News for Admins
Tech News
F5 Acquires NGINX for $670 Million
NGINX, a name synonymous with web and proxy servers, is an open source technology that has dethroned the Apache web server. Now, NGNIX, Inc., the parent company of NGINX project, is being acquired for $670 million by F5, a provider of multi-cloud application services (https://www.f5.com/company/news/press-releases/f5-acquires-nginx-to-bridge-netops-devops).
In an exclusive interview, representatives from both F5 and NGINX told us that under F5, NGINX's open source projects will continue to be developed as usual.
F5 will maintain the NGNIX brand and leadership. Customers of both companies will be able to buy whichever products and services they want.
Since both companies operated in different spaces, there are no overlaps. None of the services will be discontinued or integrated into F5 services. The acquisition is meant to bridge a gap. "We bridge the divide between NetOps and DevOps with consistent application services across an enterprise's multi-cloud environment," said François Locoh-Donou, president and CEO of F5.
In the long run, there will be better integration and user experience for those who want to buy services from either NGINX or F5.
No One Is Safe; Citrix Networks Breached
Citrix, a software giant that offers a wide range of products and services, admitted that its networks were breached (https://www.citrix.com/blogs/2019/03/08/citrix-investigating-unauthorized-access-to-internal-network/).
Stan Black, chief information security officer at Citrix, wrote in a blog post that attackers stole "business documents." Citrix still doesn't know which specific documents were accessed or stolen.
"At this time, there is no indication that the security of any Citrix product or service was compromised," he wrote.
What's worrying is that Citrix itself didn't detect the breach; it was the FBI that informed Citrix about an attack on March 6.
If a major player like Citrix is unaware of any such attack, what chance does an average company have to learn about similar attacks?
Citrix also didn't tell when the attack started and how long it lasted. It should worry the almost half a million enterprise customers who use Citrix to manage their VPNs.
FBI said that attackers supposedly used a password spraying technique to exploit weak passwords. Once they gained basic access, they tackled additional layers of security.
A 19-Year-Old Bug in WinRAR
WinRAR is some of the most popular archive manager software in the Windows world – a Swiss Army knife that handles compression and extraction of multiple archive formats, including RAR and ZIP.
According to HackerNews (https://thehackernews.com/2019/02/winrar-hacking-exploit.html), there are more than 500 million WinRAR users in the world, and all these users are now at risk of compromise. A 19-year-old bug was discovered in WinRAR that allows hackers to execute arbitrary code on a targeted system. The bug called "Absolute Path Traversal" bug (CVE-2018-20250) is found in a UNACEV2.DLL, a third-party library. It allows attackers to extract a compressed executable file from the ACE archive, which automatically runs in the Windows machine upon reboot.
A proof of concept exploit code has already been published, and hackers are already using it to attack Windows users. WinRAR has already released an update, which Windows users should install immediately.
HackerNews reported that the WinRAR team had lost the access to the source code for the vulnerable UNACEV2.DLL library in 2005; instead of fixing the issue, the team released WINRar version 5.70 beta 1, which doesn't support the DLL and ACE format. This fix addressed the bug, but at the same time it removed all ACE support from WinRAR.
The discovery of the WinRAR bug underscores an important rule that all users should apply to their everyday life: don't click on any files that you don't know.
An Image Can Compromise Your Android Device
Although most Android-related security holes are limited to 3rd party app installs from outside the official store, once in a while there are vulnerabilities in the OS itself.
Three newly-found vulnerabilities (CVE-2019-1986, CVE-2019-1987, and CVE-2019-1988) can affect handsets running anything between Android 7.0 Nougat and current Android 9.0 Pie.
One of the three vulnerabilities allows a compromised PNG file to execute arbitrary code on unpatched Android devices.
According to Google, "The most severe of these issues is a critical security vulnerability in Framework that could allow a remote attacker using a specially crafted PNG file to execute arbitrary code within the context of a privileged process. The severity assessment is based on the effect that exploiting the vulnerability would possibly have on an affected device, assuming the platform and service mitigations are turned off for development purposes or if successfully bypassed."
Google has already released a patch, but many Android vendors rarely patch their devices. If you are running Google devices, you surely have the patch; the same cannot be said for other Android phone vendors.
LibreOffice Vulnerable to Remote Code Execution Flaw
Security researcher Alex Inführ has discovered a vulnerability in OpenOffice and LibreOffice that allows remote code execution (https://insert-script.blogspot.com/2019/02/libreoffice-cve-2018-16858-remote-code.html).
In a blog post, Inführ wrote that he found a way to achieve remote code execution as soon as a user opens a malicious ODT file and moves their mouse over the document, without triggering a warning dialog.
He demonstrated proof of concept, in which he created a hyperlink and changed its color from the default blue to white so it would not raise suspicion. The link covered the whole page, increasing the chance of the user hovering the mouse over it. Remember, no clicking was needed, just hovering the mouse over the hyperlink was required to execute the payload.
The culprit here is the Python interpreter (pydoc.py) that comes with LibreOffice. It accepts commands and executes them via command line.
LibreOffice has already released a patch; a patch is also available for Windows versions of OpenOffice.