π New Bill Could Ease HIPAA Enforcement π
π Read
via "Subscriber Blog RSS Feed ".
A bill passed by a Senate Committee last week could ease Health Insurance Portability and Accountability Act (HIPAA) enforcements by incentivizing healthcare entities to adopt cybersecurity policies.π Read
via "Subscriber Blog RSS Feed ".
Digital Guardian
New Bill Could Ease HIPAA Enforcement
A bill passed by a Senate Committee last week could ease Health Insurance Portability and Accountability Act (HIPAA) enforcements by incentivizing healthcare entities to adopt cybersecurity policies.
π΄ Toyota's Car-Hacking Tool Now Available π΄
π Read
via "Dark Reading: ".
'PASTA' hardware and software kit now retails for $28,300.π Read
via "Dark Reading: ".
Dark Reading
Toyota's Car-Hacking Tool Now Available
'PASTA' hardware and software kit now retails for $28,300.
β Google July Android Security Bulletin Fixes 3 Critical RCE Bugs β
π Read
via "Threatpost".
Google fixed several critical and high-severity vulnerabilities in its Android operating system.π Read
via "Threatpost".
Threat Post
Google July Android Security Bulletin Fixes 3 Critical RCE Bugs
Google fixed several critical and high-severity vulnerabilities in its Android operating system.
π΄ Poor Communications Slowing DevOps Shift π΄
π Read
via "Dark Reading: ".
Existing functional silos are standing in the way of building a DevOps culture.π Read
via "Dark Reading: ".
Dark Reading
Poor Communications Slowing DevOps Shift
Existing functional silos are standing in the way of building a DevOps culture.
π΄ In Cybercrime's Evolution, Active, Automated Attacks Are the Latest Fad π΄
π Read
via "Dark Reading: ".
Staying ahead can feel impossible, but understanding that perfection is impossible can free you to make decisions about managing risk.π Read
via "Dark Reading: ".
Darkreading
In Cybercrime's Evolution, Active, Automated Attacks Are the Latest Fad
Staying ahead can feel impossible, but understanding that perfection is impossible can free you to make decisions about managing risk.
ATENTIONβΌ New - CVE-2017-8408
π Read
via "National Vulnerability Database".
An issue was discovered on D-Link DCS-1130 devices. The device provides a user with the capability of setting a SMB folder for the video clippings recorded by the device. It seems that the GET parameters passed in this request (to test if SMB credentials and hostname sent to the device work properly) result in being passed as commands to a "system" API in the function and thus result in command injection on the device. If the firmware version is dissected using binwalk tool, we obtain a cramfs-root archive which contains the filesystem set up on the device that contains all the binaries. The binary "cgibox" is the one that has the vulnerable function "sub_7EAFC" that receives the values sent by the GET request. If we open this binary in IDA-pro we will notice that this follows a ARM little endian format. The function sub_7EAFC in IDA pro is identified to be receiving the values sent in the GET request and the value set in GET parameter "user" is extracted in function sub_7E49C which is then passed to the vulnerable system API call.π Read
via "National Vulnerability Database".
π Top 5 things to know about Europe's SCA rules π
π Read
via "Security on TechRepublic".
Europe's Strong Customer Authentication compliance regulations go into effect in September 2019. Tom Merritt explains five things you need to know to get ready for SCA.π Read
via "Security on TechRepublic".
TechRepublic
Top 5 things to know about Europe's SCA rules
Europe's Strong Customer Authentication compliance regulations go into effect in September 2019. Tom Merritt explains five things you need to know to get ready for SCA.
π Top 5 things to know about Europe's SCA rules π
π Read
via "Security on TechRepublic".
Europe's Strong Customer Authentication compliance regulations go into effect in September 2019. Tom Merritt explains five things you need to know to get ready for SCA.π Read
via "Security on TechRepublic".
TechRepublic
Top 5 things to know about Europe's SCA rules
Europe's Strong Customer Authentication compliance regulations go into effect in September 2019. Tom Merritt explains five things you need to know to get ready for SCA.
π΄ 'Human Side-Channels': Behavioral Traces We Leave Behind π΄
π Read
via "Dark Reading: ".
How writing patterns, online activities, and other unintentional identifiers can be used in cyber offense and defense.π Read
via "Dark Reading: ".
Darkreading
'Human Side-Channels': Behavioral Traces We Leave Behind
How writing patterns, online activities, and other unintentional identifiers can be used in cyber offense and defense.
β IBM Patches Critical, High-Severity Flaws in Spectrum Protect β
π Read
via "Threatpost".
IBM has disclosed multiple critical and high-severity flaws across an array of products, the most severe of which exist in its IBM Spectrum Protect tool.π Read
via "Threatpost".
Threat Post
IBM Patches Critical, High-Severity Flaws in Spectrum Protect
IBM has disclosed multiple critical and high-severity flaws across an array of products, the most severe of which exist in its IBM Spectrum Protect tool.
ATENTIONβΌ New - CVE-2017-8411
π Read
via "National Vulnerability Database".
An issue was discovered on D-Link DCS-1130 devices. The device provides a user with the capability of setting a SMB folder for the video clippings recorded by the device. It seems that the POST parameters passed in this request (to test if email credentials and hostname sent to the device work properly) result in being passed as commands to a "system" API in the function and thus result in command injection on the device. If the firmware version is dissected using binwalk tool, we obtain a cramfs-root archive which contains the filesystem set up on the device that contains all the binaries. The library "libmailutils.so" is the one that has the vulnerable function "sub_1FC4" that receives the values sent by the POST request. If we open this binary in IDA-pro we will notice that this follows an ARM little endian format. The function sub_1FC4 in IDA pro is identified to be receiving the values sent in the POST request and the value set in POST parameter "receiver1" is extracted in function "sub_15AC" which is then passed to the vulnerable system API call. The vulnerable library function is accessed in "cgibox" binary at address 0x00023BCC which calls the "Send_mail" function in "libmailutils.so" binary as shown below which results in the vulnerable POST parameter being passed to the library which results in the command injection issue.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-8407
π Read
via "National Vulnerability Database".
An issue was discovered on D-Link DCS-1130 devices. The device provides a user with the capability of changing the administrative password for the web management interface. It seems that the device does not implement any cross-site request forgery protection mechanism which allows an attacker to trick a user who is logged in to the web management interface to change the user's password.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-8404
π Read
via "National Vulnerability Database".
An issue was discovered on D-Link DCS-1130 devices. The device provides a user with the capability of setting a SMB folder for the video clippings recorded by the device. It seems that the POST parameters passed in this request (to test if email credentials and hostname sent to the device work properly) result in being passed as commands to a "system" API in the function and thus result in command injection on the device. If the firmware version is dissected using binwalk tool, we obtain a cramfs-root archive which contains the filesystem set up on the device that contains all the binaries. The library "libmailutils.so" is the one that has the vulnerable function "sub_1FC4" that receives the values sent by the POST request. If we open this binary in IDA-pro we will notice that this follows an ARM little endian format. The function sub_1FC4 in IDA pro is identified to be receiving the values sent in the POST request and the value set in POST parameter "receiver1" is extracted in function "sub_15AC" which is then passed to the vulnerable system API call. The vulnerable library function is accessed in "cgibox" binary at address 0x0008F598 which calls the "mailLoginTest" function in "libmailutils.so" binary as shown below which results in the vulnerable POST parameter being passed to the library which results in the command injection issue.π Read
via "National Vulnerability Database".
π΄ Cybersecurity Experts Worry About Satellite & Space Systems π΄
π Read
via "Dark Reading: ".
As nation-states and rogue actors increasingly probe critical infrastructure, policy and technology experts worry that satellite and space systems are on the front lines.π Read
via "Dark Reading: ".
Darkreading
Cybersecurity Experts Worry About Satellite & Space Systems
As nation-states and rogue actors increasingly probe critical infrastructure, policy and technology experts worry that satellite and space systems are on the front lines.
β Security Camera Firm Arlo Zaps High-Severity Bugs β
π Read
via "Threatpost".
Bugs in Arlo Technologiesβ equipment allow a local attacker to take control of Alro wireless home video security cameras.π Read
via "Threatpost".
Threat Post
Security Camera Firm Arlo Zaps High-Severity Bugs
Bugs in Arlo Technologiesβ equipment allow a local attacker to take control of Alro wireless home video security cameras.
ATENTIONβΌ New - CVE-2017-8417
π Read
via "National Vulnerability Database".
An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The device requires that a user logging into the device provide a username and password. However, the device allows D-Link apps on the mobile devices and desktop to communicate with the device without any authentication. As a part of that communication, the device uses custom version of base64 encoding to pass data back and forth between the apps and the device. However, the same form of communication can be initiated by any process including an attacker process on the mobile phone or the desktop and this allows a third party to retrieve the device's password without any authentication by sending just 1 UDP packet with custom base64 encoding. The severity of this attack is enlarged by the fact that there more than 100,000 D-Link devices out there.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-8416
π Read
via "National Vulnerability Database".
An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The device runs a custom daemon on UDP port 5978 which is called "dldps2121" and listens for broadcast packets sent on 255.255.255.255. This daemon handles custom D-Link UDP based protocol that allows D-Link mobile applications and desktop applications to discover D-Link devices on the local network. The binary processes the received UDP packets sent from any device in "main" function. One path in the function traverses towards a block of code that processing of packets which does an unbounded copy operation which allows to overflow the buffer. The custom protocol created by Dlink follows the following pattern: Packetlen, Type of packet; M=MAC address of device or broadcast; D=Device Type;C=base64 encoded command string;test=1111 We can see at address function starting at address 0x0000DBF8 handles the entire UDP packet and performs an insecure copy using strcpy function at address 0x0000DC88. This results in overflowing the stack pointer after 1060 characters and thus allows to control the PC register and results in code execution. The same form of communication can be initiated by any process including an attacker process on the mobile phone or the desktop and this allows a third-party application on the device to execute commands on the device without any authentication by sending just 1 UDP packet with custom base64 encoding.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-8415
π Read
via "National Vulnerability Database".
An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The device has a custom telnet daemon as a part of the busybox and retrieves the password from the shadow file using the function getspnam at address 0x00053894. Then performs a crypt operation on the password retrieved from the user at address 0x000538E0 and performs a strcmp at address 0x00053908 to check if the password is correct or incorrect. However, the /etc/shadow file is a part of CRAM-FS filesystem which means that the user cannot change the password and hence a hardcoded hash in /etc/shadow is used to match the credentials provided by the user. This is a salted hash of the string "admin" and hence it acts as a password to the device which cannot be changed as the whole filesystem is read only.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-8414
π Read
via "National Vulnerability Database".
An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The binary orthrus in /sbin folder of the device handles all the UPnP connections received by the device. It seems that the binary performs a sprintf operation at address 0x0000A3E4 with the value in the command line parameter "-f" and stores it on the stack. Since there is no length check, this results in corrupting the registers for the function sub_A098 which results in memory corruption.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-8413
π Read
via "National Vulnerability Database".
An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The device runs a custom daemon on UDP port 5978 which is called "dldps2121" and listens for broadcast packets sent on 255.255.255.255. This daemon handles custom D-Link UDP based protocol that allows D-Link mobile applications and desktop applications to discover D-Link devices on the local network. The binary processes the received UDP packets sent from any device in "main" function. One path in the function traverses towards a block of code that handles commands to be executed on the device. The custom protocol created by D-Link follows the following pattern: Packetlen, Type of packet; M=MAC address of device or broadcast; D=Device Type;C=base64 encoded command string;test=1111. If a packet is received with the packet type being "S" or 0x53 then the string passed in the "C" parameter is base64 decoded and then executed by passing into a System API. We can see at address 0x00009B44 that the string received in packet type subtracts 0x31 or "1" from the packet type and is compared against 0x22 or "double quotes". If that is the case, then the packet is sent towards the block of code that executes a command. Then the value stored in "C" parameter is extracted at address 0x0000A1B0. Finally, the string received is base 64 decoded and passed on to the system API at address 0x0000A2A8 as shown below. The same form of communication can be initiated by any process including an attacker process on the mobile phone or the desktop and this allows a third-party application on the device to execute commands on the device without any authentication by sending just 1 UDP packet with custom base64 encoding.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-8412
π Read
via "National Vulnerability Database".
An issue was discovered on D-Link DCS-1100 and DCS-1130 devices. The device has a custom binary called mp4ts under the /var/www/video folder. It seems that this binary dumps the HTTP VERB in the system logs. As a part of doing that it retrieves the HTTP VERB sent by the user and uses a vulnerable sprintf function at address 0x0000C3D4 in the function sub_C210 to copy the value into a string and then into a log file. Since there is no bounds check being performed on the environment variable at address 0x0000C360 this results in a stack overflow and overwrites the PC register allowing an attacker to execute buffer overflow or even a command injection attack.π Read
via "National Vulnerability Database".