ATENTIONβΌ New - CVE-2017-10722
π Read
via "National Vulnerability Database".
Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that the desktop application used to connect to the device suffers from a stack overflow if more than 26 characters are passed to it as the Wi-Fi password. This application is installed on the device and an attacker who can provide the right payload can execute code on the user's system directly. Any breach of this system can allow an attacker to get access to all the data that the user has access too. The application uses a dynamic link library(DLL) called "avilib.dll" which is used by the application to send binary packets to the device that allow to control the device. One such action that the DLL provides is change password in the function "sendchangepass" which allows a user to change the Wi-Fi password on the device. This function calls a sub function "sub_75876EA0" at address 0x7587857C. The function determines which action to execute based on the parameters sent to it. The "sendchangepass" passes the datastring as the second argument which is the password we enter in the textbox and integer 2 as first argument. The rest of the 3 arguments are set to 0. The function "sub_75876EA0" at address 0x75876F19 uses the first argument received and to determine which block to jump to. Since the argument passed is 2, it jumps to 0x7587718C and proceeds from there to address 0x758771C2 which calculates the length of the data string passed as the first parameter.This length and the first argument are then passed to the address 0x7587726F which calls a memmove function which uses a stack address as the destination where the password typed by us is passed as the source and length calculated above is passed as the number of bytes to copy which leads to a stack overflow.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-10721
π Read
via "National Vulnerability Database".
Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that the device has Telnet functionality enabled by default. This device acts as an Endoscope camera that allows its users to use it in various industrial systems and settings, car garages, and also in some cases in the medical clinics to get access to areas that are difficult for a human being to reach. Any breach of this system can allow an attacker to get access to video feed and pictures viewed by that user and might allow them to get a foot hold in air gapped networks especially in case of nation critical infrastructure/industries.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-10720
π Read
via "National Vulnerability Database".
Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that the desktop application used to connect to the device suffers from a stack overflow if more than 26 characters are passed to it as the Wi-Fi name. This application is installed on the device and an attacker who can provide the right payload can execute code on the user's system directly. Any breach of this system can allow an attacker to get access to all the data that the user has access too. The application uses a dynamic link library(DLL) called "avilib.dll" which is used by the application to send binary packets to the device that allow to control the device. One such action that the DLL provides is change password in the function "sendchangename" which allows a user to change the Wi-Fi name on the device. This function calls a sub function "sub_75876EA0" at address 0x758784F8. The function determines which action to execute based on the parameters sent to it. The "sendchangename" passes the datastring as the second argument which is the name we enter in the textbox and integer 1 as first argument. The rest of the 3 arguments are set to 0. The function "sub_75876EA0" at address 0x75876F19 uses the first argument received and to determine which block to jump to. Since the argument passed is 1, it jumps to 0x75876F20 and proceeds from there to address 0x75876F56 which calculates the length of the data string passed as the first parameter. This length and the first argument are then passed to the address 0x75877001 which calls the memmove function which uses a stack address as the destination where the password typed by us is passed as the source and length calculated above is passed as the number of bytes to copy which leads to a stack overflow.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-10719
π Read
via "National Vulnerability Database".
Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that the device has default Wi-Fi credentials that are exactly the same for every device. This device acts as an Endoscope camera that allows its users to use it in various industrial systems and settings, car garages, and also in some cases in the medical clinics to get access to areas that are difficult for a human being to reach. Any breach of this system can allow an attacker to get access to video feed and pictures viewed by that user and might allow them to get a foot hold in air gapped networks especially in case of nation critical infrastructure/industries.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-10718
π Read
via "National Vulnerability Database".
Recently it was discovered as a part of the research on IoT devices in the most recent firmware for Shekar Endoscope that any malicious user connecting to the device can change the default SSID and password thereby denying the owner an access to his/her own device. This device acts as an Endoscope camera that allows its users to use it in various industrial systems and settings, car garages, and also in some cases in the medical clinics to get access to areas that are difficult for a human being to reach. Any breach of this system can allow an attacker to get access to video feed and pictures viewed by that user and might allow them to get a foot hold in air gapped networks especially in case of nation critical infrastructure/industries.π Read
via "National Vulnerability Database".
π How fraudulent domain names are powering phishing attacks π
π Read
via "Security on TechRepublic".
Bargain basement gTLDs and glyph attacks using IDNs are powering phishing attacks, with fraudulent registrations on the rise. Worse yet, phishing sites are increasingly getting security certificates.π Read
via "Security on TechRepublic".
TechRepublic
How fraudulent domain names are powering phishing attacks
Bargain basement gTLDs and glyph attacks using IDNs are powering phishing attacks, with fraudulent registrations on the rise. Worse yet, phishing sites are increasingly getting security certificates.
π΄ How Fraudulent Domains 'Hide in Plain Sight' π΄
π Read
via "Dark Reading: ".
Cybercriminals use new types of top-level domains, topical keywords, and targeted emails to trick victims into clicking malicious links.π Read
via "Dark Reading: ".
Darkreading
How Fraudulent Domains 'Hide in Plain Sight'
Cybercriminals use new types of top-level domains, topical keywords, and targeted emails to trick victims into clicking malicious links.
β Phishing attack lures victims with encrypted message alert β
π Read
via "Naked Security".
Why are phishing emails so enduringly popular with the bad guys? A new approach may suggest that curiosity is at play.π Read
via "Naked Security".
Naked Security
Phishing attack lures victims with encrypted message alert
Why are phishing emails so enduringly popular with the bad guys? A new approach may suggest that curiosity is at play.
β The US is reportedly seeding Russiaβs power grid with malware β
π Read
via "Naked Security".
The US is alleged to have been quietly planting malware throughout Russia's energy networks in response to years of Russian attacks on its own power grid.π Read
via "Naked Security".
Naked Security
The US is reportedly seeding Russiaβs power grid with malware
The US is alleged to have been quietly planting malware throughout Russiaβs energy networks in response to years of Russian attacks on its own power grid.
β Bella Thorne steals hackerβs thunder, publishes nude photos herself β
π Read
via "Naked Security".
Sheesh! At this rate, extortionists are going to have to seek alternate employment.π Read
via "Naked Security".
Naked Security
Bella Thorne steals hackerβs thunder, publishes nude photos herself
Sheesh! At this rate, extortionists are going to have to seek alternate employment.
β 90% off Ray-Bans? Itβs a 100% Instagram SCAM! β
π Read
via "Naked Security".
The ads look like they're been shared by friends, but they're really pod people who've hijacked accounts.π Read
via "Naked Security".
Naked Security
90% off Ray-Bans? Itβs a 100% Instagram SCAM!
The ads look like theyβre been shared by friends, but theyβre really pod people whoβve hijacked accounts.
π How organizations can better defend against DNS attacks π
π Read
via "Security on TechRepublic".
DNS has become a primary target for cyberattacks, causing downtime and financial loss for many businesses, according to a new report from EfficientIP.π Read
via "Security on TechRepublic".
TechRepublic
How organizations can better defend against DNS attacks
DNS has become a primary target for cyberattacks, causing downtime and financial loss for many businesses, according to a new report from EfficientIP.
β Working BlueKeep Exploit Developed by DHS β
π Read
via "Threatpost".
The Department of Homeland Security urged system administrators to update their Windows machines after testing a working BlueKeep exploit for Windows 2000.π Read
via "Threatpost".
Threat Post
Working BlueKeep Exploit Developed by DHS
The Department of Homeland Security urged system administrators to update their Windows machines after testing a working BlueKeep exploit for Windows 2000.
π΄ Can Your Patching Strategy Keep Up with the Demands of Open Source? π΄
π Read
via "Dark Reading: ".
It's time to reassess your open source management policies and processes.π Read
via "Dark Reading: ".
Dark Reading
Can Your Patching Strategy Keep Up with the Demands of Open Source?
It's time to reassess your open source management policies and processes.
β Microsoft Management Console Bugs Allow Windows Takeover β
π Read
via "Threatpost".
Multiple cross-site scripting (XSS) bugs and an XML external entity (XXE) problem opens the door to takeover of admin desktops.π Read
via "Threatpost".
Threat Post
Microsoft Management Console Bugs Allow Windows Takeover
Multiple cross-site scripting (XSS) bugs and an XML external entity (XXE) problem opens the door to takeover of admin desktops.
π Security breaches: 4 business impacts π
π Read
via "Security on TechRepublic".
The average cost of a cyberattack is approximately $4.6 million, according to a Radware report.π Read
via "Security on TechRepublic".
TechRepublic
Security breaches: 4 business impacts
The average cost of a cyberattack is approximately $4.6 million, according to a Radware report.
π How small businesses can deal with getting regulated π
π Read
via "Security on TechRepublic".
Even SMBs have to deal with big regulations thanks to GDPR and more. One startup has an answer for how to manage compliance and security.π Read
via "Security on TechRepublic".
TechRepublic
How small businesses can deal with getting regulated
Even SMBs have to deal with big regulations thanks to GDPR and more. One startup has an answer for how to manage compliance and security.
π How HackerOne open sources security--one hacker at a time π
π Read
via "Security on TechRepublic".
MΓ₯rten Mickos says hacker-powered security is where open source was 15 years ago, but it's moving much faster than open source did.π Read
via "Security on TechRepublic".
TechRepublic
How HackerOne open sources security--one hacker at a time
MΓ₯rten Mickos says hacker-powered security is where open source was 15 years ago, but it's moving much faster than open source did.
π΄ Google Targets Deceptive Sites with New Chrome Tools π΄
π Read
via "Dark Reading: ".
A new extension and browser alert aim to help users report deceptive sites and prevent them from encountering fraud.π Read
via "Dark Reading: ".
Darkreading
Google Targets Deceptive Sites with New Chrome Tools
A new extension and browser alert aim to help users report deceptive sites and prevent them from encountering fraud.
π΄ The Evolution of Identity π΄
π Read
via "Dark Reading: ".
How data and technology can help businesses make the right fraud decisions, protect people's identities, and create an improved customer experience.π Read
via "Dark Reading: ".
Dark Reading
The Evolution of Identity
How data and technology can help businesses make the right fraud decisions, protect people's identities, and create an improved customer experience.
π΄ Advertising Alliance Plans Protocols to Reduce Dangerous Content π΄
π Read
via "Dark Reading: ".
The Global Alliance for Responsible Media will seek ways to clamp down on dangerous and fake content.π Read
via "Dark Reading: ".
Dark Reading
Advertising Alliance Plans Protocols to Reduce Dangerous Content
The Global Alliance for Responsible Media will seek ways to clamp down on dangerous and fake content.