ββHackers Stole $19 Million From Bithumb Cryptocurrency Exchange
#Bithumb #crypto #cryptocurrency #hackers #hacktorial #vulnerability
Hackers yesterday stole nearly $19 million worth of cryptocurrency from Bithumb, the South Korea-based popular cryptocurrency exchange admitted today.
According to Primitive Ventures' Dovey Wan, who first broke the information on social media, hackers managed to compromise a number of Bithumb's hot EOS and XRP wallets and transferred around 3 million EOS (~ $13 million) and 20 million XRP (~ $6
#Bithumb #crypto #cryptocurrency #hackers #hacktorial #vulnerability
Hackers yesterday stole nearly $19 million worth of cryptocurrency from Bithumb, the South Korea-based popular cryptocurrency exchange admitted today.
According to Primitive Ventures' Dovey Wan, who first broke the information on social media, hackers managed to compromise a number of Bithumb's hot EOS and XRP wallets and transferred around 3 million EOS (~ $13 million) and 20 million XRP (~ $6
ββCritical vulnerability in Apache HTTP Server patched
#Apache #Vulnerability #HttpServer #CVE20190211 #hacktorial
A critical vulnerability in Apache HTTP Server that if exploited could allow an attacker to gain full root control has been patched.
The cause, dubbed Carpe Diem by the researcher who discovered it Ambionics engineer Charles Fol, affects Apache HTTP Server versions 2.4.17 to 2.4.38.
The vulnerability, CVE-2019-0211, is a privilege escalation issue that happens when Apache executes what is called a βgraceful restartβ. A Graceful restart describes a situation when existing server threads are allowed to complete their task on a live website, Sophosβ Naked Security noted in a blog.
Fol found that during a restart βan opportunity arises for a low-privilege process to elevate itself to root via a script, for example via PHP or CGI.β
An attacker would require local access or being part of a shared hosting environment where many separate websites are hosted under a single IP address. This means any company or individual who currently maintains a website in such an environment should immediately updated to version 2.4.39, Naked Security said.
Jim OβGorman, chief strategy officer at Offensive Security, pointed out how difficult it is to suss out vulnerabilities such as Carpe Diem, particularly when at first glance the issue might seem minor and require a complex exploitation chain. But if exploited the results are devastating.
βThinking through the ways that attackers will actually exploit bugs to penetrate systems requires a creative, persistent, and adversarial mindset, and is not something that we can teach a security product to do,β he said.
In addition to patching CVE-2019-0211, the update also handled CVE-2019-0217, CVE-2019-0215, CVE-2019-0197, CVE-2019-0196, and CVE-2019-0220.
#Apache #Vulnerability #HttpServer #CVE20190211 #hacktorial
A critical vulnerability in Apache HTTP Server that if exploited could allow an attacker to gain full root control has been patched.
The cause, dubbed Carpe Diem by the researcher who discovered it Ambionics engineer Charles Fol, affects Apache HTTP Server versions 2.4.17 to 2.4.38.
The vulnerability, CVE-2019-0211, is a privilege escalation issue that happens when Apache executes what is called a βgraceful restartβ. A Graceful restart describes a situation when existing server threads are allowed to complete their task on a live website, Sophosβ Naked Security noted in a blog.
Fol found that during a restart βan opportunity arises for a low-privilege process to elevate itself to root via a script, for example via PHP or CGI.β
An attacker would require local access or being part of a shared hosting environment where many separate websites are hosted under a single IP address. This means any company or individual who currently maintains a website in such an environment should immediately updated to version 2.4.39, Naked Security said.
Jim OβGorman, chief strategy officer at Offensive Security, pointed out how difficult it is to suss out vulnerabilities such as Carpe Diem, particularly when at first glance the issue might seem minor and require a complex exploitation chain. But if exploited the results are devastating.
βThinking through the ways that attackers will actually exploit bugs to penetrate systems requires a creative, persistent, and adversarial mindset, and is not something that we can teach a security product to do,β he said.
In addition to patching CVE-2019-0211, the update also handled CVE-2019-0217, CVE-2019-0215, CVE-2019-0197, CVE-2019-0196, and CVE-2019-0220.
Microsoft found a Huawei Driver that opens systems to attack
What happened is a Huawei driver used an unusual approach. It injected code into a privileged windows process in order to start programs that may have crashed... Something that can be done easier using a windows API call.
Since it's a driver it can do this but it's a very bad practice because it bypasses security checks. But if the driver itself is fully secure it doesn't matter.
But the driver isn't fully secure it and it could be used by a normal program to access secure areas of the system.
(But frankly any driver that isn't fully secure could have an issue like this. But this sort of practice makes it harder to secure...)
So either Huawei is negligent or they did this on purpose to open a security hole to be used by itself or others...
Can't be certain, but if they did this without any malicious intent then they are grossly negligent. There isn't any excuse here.
#Hacktorial #Windows #Huawei #Bug #Vulnerability
β- @hacktorial
Read Full Official Report
What happened is a Huawei driver used an unusual approach. It injected code into a privileged windows process in order to start programs that may have crashed... Something that can be done easier using a windows API call.
Since it's a driver it can do this but it's a very bad practice because it bypasses security checks. But if the driver itself is fully secure it doesn't matter.
But the driver isn't fully secure it and it could be used by a normal program to access secure areas of the system.
(But frankly any driver that isn't fully secure could have an issue like this. But this sort of practice makes it harder to secure...)
So either Huawei is negligent or they did this on purpose to open a security hole to be used by itself or others...
Can't be certain, but if they did this without any malicious intent then they are grossly negligent. There isn't any excuse here.
#Hacktorial #Windows #Huawei #Bug #Vulnerability
β- @hacktorial
Read Full Official Report
Microsoft Security
From alert to driver vulnerability: Microsoft Defender ATP investigation unearths privilege escalation flaw - Microsoft Security
Our discovery of two privilege escalation vulnerabilities in a driver highlights the strength of Microsoft Defender ATPβs sensors. These sensors expose anomalous behavior and give SecOps personnel the intelligence and tools to investigate threats, as we did.
π°π°π° Android Update π°π°π°
Hackers Used WhatsApp 0-Day Flaw to Secretly Install Spyware On Phones
Whatsapp has recently patched a severe vulnerability that was being exploited by attackers to remotely install surveillance malware on a few "selected" smartphones by simply calling the targeted phone numbers over Whatsapp audio call.
Discovered, weaponized and then sold by the Israeli company NSO Group that produces the most advanced mobile spyware on the planet, the WhatsApp exploit installs Pegasus spyware on to Android and iOS devices.
#Android #WhatsApp #Vulnerability #HackTorial
Read More : https://bit.ly/2PZcB64
π°π°π°π° @HackTorial π°π°π°π°
Hackers Used WhatsApp 0-Day Flaw to Secretly Install Spyware On Phones
Whatsapp has recently patched a severe vulnerability that was being exploited by attackers to remotely install surveillance malware on a few "selected" smartphones by simply calling the targeted phone numbers over Whatsapp audio call.
Discovered, weaponized and then sold by the Israeli company NSO Group that produces the most advanced mobile spyware on the planet, the WhatsApp exploit installs Pegasus spyware on to Android and iOS devices.
#Android #WhatsApp #Vulnerability #HackTorial
Read More : https://bit.ly/2PZcB64
π°π°π°π° @HackTorial π°π°π°π°
ππππ Free Course ππππ
π° An Introduction To Burp Suite (Swiss Army knife of hackers) π°
Want to make a career in Information Security, Ethical Hacking. Learn how to use Burp Suite, the tool of the trade.
βΎοΈUdemy Link - bit.ly/31BbbnV
βΎοΈDownload - bit.ly/2WHYi7T
βΎοΈTorrent Link - bit.ly/2IL1uKR
#burpsuite #Hacking #Pentest #Vulnerability #Udemy #HackTorial
π°π°π°π° @HackTorial π°π°π°π°
π° An Introduction To Burp Suite (Swiss Army knife of hackers) π°
Want to make a career in Information Security, Ethical Hacking. Learn how to use Burp Suite, the tool of the trade.
βΎοΈUdemy Link - bit.ly/31BbbnV
βΎοΈDownload - bit.ly/2WHYi7T
βΎοΈTorrent Link - bit.ly/2IL1uKR
#burpsuite #Hacking #Pentest #Vulnerability #Udemy #HackTorial
π°π°π°π° @HackTorial π°π°π°π°
π° New Android malware bypass 2FA & steal one-time passwords π°
These apps were designed to pass as BtcTurk, a Turkish cryptocurrency exchange.
Researcher Lukas Stefanko at the Slovakian security firm ESET has discovered Android malware in new apps that can bypass the SMS-based two-factor authentication (2FA) without using SMS permissions. The malicious apps are available on the very reliable platform Google Play Store.
Read More : https://www.hackread.com/new-android-malware-bypass-2fa-steal-one-time-passwords/
#GooglePlaySTore #PlayStore #Malware #InfectedApps
#HackTorial #Vulnerability
π°π°π°π° @HackTorial π°π°π°π°
These apps were designed to pass as BtcTurk, a Turkish cryptocurrency exchange.
Researcher Lukas Stefanko at the Slovakian security firm ESET has discovered Android malware in new apps that can bypass the SMS-based two-factor authentication (2FA) without using SMS permissions. The malicious apps are available on the very reliable platform Google Play Store.
Read More : https://www.hackread.com/new-android-malware-bypass-2fa-steal-one-time-passwords/
#GooglePlaySTore #PlayStore #Malware #InfectedApps
#HackTorial #Vulnerability
π°π°π°π° @HackTorial π°π°π°π°
π°π° Playing Untrusted Videos On VLC Player Could Hack Your Computer π°π°
If you use VLC media player on your computer and haven't updated it recently, don't you even dare to play any untrusted, randomly downloaded video file on it.
Doing so could allow hackers to remotely take full control over your computer system.
That's because VLC media player software versions prior to 3.0.7 contain two high-risk security vulnerabilities, besides many other medium- and low-severity security flaws, that could potentially lead to arbitrary code execution attacks.
https://thehackernews.com/2019/06/vlc-media-player-hacking.html?m=1
#VLC #VLCMediaPlayer #RemoteCodeExecution #HackTorial #Vulnerability
π°π°π°π° @HackTorial π°π°π°π°
If you use VLC media player on your computer and haven't updated it recently, don't you even dare to play any untrusted, randomly downloaded video file on it.
Doing so could allow hackers to remotely take full control over your computer system.
That's because VLC media player software versions prior to 3.0.7 contain two high-risk security vulnerabilities, besides many other medium- and low-severity security flaws, that could potentially lead to arbitrary code execution attacks.
https://thehackernews.com/2019/06/vlc-media-player-hacking.html?m=1
#VLC #VLCMediaPlayer #RemoteCodeExecution #HackTorial #Vulnerability
π°π°π°π° @HackTorial π°π°π°π°
π°π° VLC media player gets biggest security update ever π°π°
Earlier this month, VideoLAN β the maintainers of the worldβs most popular open source media player, VLC β issued the biggest single set of security fixes in the programβs history.
Numbering 33 in all, this included two marked critical, 21 mediums and 10 rated low, bringing VLC to 3.0.7.
But perhaps the most interesting part of the story is less the flaws themselves but the process through which they were found.
Read More : https://nakedsecurity.sophos.com/2019/06/26/vlc-media-player-gets-biggest-security-update-ever/
#VLC #VideoLAN #Vulnerability #HackTorial #SecurityUpdate
π°π°π°π° @HackTorial π°π°π°π°
Earlier this month, VideoLAN β the maintainers of the worldβs most popular open source media player, VLC β issued the biggest single set of security fixes in the programβs history.
Numbering 33 in all, this included two marked critical, 21 mediums and 10 rated low, bringing VLC to 3.0.7.
But perhaps the most interesting part of the story is less the flaws themselves but the process through which they were found.
Read More : https://nakedsecurity.sophos.com/2019/06/26/vlc-media-player-gets-biggest-security-update-ever/
#VLC #VideoLAN #Vulnerability #HackTorial #SecurityUpdate
π°π°π°π° @HackTorial π°π°π°π°
ββ1 Million+ ProFTPD Servers Vulnerable To Remote Code Execution Attacks To A ProFTPD Vulnerability Lets Users Copy Files Without Permission
ProFTPD is an open-source and one of the most popular FTP server software used by more than one million servers all over the world. It comes pre-installed on several Linux and Unix-based distributions, including Debian. A German security researcher has revealed a security flaw that makes ProFTPD servers vulnerable to remote code execution attacks.
Tobias Madel reveals that the vulnerability exists in ProFTPDβs modcopy module which is supplied by default in the installation of the FTP server and is enabled by default in most operating systems.
This bug exists due to an incorrect access control issue in the modcopy module and can be exploited by an authenticated user without any write permission to copy files on the FTP server. This vulnerability can also be exploited if an anonymous user is enabled in the server settings.
SITE CPFR and SITE CPTO commands are the culprits behind this bug. These commands bypass the βLimit WRITEβ DenyAll directives which allow users without write permissions to copy files to a current folder.
All versions of ProFTPD have been affected by the bug labeled as CVE-2019-12815. However, version 1.3.6 is an exception and the bug can only be exploited in 1.3.6 if you install it from sources that have been compiled before 17th July 2019.
To evade this attack, server admins must disable the mod-copy module. ProFTPD has backported a patch to 1.3.6 version and has not released a new version with a fix for the issue yet.
Here Is The Temporary Fix : https://copir.net/how-to-fix-file-copy-vulnerability-in-mod_copy-in-proftpd-cve-2019-12815/
#ProFTPD #FTP #Vulnerability #RemoteCodeExecution #RCE #Fix #Bug #CVE201912815 #Hacktorial
π°π°π°π° @HackTorial π°π°π°π°
ProFTPD is an open-source and one of the most popular FTP server software used by more than one million servers all over the world. It comes pre-installed on several Linux and Unix-based distributions, including Debian. A German security researcher has revealed a security flaw that makes ProFTPD servers vulnerable to remote code execution attacks.
Tobias Madel reveals that the vulnerability exists in ProFTPDβs modcopy module which is supplied by default in the installation of the FTP server and is enabled by default in most operating systems.
This bug exists due to an incorrect access control issue in the modcopy module and can be exploited by an authenticated user without any write permission to copy files on the FTP server. This vulnerability can also be exploited if an anonymous user is enabled in the server settings.
SITE CPFR and SITE CPTO commands are the culprits behind this bug. These commands bypass the βLimit WRITEβ DenyAll directives which allow users without write permissions to copy files to a current folder.
All versions of ProFTPD have been affected by the bug labeled as CVE-2019-12815. However, version 1.3.6 is an exception and the bug can only be exploited in 1.3.6 if you install it from sources that have been compiled before 17th July 2019.
To evade this attack, server admins must disable the mod-copy module. ProFTPD has backported a patch to 1.3.6 version and has not released a new version with a fix for the issue yet.
Here Is The Temporary Fix : https://copir.net/how-to-fix-file-copy-vulnerability-in-mod_copy-in-proftpd-cve-2019-12815/
#ProFTPD #FTP #Vulnerability #RemoteCodeExecution #RCE #Fix #Bug #CVE201912815 #Hacktorial
π°π°π°π° @HackTorial π°π°π°π°
ββCanonical released new Linux kernel security updates for Ubuntu 19.04 (Disco Dingo) and Ubuntu 18.04 LTS (Bionic Beaver) operating system series to address various security vulnerabilities.
π° Addresses various security vulnerabilities and issuesπ°
The new security updates are here to address a race condition (CVE-2019-11599) in Linux kernel when performing core dumps, and an integer overflow (CVE-2019-11487) when referencing counting pages. Both issues affect only Ubuntu 19.04 systems and could allow a local attacker to crash the system by causing a denial of service (DoS attack) or possibly execute arbitrary code.
On Ubuntu 18.04 LTS systems, the new security patch fixes a flaw (CVE-2019-11085) discovered by Adam Zabrocki in Linux kernel's Intel i915 kernel mode graphics driver, which failed to correctly restrict mmap() ranges under certain situations, allowing local attackers to either execute arbitrary code or cause a denial of service attack and crash the system.
Moreover, Ubuntu 18.04 LTS systems were affected by a race condition (CVE-2019-11815) discovered in Linux kernel's RDS (Reliable Datagram Sockets) protocol implementation, which is blacklisted by default. If the RDS protocol was enabled, the flaw could allow a local attacker to cause crash the system or execute arbitrary code.
These Linux kernel security updates also address an issue (CVE-2019-11833) discovered in the EXT4 file system, which failed to zero out memory under certain situations, and a problem (CVE-2019-11884) discovered in the Bluetooth Human Interface Device Protocol (HIDP) implementation, which improperly verified strings in certain situations.
These two issues affect both Ubuntu 19.04 and Ubuntu 18.04 LTS systems, and they could allow local attackers to expose sensitive information (kernel memory). The updated Ubuntu 18.04 LTS kernel is also available for users of the Ubuntu 16.04.6 LTS (Xenial Xerus) operating system series using the HWE (Hardware Enablement) Linux kernel packages from Ubuntu 18.04 LTS.
Users are urged to update their systems immediately
If you're using Ubuntu 19.04, Ubuntu 18.04 LTS, or Ubuntu 16.04.6 LTS with the HWE kernel from Ubuntu 18.04 LTS, you are urged to update your systems as soon as possible to linux-image 5.0.0-21.22 on Ubuntu 19.04, linux-image 4.15.0-55.60 on Ubuntu 18.04 LTS and later systems, as well as to linux-image 4.15.0-55.60~16.04.2 on Ubuntu 16.04.2 LTS and later systems.
Please keep in mind that after installing a new Linux kernel version, you will need to reboot your computer and also rebuild and reinstall any third-party kernel modules you might have installed on your Ubuntu machines. To update your Ubuntu installations, please follow the instructions provided by Canonical at https://wiki.ubuntu.com/Security/Upgrades or run the command below in the Terminal app.
#DiscoDingo #BionicBeaver #Hacktorial
π°π°π°π° @HackTorial π°π°π°π°
π° Addresses various security vulnerabilities and issuesπ°
The new security updates are here to address a race condition (CVE-2019-11599) in Linux kernel when performing core dumps, and an integer overflow (CVE-2019-11487) when referencing counting pages. Both issues affect only Ubuntu 19.04 systems and could allow a local attacker to crash the system by causing a denial of service (DoS attack) or possibly execute arbitrary code.
On Ubuntu 18.04 LTS systems, the new security patch fixes a flaw (CVE-2019-11085) discovered by Adam Zabrocki in Linux kernel's Intel i915 kernel mode graphics driver, which failed to correctly restrict mmap() ranges under certain situations, allowing local attackers to either execute arbitrary code or cause a denial of service attack and crash the system.
Moreover, Ubuntu 18.04 LTS systems were affected by a race condition (CVE-2019-11815) discovered in Linux kernel's RDS (Reliable Datagram Sockets) protocol implementation, which is blacklisted by default. If the RDS protocol was enabled, the flaw could allow a local attacker to cause crash the system or execute arbitrary code.
These Linux kernel security updates also address an issue (CVE-2019-11833) discovered in the EXT4 file system, which failed to zero out memory under certain situations, and a problem (CVE-2019-11884) discovered in the Bluetooth Human Interface Device Protocol (HIDP) implementation, which improperly verified strings in certain situations.
These two issues affect both Ubuntu 19.04 and Ubuntu 18.04 LTS systems, and they could allow local attackers to expose sensitive information (kernel memory). The updated Ubuntu 18.04 LTS kernel is also available for users of the Ubuntu 16.04.6 LTS (Xenial Xerus) operating system series using the HWE (Hardware Enablement) Linux kernel packages from Ubuntu 18.04 LTS.
Users are urged to update their systems immediately
If you're using Ubuntu 19.04, Ubuntu 18.04 LTS, or Ubuntu 16.04.6 LTS with the HWE kernel from Ubuntu 18.04 LTS, you are urged to update your systems as soon as possible to linux-image 5.0.0-21.22 on Ubuntu 19.04, linux-image 4.15.0-55.60 on Ubuntu 18.04 LTS and later systems, as well as to linux-image 4.15.0-55.60~16.04.2 on Ubuntu 16.04.2 LTS and later systems.
Please keep in mind that after installing a new Linux kernel version, you will need to reboot your computer and also rebuild and reinstall any third-party kernel modules you might have installed on your Ubuntu machines. To update your Ubuntu installations, please follow the instructions provided by Canonical at https://wiki.ubuntu.com/Security/Upgrades or run the command below in the Terminal app.
sudo apt update && sudo apt full-upgrade
#Ubuntu19.04 #Ubuntu18.04 #LTS #Linux #security #vulnerability#DiscoDingo #BionicBeaver #Hacktorial
π°π°π°π° @HackTorial π°π°π°π°