Week 04: Vulnerability Scanning

A cybersecurity researcher with Google Project Zero has released the details, and a proof-of-concept (PoC) exploit for a high severity vulnerability that exists in Linux kernel since kernel version 3.16 through 4.18.8.

Discovered by white hat hacker Jann Horn, the kernel vulnerability (CVE-2018-17182) is a cache invalidation bug in the Linux memory management subsystem that leads to use-after-free vulnerability, which if exploited, could allow an attacker to gain root privileges on the targeted system.

The use-after-free (UAF) vulnerabilities are a class of memory corruption bug that can be exploited by unprivileged users to corrupt or alter data in memory, enabling them to cause a denial of service (system crash) or escalate privileges to gain administrative access on a system.

https://thehackernews.com/2018/09/linux-kernel-exploit.html

 

If you are looking for a free hacking tool on the Internet, then be careful. The most widely available tool, claiming to be a swiss army knife for hackers is just a hoax. For example, the Cobian RAT can actually be used to hack, but from the person behind Cobian RAT and not from you who use it.

http://cybernews404.blogspot.com/2017/11/someone-distributing-backdoor-in-iot.html

SHEIN-Fashion Shopping Site Suffers Data Breach Affecting 6.5 Million Users U.S online fashion retailer SHEIN has admitted that company has suffered a data breach which affected 6.42 million customers. SHEIN says that the hacker carried a sophisticated attack around June 2018. Although the company didn’t disclose any technical details about the breach, it admitted that the hacker managed to gain access to customers’ email addresses and encrypted passwords. The company believed that there was no credit card information taken from the system by the intruders because the company typically did not store credit card information in its system.

https://thehackernews.com/2018/09/shein-data-breach.html

All versions of the Windows OS have a security vulnerability, known as a zero day, which was discovered and not patched within 120 days. An employee has brought this vulnerability to light.

With this vulnerability, a hacker can remotely execute malicious code on any affected machine.

The vulnerability specifically affects a Microsoft database engine integrated with many Microsoft products.

In order to fall victim to this vulnerability, someone has to open a JET database file with a hidden malicious payload. This affects all supported Windows OS.

Microsoft is currently working on patching this vulnerability.

https://thehackernews.com/2018/09/windows-zero-day-vulnerability.html

Ransomware attack that causes serious digital disruptions has quickly become one of the top types of cyber-attacks. Any ransomware attacks normally affect systems most often through phishing attacks and malicious executables. Once a PC is compromised, the malware then encrypts files before throwing up a landing page warning that if the victim does not pay up, they will never receive a key to decrypt their systems. Ransomware which infiltrates by exploiting vulnerabilities or guessing weak passwords uses mechanisms like the popular password discovery tool to start to gain control of a network.
To protect your systems from such attacks, here are a few countermeasures:
1. Patch all vulnerable versions of Microsoft, critical patches are released ahead of their Patch Tuesday.
2. Update your antivirus and anti-ransomware definitions regularly.
3. Regularly backup your critical data. In the advent of a ransomware attack, backups are the only way one can minimize the damage.

Two critical remote code execution (RCE) vulnerabilities have been identified in the communication protocols used by tens of millions of fax machines globally. Fax is still popular among several business organizations and bankers and there are more than 300 million fax numbers and 45 million fax machines in use globally. Most of the fax machines these days are connected with printers, a WiFi network and PSTN phone line, the attacker can seize control of the whole network by just send a specially-crafted image via fax. The attacker just needs the fax number in this case, which is publicly available information. The attackers could code the image file they plan to send with malware including ransomwares, cryptocurrency miners, or surveillance tools based on their motives.

The attack involves buffer overflow vulnerabilities which leads to remote code execution. The attack was demonstrated by Check Point Malware Research Team on HP Officejet Pro All-in-One fax printers, the HP Officejet Pro 6830 all-in-one printer and OfficeJet Pro 8720. HP quickly fixed the flaws in its all-in-one printers as soon as they got to know about the findings. However, the researchers believe that the same vulnerabilities could impact most of the fax-based all-in-one printers sold by other manufacturers as well.

https://thehackernews.com/2018/08/hack-printer-fax-machine.html

The Internet Corporation for Assigned Names and Numbers (ICANN) has decided to change the cryptographic key that helps protects the Domain Name Systems (DNS). The process of changing the cryptographic key is called the root key the root key rollover or KSK rollover. The DNS root key is a cryptographic public-private key pair used for DNSSec signing of the DNS root zone records. The KSK rollover means that generating a new pair of cryptographic public-private key and distributing to organizations who operate validating resolvers. The primary driving for the root KSK rollover is the growth in attack capability of cybercriminals.

https://www.networkworld.com/article/3305070/internet/icann-sets-plan-to-reinforce-internet-dns-security.html

 

In the article “Is Payment Card Security Slipping”, the author introduces about the security of credit card payment is worse than before. According to report, only 52.4 percent of organization maintained the compliance of Payment Card Industry Data Security Standard  in 2017. Compare with 55.4 percent in 2016, the number kept dropping. There are 9 factors the organizations can deal with this problem.

Factor 1: Control Environmentt.
Factor 2: Control Design
Factor 3: Control Risk
Factor 4: Control Robustness
Factor 5: Control Resilience
Factor 6: Control Lifecycle
Factor 7: Performance Management
Factor 8: Maturity Measurement
Factor 9: Self-Assessment

Credit card is still the major payment method in the US, so it is important for organizations to ensure the security of the payment method.

https://www.securitymagazine.com/articles/89446-is-payment-card-security-slipping

 

Ransomware Attack Takes Down Bristol Airport’s Flight Display Screens
– Wang Wei

A Ransomware attack on Bristol airport took out couple computer over the airport network and arrival departure display screens on the airport. This attack took the airport by storm and it took two days to restore the system to normal and in the mean time they were using paper board and manual check-in methods. This attack delayed check-in’s and baggage handling but didn’t delay any flights.

I am surprised that such an important place was compromised and it took airport back old-fashioned techniques to report data to people. I hope major airports have looked at this incident and taken appropriate security precautions. I hope hackers don’t get to the planes next and try to harm safety of people flying in the plane.

Link: https://thehackernews.com/2018/09/cyberattack-bristol-airport.html