ATENTIONβΌ New - CVE-2017-9387
π Read
via "National Vulnerability Database".
An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides a shell script called relay.sh which is used for creating new SSH relays for the device so that the device connects to Vera servers. All the parameters passed in this specific script are logged to a log file called log.relay in the /tmp folder. The user can also read all the log files from the device using a script called log.sh. However, when the script loads the log files it displays them with content-type text/html and passes all the logs through the ansi2html binary which converts all the character text including HTML meta-characters correctly to be displayed in the browser. This allows an attacker to use the log files as a storing mechanism for the XSS payload and thus whenever a user navigates to that log.sh script, it enables the XSS payload and allows an attacker to execute his malicious payload on the user's browser.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-9386
π Read
via "National Vulnerability Database".
An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides a script file called "get_file.sh" which allows a user to retrieve any file stored in the "cmh-ext" folder on the device. However, the "filename" parameter is not validated correctly and this allows an attacker to directory traverse outside the /cmh-ext folder and read any file on the device. It is necessary to create the folder "cmh-ext" on the device which can be executed by an attacker first in an unauthenticated fashion and then execute a directory traversal attack.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-9385
π Read
via "National Vulnerability Database".
An issue was discovered on Vera Veralite 1.7.481 devices. The device has an additional OpenWRT interface in addition to the standard web interface which allows the highest privileges a user can obtain on the device. This web interface uses root as the username and the password in the /etc/cmh/cmh.conf file which can be extracted by an attacker using a directory traversal attack, and then log in to the device with the highest privileges.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-9383
π Read
via "National Vulnerability Database".
An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides UPnP services that are available on port 3480 and can also be accessed via port 80 using the url "/port_3480". It seems that the UPnP services provide "wget" as one of the service actions for a normal user to connect the device to an external website. It retrieves the parameter "URL" from the query string and then passes it to an internal function that uses the curl module on the device to retrieve the contents of the website.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-9382
π Read
via "National Vulnerability Database".
An issue was discovered on Vera VeraEdge 1.7.19 and Veralite 1.7.481 devices. The device provides UPnP services that are available on port 3480 and can also be accessed via port 80 using the url "/port_3480". It seems that the UPnP services provide "file" as one of the service actions for a normal user to read a file that is stored under the /etc/cmh-lu folder. It retrieves the value from the "parameters" query string variable and then passes it to an internal function "FileUtils::ReadFileIntoBuffer" which is a library function that does not perform any sanitization on the value submitted and this allows an attacker to use directory traversal characters "../" and read files from other folders within the device.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-10724
π Read
via "National Vulnerability Database".
Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that an attacker connected to the device Wi-Fi SSID can exploit a memory corruption issue and execute remote code on the device. This device acts as an Endoscope camera that allows its users to use it in various industrial systems and settings, car garages, and also in some cases in the medical clinics to get access to areas that are difficult for a human being to reach. Any breach of this system can allow an attacker to get access to video feed and pictures viewed by that user and might allow them to get a foot hold in air gapped networks especially in case of nation critical infrastructure/industries. The firmware contains binary uvc_stream that is the UDP daemon which is responsible for handling all the UDP requests that the device receives. The client application sends a UDP request to change the Wi-Fi name which contains the following format: "SETCMD0001+0002+[2 byte length of wifipassword]+[Wifipassword]. This request is handled by "control_Dev_thread" function which at address "0x00409AE4" compares the incoming request and determines if the 10th byte is 02 and if it is then it redirects to 0x0040A7D8, which calls the function "setwifipassword". The function "setwifipassword" uses a memcpy function but uses the length of the payload obtained by using strlen function as the third parameter which is the number of bytes to copy and this allows an attacker to overflow the function and control the $PC value.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-10723
π Read
via "National Vulnerability Database".
Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that an attacker connected to the device Wi-Fi SSID can exploit a memory corruption issue and execute remote code on the device. This device acts as an Endoscope camera that allows its users to use it in various industrial systems and settings, car garages, and also in some cases in the medical clinics to get access to areas that are difficult for a human being to reach. Any breach of this system can allow an attacker to get access to video feed and pictures viewed by that user and might allow them to get a foot hold in air gapped networks especially in case of nation critical infrastructure/industries. The firmware contains binary uvc_stream that is the UDP daemon which is responsible for handling all the UDP requests that the device receives. The client application sends a UDP request to change the Wi-Fi name which contains the following format: "SETCMD0001+0001+[2 byte length of wifiname]+[Wifiname]. This request is handled by "control_Dev_thread" function which at address "0x00409AE0" compares the incoming request and determines if the 10th byte is 01 and if it is then it redirects to 0x0040A74C which calls the function "setwifiname". The function "setwifiname" uses a memcpy function but uses the length of the payload obtained by using strlen function as the third parameter which is the number of bytes to copy and this allows an attacker to overflow the function and control the $PC value.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-10722
π Read
via "National Vulnerability Database".
Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that the desktop application used to connect to the device suffers from a stack overflow if more than 26 characters are passed to it as the Wi-Fi password. This application is installed on the device and an attacker who can provide the right payload can execute code on the user's system directly. Any breach of this system can allow an attacker to get access to all the data that the user has access too. The application uses a dynamic link library(DLL) called "avilib.dll" which is used by the application to send binary packets to the device that allow to control the device. One such action that the DLL provides is change password in the function "sendchangepass" which allows a user to change the Wi-Fi password on the device. This function calls a sub function "sub_75876EA0" at address 0x7587857C. The function determines which action to execute based on the parameters sent to it. The "sendchangepass" passes the datastring as the second argument which is the password we enter in the textbox and integer 2 as first argument. The rest of the 3 arguments are set to 0. The function "sub_75876EA0" at address 0x75876F19 uses the first argument received and to determine which block to jump to. Since the argument passed is 2, it jumps to 0x7587718C and proceeds from there to address 0x758771C2 which calculates the length of the data string passed as the first parameter.This length and the first argument are then passed to the address 0x7587726F which calls a memmove function which uses a stack address as the destination where the password typed by us is passed as the source and length calculated above is passed as the number of bytes to copy which leads to a stack overflow.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-10721
π Read
via "National Vulnerability Database".
Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that the device has Telnet functionality enabled by default. This device acts as an Endoscope camera that allows its users to use it in various industrial systems and settings, car garages, and also in some cases in the medical clinics to get access to areas that are difficult for a human being to reach. Any breach of this system can allow an attacker to get access to video feed and pictures viewed by that user and might allow them to get a foot hold in air gapped networks especially in case of nation critical infrastructure/industries.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-10720
π Read
via "National Vulnerability Database".
Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that the desktop application used to connect to the device suffers from a stack overflow if more than 26 characters are passed to it as the Wi-Fi name. This application is installed on the device and an attacker who can provide the right payload can execute code on the user's system directly. Any breach of this system can allow an attacker to get access to all the data that the user has access too. The application uses a dynamic link library(DLL) called "avilib.dll" which is used by the application to send binary packets to the device that allow to control the device. One such action that the DLL provides is change password in the function "sendchangename" which allows a user to change the Wi-Fi name on the device. This function calls a sub function "sub_75876EA0" at address 0x758784F8. The function determines which action to execute based on the parameters sent to it. The "sendchangename" passes the datastring as the second argument which is the name we enter in the textbox and integer 1 as first argument. The rest of the 3 arguments are set to 0. The function "sub_75876EA0" at address 0x75876F19 uses the first argument received and to determine which block to jump to. Since the argument passed is 1, it jumps to 0x75876F20 and proceeds from there to address 0x75876F56 which calculates the length of the data string passed as the first parameter. This length and the first argument are then passed to the address 0x75877001 which calls the memmove function which uses a stack address as the destination where the password typed by us is passed as the source and length calculated above is passed as the number of bytes to copy which leads to a stack overflow.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-10719
π Read
via "National Vulnerability Database".
Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that the device has default Wi-Fi credentials that are exactly the same for every device. This device acts as an Endoscope camera that allows its users to use it in various industrial systems and settings, car garages, and also in some cases in the medical clinics to get access to areas that are difficult for a human being to reach. Any breach of this system can allow an attacker to get access to video feed and pictures viewed by that user and might allow them to get a foot hold in air gapped networks especially in case of nation critical infrastructure/industries.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-10718
π Read
via "National Vulnerability Database".
Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that any malicious user connecting to the device can change the default SSID and password thereby denying the owner an access to his/her own device. This device acts as an Endoscope camera that allows its users to use it in various industrial systems and settings, car garages, and also in some cases in the medical clinics to get access to areas that are difficult for a human being to reach. Any breach of this system can allow an attacker to get access to video feed and pictures viewed by that user and might allow them to get a foot hold in air gapped networks especially in case of nation critical infrastructure/industries.π Read
via "National Vulnerability Database".
π How fraudulent domain names are powering phishing attacks π
π Read
via "Security on TechRepublic".
Bargain basement gTLDs and glyph attacks using IDNs are powering phishing attacks, with fraudulent registrations on the rise. Worse yet, phishing sites are increasingly getting security certificates.π Read
via "Security on TechRepublic".
TechRepublic
How fraudulent domain names are powering phishing attacks
Bargain basement gTLDs and glyph attacks using IDNs are powering phishing attacks, with fraudulent registrations on the rise. Worse yet, phishing sites are increasingly getting security certificates.
π΄ How Fraudulent Domains 'Hide in Plain Sight' π΄
π Read
via "Dark Reading: ".
Cybercriminals use new types of top-level domains, topical keywords, and targeted emails to trick victims into clicking malicious links.π Read
via "Dark Reading: ".
Darkreading
How Fraudulent Domains 'Hide in Plain Sight'
Cybercriminals use new types of top-level domains, topical keywords, and targeted emails to trick victims into clicking malicious links.
β Phishing attack lures victims with encrypted message alert β
π Read
via "Naked Security".
Why are phishing emails so enduringly popular with the bad guys? A new approach may suggest that curiosity is at play.π Read
via "Naked Security".
Naked Security
Phishing attack lures victims with encrypted message alert
Why are phishing emails so enduringly popular with the bad guys? A new approach may suggest that curiosity is at play.
β The US is reportedly seeding Russiaβs power grid with malware β
π Read
via "Naked Security".
The US is alleged to have been quietly planting malware throughout Russia's energy networks in response to years of Russian attacks on its own power grid.π Read
via "Naked Security".
Naked Security
The US is reportedly seeding Russiaβs power grid with malware
The US is alleged to have been quietly planting malware throughout Russiaβs energy networks in response to years of Russian attacks on its own power grid.
β Bella Thorne steals hackerβs thunder, publishes nude photos herself β
π Read
via "Naked Security".
Sheesh! At this rate, extortionists are going to have to seek alternate employment.π Read
via "Naked Security".
Naked Security
Bella Thorne steals hackerβs thunder, publishes nude photos herself
Sheesh! At this rate, extortionists are going to have to seek alternate employment.
β 90% off Ray-Bans? Itβs a 100% Instagram SCAM! β
π Read
via "Naked Security".
The ads look like they're been shared by friends, but they're really pod people who've hijacked accounts.π Read
via "Naked Security".
Naked Security
90% off Ray-Bans? Itβs a 100% Instagram SCAM!
The ads look like theyβre been shared by friends, but theyβre really pod people whoβve hijacked accounts.
π How organizations can better defend against DNS attacks π
π Read
via "Security on TechRepublic".
DNS has become a primary target for cyberattacks, causing downtime and financial loss for many businesses, according to a new report from EfficientIP.π Read
via "Security on TechRepublic".
TechRepublic
How organizations can better defend against DNS attacks
DNS has become a primary target for cyberattacks, causing downtime and financial loss for many businesses, according to a new report from EfficientIP.
β Working BlueKeep Exploit Developed by DHS β
π Read
via "Threatpost".
The Department of Homeland Security urged system administrators to update their Windows machines after testing a working BlueKeep exploit for Windows 2000.π Read
via "Threatpost".
Threat Post
Working BlueKeep Exploit Developed by DHS
The Department of Homeland Security urged system administrators to update their Windows machines after testing a working BlueKeep exploit for Windows 2000.
π΄ Can Your Patching Strategy Keep Up with the Demands of Open Source? π΄
π Read
via "Dark Reading: ".
It's time to reassess your open source management policies and processes.π Read
via "Dark Reading: ".
Dark Reading
Can Your Patching Strategy Keep Up with the Demands of Open Source?
It's time to reassess your open source management policies and processes.