ITACS 5211: Introduction to Ethical Hacking

Wade Mackey

Raaghav Sharma

Critical SQLite Flaw Leaves Millions of Apps Vulnerable to Hackers

by Leave a Comment

Cybersecurity researchers have discovered a critical vulnerability in widely used SQLite database software that exposes billions of deployments to hackers.
Dubbed as ‘Magellan‘ by Tencent’s Blade security team, the newly discovered SQLite flaw could allow remote attackers to execute arbitrary or malicious code on affected devices, leak program memory or crash applications.

Since Chromium-based web browsers—including Google Chrome, Opera, Vivaldi, and Brave—also support SQLite through the deprecated Web SQL database API, a remote attacker can easily target users of affected browsers just by convincing them into visiting a specially crafted web-page.

Since SQLite is used by everybody including Adobe, Apple, Dropbox, Firefox, Android, Chrome, Microsoft and a bunch of other software, the Magellan vulnerability is a noteworthy issue, even if it’s not yet been exploited in the wild.

Users and administrators are highly recommended to update their systems and affected software versions to the latest release as soon as they become available.

https://thehackernews.com/2018/12/sqlite-vulnerability.html

 

Quora Gets Hacked – 100 Million Users Data Stolen

by 1 Comment

Quora has suffered a massive data breach with unknown hackers gaining unauthorized access to potentially sensitive personal information of about 100 million of its users. They announced that an unidentified malicious third-party managed to gain unauthorized access to one of its systems and stole data on approximately 100 million users—that’s almost half of its entire user base.

According to Adam D’Angelo, the chief executive officer and co-founder of Quora, the personal user information compromised in the breach includes:

  • Account information, such as names, email addresses, encrypted (hashed) passwords, and data imported from linked social networks like Facebook and Twitter when authorized by users.
  • Public content and actions, like questions, answers, comments, and upvotes.
  • Non-public content and actions, including answer requests, downvotes, direct and messages (note that a low percentage of Quora users have sent or received such messages).

Quora said it is still investigating the breach and assured its users that it working rapidly to “take the appropriate steps to prevent such incidents in the future.”

 

https://thehackernews.com/2018/12/quora-hack.html

Instagram Accidentally Exposed Some Users’ Passwords In Plaintext

by Leave a Comment

Instagram has recently patched a security issue in its website that might have accidentally exposed some of its users’ passwords in plain text.

The company recently started notifying affected users of a security bug that resides in a newly offered feature called “Download Your Data” that allows users to download a copy of their data shared on the social media platform, including photos, comments, posts, and other information that they have shared on the platform.

According to Instagram, the plain-text passwords for some users who had used the Download Your Data feature were included in the URL and also stored on Facebook’s servers due to a security bug that was discovered by the Instagram internal team.
The company said the stored data has been deleted from the servers owned by Facebook, Instagram’s parent company and the tool has now been updated to resolve the issue, which “affected a very small number of people.”

https://thehackernews.com/2018/11/instagram-password-hack.html

Unpatched VirtualBox Zero-Day Vulnerability and Exploit Released Online

by Leave a Comment

An independent exploit developer and vulnerability researcher has publicly disclosed a zero-day vulnerability in VirtualBox—a popular open source virtualization software developed by Oracle—that could allow a malicious program to escape virtual machine (guest OS) and execute code on the operating system of the host machine.
The vulnerability occurs due to memory corruption issues and affects Intel PRO / 1000 MT Desktop (82540EM) network card (E1000) when the network mode is set to NAT (Network Address Translation).
The flaw is independent of the type of operating system being used by the virtual and host machines because it resides in a shared code base.

The vulnerability allows an attacker or a malicious program with root or administrator rights in the guest OS to escape and execute arbitrary code in the application layer (ring 3) of the host OS, which is used for running code from most user programs with the least privileges.

However, until it is patched, users can protect themselves against potential cyber attacks by changing the network card of their “virtual machines to PCnet (either of two) or to Paravirtualized Network.”

https://thehackernews.com/2018/11/virtualbox-zero-day-exploit.html

 

New Intel CPU Flaw Exploits Hyper-Threading to Steal Encrypted Data

by Leave a Comment

A team of security researchers has discovered another serious side-channel vulnerability in Intel CPUs that could allow an attacker to sniff out sensitive protected data, like passwords and cryptographic keys, from other processes running in the same CPU core with simultaneous multi-threading feature enabled.

The vulnerability, codenamed PortSmash (CVE-2018-5407), has joined the list of other dangerous side-channel vulnerabilities discovered in the past year, including Meltdown and Spectre, TLBleed, and Foreshadow. The new side-channel vulnerability resides in Intel’s Hyper-Threading technology, the company’s implementation of Simultaneous MultiThreading (SMT).

The simple fix for the PortSmash vulnerability is to disable SMT/Hyper-Threading in the CPU chip’s BIOS until Intel releases security patches. OpenSSL users can upgrade to OpenSSL 1.1.1 (or >= 1.1.0i if you are looking for patches).

https://thehackernews.com/2018/11/portsmash-intel-vulnerability.html

China hijacking internet traffic using BGP, claim researchers

by 1 Comment

China has been accused of hijacking the internet’s Border Gateway Protocol (BGP) to carry out covert man-in-the-middle surveillance on Western countries and companies.

BGP governs how traffic is routed between subdivisions of the internet known as autonomous systems (AS). It ensures that traffic reaches the correct servers – meaning messing around with it is bad news.

The researchers claim China Telecom has essentially been doing the same again – abusing BGP to route international Net traffic via its POPs, of which it has eight located in the US and two in Canada.

These included months of ‘hijacking’ routes from Canada to Korea in 2016, which saw traffic take longer detours into China before completing its journey.

Or the traffic from the US to a bank in Milan, Italy which was diverted via China Telecom POPs in a way that only stood out because it never arrived.

One defence against BGP hijacking is TLS encryption. It doesn’t stop the rerouting but if someone diverts web, email or DNS traffic encrypted with TLS through their POP it should be unreadable.

https://nakedsecurity.sophos.com/2018/10/30/china-hijacking-internet-traffic-using-bgp-claim-researchers/

Dark web criminals are selling legitimate passport scans for as little as $14

by Leave a Comment

Cybercriminals are now selling legitimate passports alongside identity verification documents on the dark web. This kind of data could be used by cybercriminals to steal identities, open bank accounts and more. Security experts found that passport scans were being sold on multiple popular dark web markets such as Dream Market, Berlusconi Market, Wall Street Market, and Tochka Free Market.

While the average price of a digital passport scan was around $14, those interested in purchasing a physical passport had to cough up a whopping $13,000. According to researchers at Comparitech, who discovered this dark market sales trend, all of these fake passports – both digital and physical – can be bought using cryptocurrencies like Bitcoin or Monero.

These passports can be used by crooks to open bank accounts, as some banks now require only two ID proof documents. These fake bank accounts can also be used for other illicit transactions in a “bank drop” scam.

https://cyware.com/news/dark-web-criminals-are-selling-legitimate-passport-scans-for-as-little-as-14-b2df2d2d

CLEVER TOOL SHIELDS YOUR CAR FROM HACKS BY WATCHING ITS INTERNAL CLOCKS

by 2 Comments

In a paper they plan to present at the Usenix security conference next month, University of Michigan researchers Kyong-Tak Cho and Kang Shin describe an easy-to-assemble tool they call the Clock-based Intrusion Detection System, or CIDS. It’s designed to spot the malicious messages car hackers use to take control of vehicle components like brakes and transmission. The CIDS prototype uses a new technique to spot attack messages: It records the communications on a car’s internal network known as a CAN bus and—in just seconds—creates “fingerprints” for every digital component of a vehicle, the so-called Electronic Control Units or ECUs that allow everything from brakes to windshield wipers to communicate.

To perform that fingerprinting, they use a weird characteristic of all computers: tiny timing errors known as “clock skew.” Taking advantage of the fact that those errors are different in every computer—including every computer inside a car—the researchers were able to assign a fingerprint to each ECU based on its specific clock skew. The CIDS’ device then uses those fingerprints to differentiate between the ECUs, and to spot when one ECU impersonates another, like when a hacker corrupts the vehicle’s radio system to spoof messages that are meant to come from a brake pedal or steering system.

That sort of impersonation is key to how white hat hackers previously managed to remotely mess with vehicles’ brakes, transmission and steering systems.

 

https://www.wired.com/2016/07/clever-tool-shields-car-hacks-watching-internal-clocks/

LibSSH Flaw Allows Hackers to Take Over Servers Without Password

by Leave a Comment

A four-year-old severe vulnerability has been discovered in the Secure Shell (SSH) implementation library known as Libssh that could allow anyone to completely bypass authentication and gain unfettered administrative control over a vulnerable server without requiring a password.
The security vulnerability, tracked as CVE-2018-10933, is an authentication-bypass issue that was introduced in Libssh version 0.6 released earlier 2014, leaving thousands of enterprise servers open to hackers for the last four years.

According to a security advisory published Tuesday, all an attacker needs to do is sending an “SSH2_MSG_USERAUTH_SUCCESS” message to a server with an SSH connection enabled when it expects an “SSH2_MSG_USERAUTH_REQUEST” message.

https://thehackernews.com/2018/10/libssh-ssh-protocol-library.html

Local-Privilege Escalation Flaw in Linux Kernel Allows Root Access

by 1 Comment

A local-privilege escalation vulnerability in the Linux kernel affects all current versions of Red Hat Enterprise Linux and CentOS, even in their default/minimal installations. It would allow an attacker to obtain full administrator privileges over the targeted system, and from there potentially pivot to other areas of the network.

https://threatpost.com/local-privilege-escalation-flaw-in-linux-kernel-allows-root-access/137748/