News for Admins
Tech News
New Zero-day Vulnerability in Windows Systems
Security researcher John Page has found a zero-day vulnerability in Windows that could allow a remote attacker to compromise Windows machines and execute arbitrary code.
"This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows," wrote Page.
However, there is a catch. "User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file," he further added.
The flaw exists in the processing of vCard files, but a hacker can disguise anything in the vCard to embed a compromised link. If any unsuspecting user clicks on the compromised URL, Windows would run the malicious software without throwing any warning.
For those who don't know, vCard is a VCF file format used for storing contact information. Microsoft Outlook supports vCard.
New Systemd Vulnerability Affects Most Mainstream Linux Distributions
Security researchers at Qualys have discovered three new vulnerabilities in systemd, the init system for Linux-based operating systems.
The vulnerabilities (CVE-2018-16864, CVE-2018-16865, and CVE-2018-16866) resides in the systemd-journald service and could allow an attacker to gain root access on the targeted systems.
"We developed an exploit for CVE-2018-16865 and CVE-2018-16866 that obtains a local root shell in 10 minutes on i386 and 70 minutes on AMD64, on average," the researchers wrote.
Qualys said that all systemd-based Linux distributions are affected by the vulnerability except for SUSE Linux Enterprise 15, openSUSE Leap 15.0, and Fedora 28 and 29. These distributions compile their userspace code with GCC's -fstack-clash-protection.
No patches have been released by Red Hat or Canonical to fix these vulnerabilities.
Source: https://www.qualys.com/2019/01/09/system-down/system-down.txt
SQLite Database Vulnerable
The Tencent Blade security team has discovered a vulnerability in the immensely popular open source SQLite database engine. Tencent is one of the three Chinese giants known as BAT (Baidu, Alibaba, and Tencent).
"This vulnerability can be triggered remotely, such as accessing a particular web page in a browser, or any scenario that can execute SQL statements," said a Tencent blog post.
Because SQLite is one of the most widely used databases, touching all modern applications, this vulnerability affects a wide range of the user base.
According to ZDNet, "Firefox and Edge don't support this API, but the Chromium open-source browser engine does. This means that Chromium-based browsers like Google Chrome, Vivaldi, Opera, and Brave, are all affected." That said, Firefox is affected because it comes with a locally accessible SQLite database, allowing it to be exploited locally, but not remotely.
Microsoft Can't Catch a Break from Vulnerabilities
Microsoft Windows continues to be plagued by vulnerabilities, while Linux and macOS are enjoying calmer waters. A week ahead of Christmas, Microsoft is patching 39 vulnerabilities in Windows. Out of these, 10 are critical and one is a publicly known zero-day security hole. According to Kaspersky Lab, "This is the third consecutive exploited Local Privilege Escalation vulnerability in Windows we discovered this autumn using our technologies."
Kaspersky Lab said that unlike the previously reported vulnerabilities in win32k.sys, this one is a dangerous threat – a vulnerability in the Kernel Transaction Manager driver. "It can also be used to escape the sandbox in modern web browsers, including Chrome and Edge, since syscall filtering mitigations do not apply to ntoskrnl.exe system calls," said Kaspersky.
Kaspersky Lab believes that this exploit is used by bad actors, including FruityArmor and SandCat.
Despite Microsoft's efforts, Windows remains its Achilles heel, and it's not just vulnerabilities in the OS. At times, Windows updates also break systems, including deleting user data.
Hacks Abound
2018 is ending with some major hacks. Marriott International, one of the world's biggest hotel chains, announced that hackers compromised the reservation database of Starwood hotels. Hackers managed to steal personal details of about 500 million guests. According to The Hacker News, "The breach of Starwood properties has been happening since 2014 after an unauthorized party managed to gain unauthorized access to the Starwood's guest reservation database and had copied and encrypted the information."
The second victim of another major hack is Quora, a user-driven question and answers site. According to reports, hackers gained access to sensitive information of over 100 million users. The Hacker News wrote that the stolen data includes sensitive account information, such as names, email addresses, encrypted (hashed) passwords, and data imported from linked social networks like Facebook and Twitter.
The third major hack was on Dell. The company said that it detected and disrupted unauthorized activity on its network attempting to extract Dell.com customer information, which was limited to names, email addresses and hashed passwords. "Additionally, Dell cybersecurity measures are in place to limit the impact of any potential exposure. These measures include the hashing of our customers' passwords and a mandatory Dell.com password reset. Credit card and other sensitive customer information was not targeted. The incident did not impact any Dell products or services," Dell said in a blog post.
Even though Dell was not certain if any data was stolen, the company pushed password reset for all users as a precaution.