New attack scheme on Office 365 corporate users

KnockKnock is discovered by Skyhigh Networks experts, who noted that the key distinction of this new attack is the nature of the accounts that are being targeted. The attack targets on system accounts that are not assigned to any one individual user. System accounts have more privileges and, in addition, they have a more loyal password policy. Having access to the account, it is easier for hackers to continue attacking the corporate network.

Researchers found a new method to bypass protection against Rowhammer attack

A group of scientists from Adelaide, Pennsylvania, Maryland and Graz University of Technology published a study that describes a new way to bypass the defense against Rowhammer attacks.

To launch an attack, hacker need to narrow down the Rowhammer data bombardment to one single row of memory cells, instead of multiple locations. According to the test results, the revised Rowhammer attack may take between 44 to 138 hours, but this shouldn’t be a problem if an attacker targets online servers and cloud providers.

Positive Technologies’ researchers detected a way that partially disables the functionality of Intel ME

During the study of internal architecture of Intel Management Engine (ME) 11, Positive Technologies experts discovered an undocumented mode that allows to partially disable the functionality of the technology. Experts remind that Intel ME has access to almost all data on the computer and the ability to execute third-party code allows to completely compromise the platform.

In their blog researchers describe how they discovered undocumented mode and how it is connected with High Assurance Platform (HAP) program.

PCs with Skype under serious threat: vulnerability CVE-2017-9948

Critical vulnerability CVE-2017-9948 –  stack buffer overflow bug that makes Skype vulnerable, allowing an attacker to remotely cause the application to crash and execute malicious code on the victim’s computer. The vulnerability exists in Skype 7.2, 7.35 and 7.36.

Microsoft has already patched the bug in Skype version 7.37.178 and users are recommended to install this version as soon as possible to make sure that they’re not targeted by attacks based on this vulnerability.

Microsoft Edge vulnerable to cookie and password theft

The Microsoft Edge browser seems to have a severe password vulnerability. Recent reports reveal that attackers or hackers could easily obtain user password and cookie files for online accounts, a vulnerability that was discovered by security expert Manuel Caballero, someone with vast experience of unearthing Edge and Internet Explorer bugs and flaws. It also seems that attacks can be customized to dump the passwords or cookies of more online services such as Amazon, Facebook, and more.

Vulnerability Review 2016

New security vulnerability research realeased by Flexera. There were over 2,000 number of vulnerabilities across the top 20 software products, many of which you are using right now.

According to Flexera, the largest instances of vulnerabilities were attributed to Microsoft with 518 across its Windows 10, Windows Server 2012, Windows 8 and Windows RT operating systems.

Read more…

PDF + Google Chrome vulnerability

PDFium is a component of the Chrome web browser designed to display PDF documents. The vulnerability has been found  in it, which allows to include dangerous code into a PDF file, and execute code by simply viewing a PDF.

To exploit this vulnerability, an attacker must create a malicious document containing the image of JPEG2000 format with the modified header. If the victim opens the file  in Chrome, built-in code will be automatically executed on the computer.

The Linux kernel vulnerability

CVE-2016-0728 vulnerability has been found in the Linux kernel.  When using it, a local user can attain root access permission. The issue has been there since 2012, and the worst part is that Android OS users are at the highest risk. The reason is Google doesn’t check apps created with NDK (Native Development Kit) and uploaded to Google Play.

As for PCs and servers, the situation is not so difficult, especially if the system has only one member. Also, the issue is not so dangerous if users are not allowed to execute code, or multiple instances of the operating system are in a virtualization environment. “