A new code injection technique called AtomBombing has been uncovered by researchers at enSilo. AtomBombing was found to be effective against all versions of Windows. AtomBombing exploits the operating system’s atom tables which are provided by the operating system to allow applications to store and access data.
enSilo’s Tal Liberman explained that “What we found is that a threat actor can write malicious code into an atom table and force a legitimate program to retrieve the malicious code from the table. We also found that the legitimate program, now containing the malicious code, can be manipulated to execute that code.” and depending on the process in which it was injected, the malicious code could allow attackers to take screenshots, access encrypted passwords, or perform Man in the Browser (MitB) attacks noted helpnetsecurity.
There is no way to fix this issue as it is not a vulnerability but security solutions can start monitoring API calls for malicious activity.
The Hutchinson Community Foundation in Kansas was hit with a data breach and ransomware attack.
How many victims? Nearly 5,500
What type of information? Personal and financial information.
What happened? On September 19, officials at the foundation found ransomware on the foundation’s network server after clicking on a file and finding its contents encrypted. Upon further investigation they found that intruders had done more than infect their files with ransomware and had actually made it into the foundation’s systems.
What was the response? The foundation didn’t pay the ransom and was able to restore all of their data from backup files however; officials said the data breach could have allowed attackers to access the databases and files on its servers and declared the incident a breach. Not all of the donor records contained sensitive information, but those who had their financial information and other sensitive data stored on the compromised serves are being notified of the incident and will be offered up to a year of free identity monitoring services. Continue reading
A recent post by the American Civil Liberties Union (ACLU) has drawn the attention of the public to a social media aggregation platform being used by law enforcement agencies to monitor protesters and activists. The platform ‘Geofeedia’ serves a wide variety of public private and public sector clients with over 500 law enforcement and public safety agencies across the US. Geofeedia offers real time monitoring of posts, photos, and live broadcast on Facebook, Twitter, Instagram, Vine and other social media sites, and sort them by location.
Although this platform is essential and profitable for law enforcement and public safety especially in times of crisis, there are worries as expressed by civil liberties advocates that such services could be misused to disrupt legal protests and possibly create a documentation on protesters.
In response to this revelations and request from ACLU, Facebook terminated Geofeedia’s access to Facebook’s Topic Feed API and the Instragrams API on September 19 and Twitter also suspended Geofeedia’s commercial access to Twitter data but Geofeedia is not the only platform for such monitoring.
ACLU is therefore requesting social media companies to do these:
- Not provide data access to developers who have law enforcement clients and allow their product to be used for surveillance,
- Adopt clear, public, and transparent policies to prohibit developers from exploiting user data for surveillance purposes, and
- Institute human and technical auditing mechanisms to identify potential violations of this policy and take swift action when they do.
Researchers at Tencent’s Keen Security Lab had found a security flaw in Tesla cars that allowed control of car brakes and other less critical components from a remote location by attackers. They responsibly disclosed the flaw to Tesla’s security team which confirmed the flaw and has now issued fixes for it in it’s latest firmware version.
Tesla has urged car owners to update their car’s firmware to the latest version to stay immune from exploitation of the remote control flaw.
The researchers were able to open various Tesla cars’ sunroof, turn on the blinkers, move the car seat, and open doors, all while the cars were in parking mode. They also managed to control windshield wipers, fold the side rearview mirrors, open the trunk, and manipulate the brakes from a remote location 12 miles away.
Yesterday’s Patch Tuesday is meant to be the last traditional Windows Patch Tuesday. Microsoft is changing its patch release model. The new model will have all patches for a month bundled together and users will not be able to pick and choose which updates to install.
Microsoft has said this will start with Windows 10 but will be affect other operating systems as well in due course.
Security teams should be prepared to make changes to their patching methods as soon as Microsoft implements its new patch release model.
Multiple severe vulnerabilities affecting MySQL and it’s forks were discovered by researcher, Dawid Golunski according to Helpnetsecurity. One of the vulnerabilities – CVE-2016-6662 – can be used to make malicious settings in the MySQL configuration file or create a new configuration file, allowing execution of arbitrary code with root access when the service is restarted. The vulnerability.
Golunski explained in an advisory published on Monday, that “The vulnerability affects all MySQL servers in default configuration in all version branches (5.7, 5.6, and 5.5) including the latest versions, and could be exploited by both local and remote attackers,”
Oracle is yet to release a fix for these issues even though Golunski reported to the issues to them in late July. MySQL forks, Percona and MariaDB have pushed out new releases that addresses the CVE-2016-6662.
Golunski advised, “As temporary mitigations, users should ensure that no mysql config files are owned by mysql user, and create root-owned dummy my.cnfi3 files that are not in use,”