security context of the local system and take control over an affected system.

Advanced local procedure call (ALPC) facilitates high-speed and secure data transfer between one or more processes in the user mode.

The second publicly disclosed vulnerability, tracked as CVE-2018-8566, exists when Windows improperly suspends BitLocker Device Encryption, which could allow an attacker with physical access to a powered-off system to bypass security and gain access to encrypted data.

BitLocker was in headlines earlier this month for a separate issue that could expose Windows users encrypted data due to its default encryption preference and bad encryption on self-encrypting SSDs.

Microsoft did not fully address this issue; instead, the company simply provided a guide on how to manually change BitLocker default encryption choice.

November 2018 Patch Tuesday: Critical and Important Flaws

Out of 12 critical, eight are memory corruption vulnerabilities in the Chakra scripting engine that resides due to the way the scripting engine handles objects in memory in the Microsoft Edge internet browser.

All the 8 vulnerabilities could be exploited to corrupt memory, allowing an attacker to execute code in the context of the current user. To exploit these bugs, all an attacker needs to do is tricking victims into opening a specially crafted website on Microsoft Edge.

Rest three vulnerabilities are remote code execution bugs in the Windows Deployment Services TFTP server, Microsoft Graphics Components, and the VBScript engine. All these flaws reside due to the way the affected software handles objects in memory.

The last critical vulnerability is also a remote code execution flaw that lies in Microsoft Dynamics 365 (on-premises) version 8. The flaw exists when the server fails to properly sanitize web requests to an affected Dynamics server.

If exploited successfully, the vulnerability could allow an authenticated attacker to run arbitrary code in the context of the SQL service account by sending a specially crafted request to a vulnerable Dynamics server.

Windows Deployment Services TFTP Server Remote Code Execution Vulnerability CVE-2018-8476 Critical
Microsoft Graphics Components Remote Code Execution Vulnerability CVE-2018-8553 Critical
Chakra Scripting Engine Memory Corruption Vulnerability CVE-2018-8588 Critical
Chakra Scripting Engine Memory Corruption Vulnerability CVE-2018-8541 Critical
Chakra Scripting Engine Memory Corruption Vulnerability CVE-2018-8542 Critical
Chakra Scripting Engine Memory Corruption Vulnerability CVE-2018-8543 Critical
Windows VBScript Engine Remote Code Execution Vulnerability CVE-2018-8544 Critical
Chakra Scripting Engine Memory Corruption Vulnerability CVE-2018-8555 Critical
Chakra Scripting Engine Memory Corruption Vulnerability CVE-2018-8556 Critical
Chakra Scripting Engine Memory Corruption Vulnerability CVE-2018-8557 Critical
Chakra Scripting Engine Memory Corruption Vulnerability CVE-2018-8551 Critical
Microsoft Dynamics 365 (on-premises) version 8 Remote Code Execution Vulnerability CVE-2018-8609 Critical
Azure App Service Cross-site Scripting Vulnerability CVE-2018-8600 Important
Windows Win32k Elevation of Privilege Vulnerability CVE-2018-8589 Important
BitLocker Security Feature Bypass Vulnerability CVE-2018-8566 Important
Windows ALPC Elevation of Privilege Vulnerability CVE-2018-8584 Important
Team Foundation Server Cross-site Scripting Vulnerability CVE-2018-8602 Important
Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability CVE-2018-8605 Important
Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability CVE-2018-8606 Important
Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability CVE-2018-8607 Important
Microsoft Dynamics 365 (on-premises) version 8 Cross Site Scripting Vulnerability CVE-2018-8608 Important
Microsoft RemoteFX Virtual GPU miniport driver Elevation of Privilege Vulnerability CVE-2018-8471 Important
DirectX Elevation of Privilege Vulnerability CVE-2018-8485 Important
DirectX Elevation of Privilege Vulnerability CVE-2018-8554 Important
DirectX Elevation of Privilege Vulnerability CVE-2018-8561 Important
Win32k Elevation of Privilege Vulnerability CVE-2018-8562 Important
Microsoft SharePoint Elevation of Privilege Vulnerability CVE-2018-8572 Important
Microsoft Exchange Server Elevation of Privilege Vulnerability CVE-2018-8581 Important
Windows COM Elevation of Privilege Vulnerability CVE-2018-8550 Important
Windows VBScript Engine Remote Code Execution Vulnerability CVE-2018-8552 Important
Microsoft SharePoint Elevation of Privilege Vulnerability CVE-2018-8568 Important
Windows Elevation Of Privilege Vulnerability CVE-2018-8592 Important
Microsoft Edge Elevation of Privilege Vulnerability CVE-2018-8567 Important
DirectX Information Disclosure Vulnerability CVE-2018-8563 Important
MSRPC Information Disclosure Vulnerability CVE-2018-8407 Important
Windows Audio Service Information Disclosure Vulnerability CVE-2018-8454 Important
Win32k Information Disclosure Vulnerability CVE-2018-8565 Important
Microsoft Outlook Information Disclosure Vulnerability CVE-2018-8558 Important
Windows Kernel Information Disclosure Vulnerability CVE-2018-8408 Important
Microsoft Edge Information Disclosure Vulnerability CVE-2018-8545 Important
Microsoft SharePoint Information Disclosure Vulnerability CVE-2018-8578 Important
Microsoft Outlook Information Disclosure Vulnerability CVE-2018-8579 Important
PowerShell Remote Code Execution Vulnerability CVE-2018-8256 Important
Microsoft Outlook Remote Code Execution Vulnerability CVE-2018-8522 Important
Microsoft Outlook Remote Code Execution Vulnerability CVE-2018-8576 Important
Microsoft Outlook Remote Code Execution Vulnerability CVE-2018-8524 Important
Microsoft Word Remote Code Execution Vulnerability CVE-2018-8539 Important
Microsoft Word Remote Code Execution Vulnerability CVE-2018-8573 Important
Microsoft Excel Remote Code Execution Vulnerability CVE-2018-8574 Important
Microsoft Project Remote Code Execution Vulnerability CVE-2018-8575 Important
Microsoft Outlook Remote Code Execution Vulnerability CVE-2018-8582 Important
Windows Search Remote Code Execution Vulnerability CVE-2018-8450 Important
Microsoft Excel Remote Code Execution Vulnerability CVE-2018-8577 Important
Internet Explorer Memory Corruption Vulnerability CVE-2018-8570 Important
Microsoft JScript Security Feature Bypass Vulnerability CVE-2018-8417 Important
Windows Security Feature Bypass Vulnerability CVE-2018-8549 Important
Microsoft Edge Spoofing Vulnerability CVE-2018-8564 Important
Active Directory Federation Services XSS Vulnerability CVE-2018-8547 Important
Team Foundation Server Remote Code Execution Vulnerability CVE-2018-8529 Important
Yammer Desktop Application Remote Code Execution Vulnerability CVE-2018-8569 Important
Microsoft Powershell Tampering Vulnerability CVE-2018-8415 Important
.NET Core Tampering Vulnerability CVE-2018-8416 Moderate
Microsoft Skype for Business Denial of Service Vulnerability CVE-2018-8546 Low

This month’s security update also covers 46 important vulnerabilities in Windows, PowerShell, MS Excel, Outlook, SharePoint, VBScript Engine, Edge, Windows Search service, Internet Explorer, Azure App Service, Team Foundation Server, and Microsoft Dynamics 365.

Users and system administrators are strongly advised to apply the above security patches as soon as possible in order to keep hackers and cyber criminals away from taking control of their systems.

For installing security patch updates, head on to Settings → Update & security → Windows Update → Check for updates, or you can install the updates manually.

Let’s block ads! (Why?)

Link to original source

Cynet Review: Simplify Security with a True Security Platform

Cynet Cyber Security Audit for the Enterprise

In 1999, Bruce Schneier wrote, “Complexity is the worst enemy of security.” That was 19 years ago (!) and since then, cyber security has only become more complex.

Today, controls dramatically outnumber staff available to support them. The Bank of America has a $400-million cyber budget to hire security staff and implement a broad array of products.

But what if your budget and sophistication is just a tiny fraction of the Bank of America’s?

The remaining 99% of organizations understand that they don’t have sufficient protection for their internal network, but they also realize that to be sufficiently secured they need to buy multiple solutions and hire a large team to maintain it – which isn’t an option.

So they either stay with just an AV or buy a point solution to defend a specific part of their internal environment from particular types of attacks – only to later find out it doesn’t meet what they really need.

Cynet wants to change all that.

Cynet is trying to change the face of the industry with a consolidated platform that brings together multiple security capabilities—network and endpoint—while automating and simplifying the job of the defender.

That’s why they built a threat-agnostic platform from the ground up, converging all the technologies and capabilities to answer the visibility, prevention, detection and response needs of the resource-constrained organization. This means these organizations can defend their internal network, and Cynet has made it simple and intuitive, so high expertise is no longer required.

If you don’t have the resources of a fortune 500 company with a large security team and stack of security solutions already in place—Cynet is something to look into.

Cynet built the platform to be simple and easy to deploy and use; provide broad visibility across the network, endpoints, files and users; protect against a very wide range of attacks including common attacks as well as complex multi-layered attacks; and provide a team of security experts available 24/7 that complements whatever expertise you have in place.

Getting Started: Deployment and Visibility

Cynet includes very flexible deployment methods: On-premise, IAAS, SAAS, and hybrid mode.

We evaluated Cynet using their SaaS version with a free trial across a broad spectrum of capabilities—deployment, visibility, prevention, detection, and response.

Cynet installed quickly—in just a few minutes. We tried it on a few hundred endpoints. The speed and ease of the installation were remarkable.

In environments with many agents already deployed, additional agents are often resource hogs, slowing down system performance and giving false positives, creating blue screens, and blocking access to things that people legitimately need for business purposes.

For some, agents require a degree of QA to ensure nothing gets broken. For less complicated environments, agents are just fine. How do you deal with the spectrum?

Cynet has developed a unique “dissolvable exe” approach to work with organizations along the spectrum of no agents, for those who have way too many.

It gives customers a choice based on what’s right for their infrastructure which – in all cases – is fast, easy to deploy and incurs no performance issues.

Once installed, Cynet starts by mapping the entire IT DNA architecture. Cynet scans corporate assets including endpoints, users, files and network traffic. Cynet takes its broad view to correlate and connect behaviors, evidence, indicators, and anomalies to detect attacks. Very quickly, you get a dashboard of everything Cynet has uncovered:

Cynet dashboard
Figure 1: Cynet dashboard

Within minutes, we could already see all live hosts:

cynet review asset list
Figure 2: Asset list

The immediate value Cynet provides is comprehensive visibility into the organization, including networks, applications, inventory, asset management and vulnerability.

Cynet creates a mapping of your organization’s network, by connecting endpoint with networks. Any risky endpoints are marked in red and clickable for a deeper look:

Network map
Figure 3: Network map

The other insights provided upon installation are centered around vulnerability management and compliance, in 4 main areas:

1. OS Updates: Cynet checks the installed Windows patch and raises an indication if the patches are missing. In addition, Cynet creates an inventory of installed patches.

2. Unauthorized applications: Cynet provides a list of blacklisted applications that can be customized. Cynet will alert if any unauthorized applications are found.

Vulnerability Management
Figure 4: Vulnerability Management: Unauthorized applications

3. Outdated applications: Cynet checks if a list of outdated application versions is installed, and if so – alerts if anything is found.

4. Security policy validation: Cynet checks if a list of installed agents exists on the endpoints and are currently running – alerting if anything is missing.

In addition, for correlation capabilities, the vulnerability management data is available via the “Forensic” screen for creating any type of report, query, etc.

Using the data gathered, Cynet’s Forensics screen immediately allows users to search across files, hosts, users, and sockets. Every object is clickable to easily understand its history.

For example, you can search for common security issues such as users that have not replaced a password, what files are called upon startup, what applications are running on your endpoints and look for unauthorized access to applications using network visibility.

network visibility
Figure 5: A list of hosts that were not updated over a specific period of time.

cynet system start-up
Figure 6: All files running on system start-up

password change period
Figure 7: All users that haven’t changed their password during a specific period and logged in over the last week

cybersecurity policy alert
Figure 8: Save a search as a policy to trigger an alert or for future use

As part of the simplicity of the platform, every object is clickable and once clicked, all data is presented in a simple way on a single timeline, with all the associated history and objects:

cynet true security platform
Figure 9: Host object – including risk score, associated alerts, and all relevant data

Mature security teams can also leverage all data being collected by Cynet through a full-documented rest API.


Cynet’s approach to prevention starts with checkbox configuration for the types of threats you wish to prevent automatically:

cybersecurity prevention tool
Figure 10: Configure prevention

For resource-strapped organizations, this means you automate as much—or a little—as you want. In addition, the capability allows you to simplify grunt work, but focus on the more strategic threats you face uniquely. This means you can choose and create your own auto remediation rules.

Even though the process is automated, Cynet gives you the option to show you what has been auto-remediated:

Auto-remediated threat alerts
Figure 11: Auto-remediated threat alerts

Another key preventative capability in Cynet is critical component whitelisting. Cynet enhances endpoint protection with critical component whitelisting. Cynet protects vital components of the operating system by allowing access only to approved files, processes and communications. It does this by creating a list of whitelisted items, so the system knows what to let in, and what to deny entry.


Cynet’s approach to security is about convergence. Namely, Cynet not only brings together detection, correlation and automation—but unlike point solutions—Cynet also converges its analysis across endpoints, for users, files and networks.

In addition to traditional endpoint security, Cynet’s detection capabilities also include EDR, UBA, deception and network analytics.

When seeing a live demo of the capabilities for the first time, it’s impressive to see the variety of types of alerts that can be generated – such as malicious behavior, exploitation, ransomware, lateral movement, brute force, user login anomalies, DNS Tunneling, privilege escalation, credential theft and more, which are the result of the multiple detection layers that Cynet includes.

Cynet prioritizes the alerts and makes them easy to understand and act upon—by pre-correlating all related objects into one single view of the alert, highlighting actionable information, and presenting additional information and recommendations with a click of a button. Everything is wrapped in a simple, self-explanatory interface that can be used by anyone with a minimal level of expertise:

cyber security alerts
Figure 12: Alert

In addition to the comprehensive detection, Cynet claims to have a very low false-positive ratio, as a result of the multi layered approach.

Cynet Response

Cynet provides an impressive range of response and remediation capabilities.

Analysis capabilities:

cyber security analyst
Figure 13: Analysis capabilities

In cases of attacks which are not prevented or require further analysis, Cynet has various analysis remediation actions available in order to provide the end-user with further details:

  • Send to SOC – send the suspicious file to Cynet’s operations team, and they will classify the file for the end-user.
  • Send to Analysis – send the file to a sandbox which is part of the Cynet platform, there it will run dynamically in an isolated environment, and a report will be generated.
  • Verify File – this is to verify if the file still exists on the endpoint or was deleted.
  • Get memory strings/memory dump–collect the memory strings of a file, which ran as a process, for an analyst to identify malicious actions which were performed in the endpoint’s memory.
  • Pull File –pull any file which was scanned by Cynet from the endpoint to the Cynet server. This is in cases where the end user would like to analyze the file using other security products, or in cases where he would like to send the file to a specialist (for example).

Response capabilities:

Cyber Incident Response
Figure 14: Response capabilities

Cynet provides advanced and comprehensive response capabilities for the hosts, users, files or networks. For example:

  • Kill, delete or quarantine malicious files.
  • Disable users and run commands.
  • Shut down the process or restart hosts.
  • Isolate or block traffic.

Automated Response:

For each alert Cynet creates, the user can create and customize his own automatic remediation rule, to improve the incident response process and the prevention of a real-time threat.

automated cybersecurity response
Figure 15: Automated response

As part of this, Cynet provides a comprehensive rule creation mechanism that allows the user to customize the action according to the organization’s needs, such as:
Which group to apply the rule to, whom to exclude, etc.

24/7 Cyber SWAT Team

Cynet includes CyOps – a 24/7 operations team – at no additional cost, to completement the expertise that their customer lack. What do you get? It’s not a watered-down service that incurs hidden costs if you go above a certain threshold.

It’s a proactive service – if there something you should care about, a threat you missed, or if you need to perform forensics or hunt for threats—someone contacts you. Their service includes:

  • Forensics: In the event of an incident, Cynet experts perform breach post mortems.
  • Malware analysis: Cynet malware reverse engineers analyze malware samples to get full attack life-cycle, origin and potential impact of malware, quickly identifying threat actors, motivations and likely targets.
  • Threat hunting: Cynet’s crowd-sourced intelligence from the customer ecosystem provides the unparalleled ability to uncover advanced threats across users, endpoints, files, and networks.


Cynet is banking on an industry moving from fragmentation to consolidation. From the looks of what they’ve assembled, they may be onto something big.

For organizations that do not have the resources and security expertise of a Fortune 500 company, we see Cynet as the ideal solution – its rapid deployment, single-pane-of-glass approach, and multiple technology capabilities is a real game changer.

If your organization is 500 endpoints or less, we recommend signing up for Cynet’s SaaS free trial:

If your organization is larger, we suggest requesting a demo to get a personal walkthrough of the platform:

Let’s block ads! (Why?)

Link to original source

New APIs Suggest WPA3 Wi-Fi Security Support Coming Soon to Windows 10

windows 10 wpa3 wifi security

Windows 10 users don’t have to wait much longer for the support of latest WPA3 Wi-Fi security standard, a new blog post from Microsoft apparently revealed.

The third version of Wi-Fi Protected Access, in-short WPA3, is the next generation of the wireless security protocol that has been designed to make it harder for attackers to hack WiFi password.

WPA3 was officially launched earlier this year, but the new WiFi security standard won’t arrive overnight. Most device manufacturers could take months to get their new routers and networking devices certified by the Wi-Fi Alliance to support WPA3.

Meanwhile, technology providers have already started working on software and firmware updates to support the new WPA3 standard, including Microsoft.

WPA3-Personal (SAE) Support in Windows 10

Though Microsoft hasn’t yet officially announced WPA3 support for its Windows 10 operating system, new APIs introduced in the newly released Windows 10 SDK Preview build 18272, as marked in the screenshot below, indicates that Windows users would soon be getting support for the new protocol.

WPA3-Personal leverages Simultaneous Authentication of Equals (SAE), a secure key establishment protocol between devices, to prevents attackers from decrypting old captured traffic even if they learn the password of a network.

windows 10 wpa3 wifi security

Windows 10 Software Development Kit (SDK) is a collection of headers, libraries, metadata, and tools from Microsoft to help Windows application developers build apps for Windows 10 platform.

The SDK build 18272 supports the newly released Windows 10 Insider Preview Build 18277 (also known as 19H1) that has been designed to let developers and enthusiasts get early access to upcoming features and improvements, and share their feedback with the company.

Besides this, Tim Cappalli, an engineer at Aruba Security, in a tweet claimed that he also spotted WPA3-Personal (SAE) available in the Windows 10 Insider build 18252.100 while manually configuring a wireless network.

Another Windows user confirmed the WPA3-Personal availability in the latest Insider build version but also mentioned that it’s not currently working as intended.

Both frontend and API availabilities indicate that Microsoft is actively working on a stable version of Windows 10 operating system with WPA3 support.

Last month Wi-Fi Alliance also announced the next version of WiFi standard, called 802.11ax (WiFi 6), along with a simpler naming scheme that aims to make it easier for users to recognize which WiFi version their devices support and run, helping them to keep their devices up-to-date with the latest advanced WiFi capabilities.

Let’s block ads! (Why?)

Link to original source