Kategorie

A Sydney man is accused of selling nearly 1 million compromised accounts, for a significant profit.

Intel has patched several high-severity vulnerabilities in its graphics drivers for Windows 10, which could lead to code execution.

The mobile app, dubbed a "Yelp for Conservatives," was found with an open API leaking reams of user data.

Why are hackers using the DNS infrastructure against us? The answer is more complex than you might think.

Newly patched CVE-2019-0797 is being actively exploited by two APTs, FruityArmor and SandCat.

With countless web apps and online services launching every day, there is an increasing demand for cloud developers. This exciting niche is due to grow rapidly over the next few years, and the paycheck should follow suit. If you want to build a career in this lucrative niche, it pays to know AWS (Amazon Web Services). <!-- adsense --> With the AWS Certified Architect Developer Bundle 2019,

In the last 24 hours, SophosLabs received 1,700 samples of just one new sextortion campaign. Good news? It's all a pack of lies. Don't reply. Don't engage.

A new Chrome feature hopes to choke off one of the most malicious forms of malware infection: drive-by advertising downloads.

Every time a new high-profile data breach makes the news, it’s another reminder to organizations about the need to be vigilant. With the estimated cost per lost or stolen record at $148 (according to an IBM/Ponemon study), the numbers can add up fast. For small businesses, the losses could hit hard too — Kaspersky estimates […]

The post Assessing Your Organization’s Cybersecurity Practices with Homeland Security’s Cyber Resilience Review appeared first on Infosec Resources.

Assessing Your Organization’s Cybersecurity Practices with Homeland Security’s Cyber Resilience Review was first posted on March 13, 2019 at 8:05 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com

As more organizations turn to penetration testing for identifying gaps in their defense systems, the demand for skilled penetration testers has been growing. While other types of security practitioners can probe information systems and networks for their vulnerabilities, pentesters are highly specialized, trained to think like hackers when exploiting security weaknesses. According to the TechRepublic, […]

The post Top 10 Penetration Testing Certifications for Security Professionals [Updated 2019] appeared first on Infosec Resources.

Top 10 Penetration Testing Certifications for Security Professionals [Updated 2019] was first posted on March 13, 2019 at 8:02 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com

Hackers have been spotted targeting websites running unpatched versions of the WordPress plugin Abandoned Cart for WooCommerce.

Klíčové aktualizace na Windows 10 budou zase o něco bezpečnější, Microsoft totiž pracuje na systému, který si poradí, pokud selžou. Je to patrné alespoň z nového záznamu na webu nápovědy, který odhalil web Windows Latest. Pokud Windows nainstalují třeba nové ovladače grafické karty, vyžádají si ...

Easily guessable URLs led to what should have been big companies' very private data. Even Box itself was found to be exposing folders.

It's time for another batch of "Patch Tuesday" updates from Microsoft. Microsoft today released its March 2019 software updates to address a total of 64 CVE-listed security vulnerabilities in its Windows operating systems and other products, 17 of which are rated critical, 45 important, one moderate and one low in severity. The update addresses flaws in Windows, Internet Explorer, Edge, MS

The COPPA overhaul would ban targeting ads at kids under 13 and ad targeting based on race, socioeconomics or geolocation on kids under 15.

In February 2019, our Automatic Exploit Prevention (AEP) systems detected an attempt to exploit a vulnerability in the Microsoft Windows operating system. Further analysis of this event led to us discovering a zero-day vulnerability in win32k.sys. We reported it to Microsoft on February 22, 2019. The company confirmed the vulnerability and assigned it CVE-2019-0797. Microsoft have just released a patch, crediting Kaspersky Lab researchers Vasiliy Berdnikov and Boris Larin with the discovery:

This is the fourth consecutive exploited Local Privilege Escalation vulnerability in Windows we have discovered recently using our technologies. Just like with CVE-2018-8589, we believe this exploit is used by several threat actors including, but possibly not limited to, FruityArmor and SandCat. While FruityArmor is known to have used zero-days before, SandCat is a new APT we discovered only recently. In addition to CVE-2019-0797 and CHAINSHOT, SandCat also uses the FinFisher/FinSpy framework.

Kaspersky Lab products detected this exploit proactively through the following technologies:

1. Behavioral detection engine and Automatic Exploit Prevention for endpoint products;
2. Advanced Sandboxing and Anti Malware engine for Kaspersky Anti Targeted Attack Platform (KATA).

Kaspersky Lab verdicts for the artifacts used in this and related attacks are:

• HEUR:Exploit.Win32.Generic
• HEUR:Trojan.Win32.Generic
• PDM:Exploit.Win32.Generic

Brief technical details – CVE-2019-0797

CVE-2019-0797 is a race condition that is present in the win32k driver due to a lack of proper synchronization between undocumented syscalls NtDCompositionDiscardFrame and NtDCompositionDestroyConnection. The vulnerable code can be observed below on screenshots made on an up-to-date system during initial analysis:

Snippet of NtDCompositionDiscardFrame syscall (Windows 8.1)

On this screenshot with the simplified logic of the NtDCompositionDiscardFrame syscall you can see that this code acquires a lock that is related to frame operations in the structure DirectComposition::CConnection and tries to find a frame that corresponds to a given id and will eventually call a free on it. The problem with this can be observed on the second screenshot:

Snippet of NtDCompositionDestroyConnection syscall inner function (Windows 8.1)

On this screenshot with the simplified logic of the function DiscardAllCompositionFrames that is called from within the NtDCompositionDestroyConnection syscall you can see that it does not acquire the necessary lock and calls the function DiscardAllCompositionFrames that will release all allocated frames. The problem lies in the fact that when the syscalls NtDCompositionDiscardFrame and NtDCompositionDestroyConnection are executed simultaneously, the function DiscardAllCompositionFrames may be executed at a time when the NtDCompositionDiscardFrame syscall is already looking for a frame to release or has already found it. This condition leads to a use-after-free scenario.

Interestingly, this is the third race condition zero-day exploit used by the same group in addition to CVE-2018-8589 and CVE-2018-8611.

Stop execution if module file name contains substring “chrome.exe”

The exploit that was found in the wild was targeting 64-bit operating systems in the range from Windows 8 to Windows 10 build 15063. The exploitation process for all those operating systems does not differ greatly and is performed using heap spraying palettes and accelerator tables with the use of GdiSharedHandleTable and gSharedInfo to leak their kernel addresses. In exploitation of Windows 10 build 14393 and higher windows are used instead of palettes. Besides that, that exploit performs a check on whether it’s running from Google Chrome and stops execution if it is because vulnerability CVE-2019-0797 can’t be exploited within a sandbox.

Two separate teams of security researchers and academics from universities in Australia and Switzerland have revealed today vulnerabilities in the e-voting system that the Swiss voting commission plans to roll out for future elections.

There were 12,449 new, authentic breaches and leaks in 2018, an increase of 424% from the year prior. But the average breach size was 216,884 records 4.7 times smaller than in 2017.

Mozilla has made it easy for you to share large files securely and privately with whomever you want, eliminating the need to depend upon less secure free third-party services or file upload tools that burn a hole in your pocket. Mozilla has finally launched its free, end-to-end encrypted file-transfer service, called Firefox Send, to the public, allowing users to securely share large files like

** Zvuky provázející chod laboratorních aparatur prozrazují víc, než jsme si dokázali představit ** Američtí vědci si ověřili, že ze zdánlivě nic neříkajícího laboratorního šumu lze vytáhnout řadu věcí ** Například přísně tajenou strukturu syntetizované DNA