All Windows versions susceptible to new code injection attack

296px-windows_logo_and_wordmark_-_2012-svgA new code injection technique called AtomBombing has been uncovered by researchers at enSilo. AtomBombing was found to be effective against all versions of Windows. AtomBombing exploits the operating system’s atom tables which are provided by the operating system to allow applications to store and access data.

enSilo’s Tal Liberman explained that “What we found is that a threat actor can write malicious code into an atom table and force a legitimate program to retrieve the malicious code from the table. We also found that the legitimate program, now containing the malicious code, can be manipulated to execute that code.” and depending on the process in which it was injected, the malicious code could allow attackers to take screenshots, access encrypted passwords, or perform Man in the Browser (MitB) attacks noted helpnetsecurity.

There is no way to fix this issue as it is not a vulnerability but security solutions can start monitoring API calls for malicious activity.

Hutchinson Community Foundation hit by Data Breach & Ransomware

The Hutchinson Community Foundation in Kansas was hit with a data breach and ransomware attack.

How many victims? Nearly 5,500

What type of information? Personal and financial information.

What happened? On September 19, officials at the foundation found ransomware on the foundation’s network server after clicking on a file and finding its contents encrypted. Upon further investigation they found that intruders had done more than infect their files with ransomware and had actually made it into the foundation’s systems.

What was the response? The foundation didn’t pay the ransom and was able to restore all of their data from backup files however; officials said the data breach could have allowed attackers to access the databases and files on its servers and declared the incident a breach. Not all of the donor records contained sensitive information, but those who had their financial information and other sensitive data stored on the compromised serves are being notified of the incident and will be offered up to a year of free identity monitoring services. Continue reading

Twitter & Facebook revokes Geofeedia’s access.

Image result for social mediaA recent post by the American Civil Liberties Union (ACLU) has drawn the attention of the public to a social media aggregation platform being used by law enforcement agencies to monitor protesters and activists. The platform ‘Geofeedia’ serves a wide variety of public private and public sector clients with over 500 law enforcement and public safety agencies across the US. Geofeedia offers real time monitoring of posts, photos, and live broadcast on Facebook, Twitter, Instagram, Vine and other social media sites, and sort them by location.

Although this platform is essential and profitable for law enforcement and public safety especially in times of crisis, there are worries as expressed by civil liberties advocates that such services could be misused to disrupt legal protests and possibly create a documentation on protesters.

In response to this revelations and request from ACLU, Facebook terminated Geofeedia’s access to Facebook’s Topic Feed API and the Instragrams API on September 19 and Twitter also suspended Geofeedia’s commercial access to Twitter data but Geofeedia is not the only platform for such monitoring.

ACLU is therefore requesting social media companies to do these:

  • Not provide data access to developers who have law enforcement clients and allow their product to be used for surveillance,
  • Adopt clear, public, and transparent policies to prohibit developers from exploiting user data for surveillance purposes, and
  • Institute human and technical auditing mechanisms to identify potential violations of this policy and take swift action when they do.

Remote Control Vulnerability in Tesla cars fixed

Researchers at Tencent’s Keen Security Lab had found a security flaw in Tesla cars that allowed control of car brakes and other less critical components from a remote location by attackers. They responsibly disclosed the flaw to Tesla’s security team which confirmed the flaw and has now issued fixes for it in it’s latest firmware version.

Tesla has urged car owners to update their car’s firmware to the latest version to stay immune from exploitation of the remote control flaw.

The researchers were able to open various Tesla cars’ sunroof, turn on the blinkers, move the car seat, and open doors, all while the cars were in parking mode. They also managed to control windshield wipers, fold the side rearview mirrors, open the trunk, and manipulate the brakes from a remote location 12 miles away.

Microsoft brings Tuesday Patches to an end

microsoft-patch-tuesday-header

Yesterday’s Patch Tuesday is meant to be the last traditional Windows Patch Tuesday. Microsoft is changing its patch release model. The new model will have all patches for a month bundled together and users will not be able to pick and choose which updates to install.

Microsoft has said this will start with Windows 10 but will be affect other operating systems as well in due course.

Security teams should be prepared to make changes to their patching methods as soon as Microsoft implements its new patch release model.

Critical Zero-day vulnerability in MySQL

mysql_hostingMultiple severe vulnerabilities affecting MySQL and it’s forks were discovered by researcher, Dawid Golunski according to Helpnetsecurity. One of the vulnerabilities – CVE-2016-6662 – can be used to make malicious settings in the MySQL configuration file or create a new configuration file, allowing execution of arbitrary code with root access when the service is restarted. The vulnerability.

Golunski explained in an advisory published on Monday, that “The vulnerability affects all MySQL servers in default configuration in all version branches (5.7, 5.6, and 5.5) including the latest versions, and could be exploited by both local and remote attackers,”

Oracle is yet to release a fix for these issues even though Golunski reported to the issues to them in late July. MySQL forks, Percona and MariaDB have pushed out new releases that addresses the CVE-2016-6662.

Golunski advised, “As temporary mitigations, users should ensure that no mysql config files are owned by mysql user, and create root-owned dummy my.cnfi3 files that are not in use,”

Google Switches on HTTPS for All Blogspot Domains

600-x-360-https-secure-keremyucel-istock-thinkstock-thinkstockphotos-181290353The web got a little bit safer this week after Google switched on HTTPS for all of its blogspot domains.

First trialed last September, the change means everyone can now access a blogspot page over an encrypted channel, Google revealed in a blog post.

It added the following:

“We’re also adding a new setting called HTTPS Redirect that allows you to opt-in to redirect HTTP requests to HTTPS. While all blogspot blogs will have an HTTPS version enabled, if you turn on this new setting, all visitors will be redirected to the HTTPS version of your blog at https://.blogspot.com even if they go to http://.blogspot.com. If you choose to turn off this setting, visitors will have two options for viewing your blog: the unencrypted version at http://.blogspot.com or the encrypted version at https://.blogspot.com.”

However, Google warned that mixed content – sometimes caused by “incompatible templates, gadgets, or post content” – might cause a blog not to work in HTTPS.

Continue reading