Search This Blog

Showing posts with label CVE. Show all posts

WhatsApp Reveals Six Bugs On Its Security Advisory Website

The Social Messaging app WhatsApp has been open about its bugs and vulnerabilities recently. To be vocal about the issue, the company has set up a dedicated website that will work as a security advisory and inform users about the latest developments on issues and bugs in WhatsApp. Owned by social media giant Facebook, WhatsApp, with a current user base of around 2 million, has set up the website as an initiative to keep the community informed about security and be more transparent with its users.

The dedicated website is not limited to WhatsApp users but open to the entire cybersecurity community. The move comes as a response to the criticisms that WhatsApp faced over its handling of security issues. The dedicated platform will give users detailed reports of security updates related to WhatsApp, along with CVEs (Common Vulnerabilities and Exposures) details. The updates will help cybersecurity experts to know the effect of these bugs and vulnerabilities.

WhatsApp reported six security bugs that it had recently discovered. The company had released security patches for these six bugs before the hackers could exploit them. Few of the bugs could be remotely launched. CVE-2020-1890, an android based WhatsApp bug, sent the recipients sticker, which contained malicious codes. The bug could be deployed without user interaction. Few bugs, however, required user interaction and couldn't be launched remotely. CVE-2019-11928 bug became active when a desktop WhatsApp user clicked any location link, allowing cross-site scripting. WhatsApp says that it will keep the community updated about the latest developments through its advisory platform, trying to release security patches as soon as possible.

According to reports, five of the six bugs were patched on the same day; however, the last bug took quite some time. "We are very committed to transparency, and this resource is intended to help the broader technology community benefit from the latest advances in our security efforts. We strongly encourage all users to ensure they keep their WhatsApp up-to-date from their respective app stores and update their mobile operating systems whenever updates are available," says WhatsApp.

Six New Vulnerabilities Found in DIR-865L Model of D-Link Routers

Over the last few months, the cyber world witnessed an alarming spike in the number of malicious attacks, it's seen as a direct result of more and more people working from home. As organizations have been experiencing unprecedented cybersecurity challenges, it has become even more crucial for users to keep their networks updated and hence secured.

DIR-865L model of D-Link routers, designed for monitoring home network from anywhere, was found to be containing six vulnerabilities as follows:

1. CVE-2020-13782 [Improper Neutralization of Special Elements used in a Command (Command Injection)]: A backend engine known as cgibin.exe controls the web interface for this router; attackers can place arbitrary code to be executed with administrative privileges.

2. CVE-2020-13786 [Cross-Site Request Forgery (CSRF)]: Threat actors can intercept data present on sections under password protection by capturing the network traffic; the router's web interface consists of various pages that are vulnerable to this security flaw.

3. CVE-2020-13785 (Inadequate Encryption Strength): The attackers can learn a user's password via a brute force attack carried offline on the basis of information that's sent to the client from the router when the user logs into the SharePort Web Access portal in port 8181.

4. CVE-2020-13784 (Predictable Seed in Pseudo-Random Number Generator): By exploiting this vulnerability, the attackers can deduce the information required to perform CSRF attacks even if the router is encrypting session information using HTTPS.

5. CVE-2020-13783 (Cleartext Storage of Sensitive Information): When an attacker attempts to acquire the admin password stored in the tools_admin.php page, he requires physical access to a logged-on machine as credentials sent over the wire are not clear. Once the attacker acquires physical access, he can view the password via the HTML source of the page.

6. CVE-2020-13787 (Cleartext transmission of sensitive information): Attackers capturing network traffic and stealing data can access the password used for guest wifi network, it's done via an option 'Wired Equivalent Privacy' (WEP).

These 6 newly discovered vulnerabilities by Palo Alto Networks' Unit 42 researchers in the D-Link DIR-865L home wireless router can be exploited all at once to run arbitrary commands, delete information, upload malware, exfiltrate data or intercept information and obtain user credentials illicitly.

To stay protected against the session hijacking attacks, users are advised to default all traffic to HTTPS and stay updated with the latest available version of the firmware with fixes, one can find the firmware on the D-Link's website. The website also provides a 'how-to' tutorial for changing the time zone on the router for the users to further defend themselves from possible malicious attacks.

Hackers Exploit Vulnerabilities in Pulse VPN and Android Devices to Launch Heavy Cyberattack

The vulnerability named CVE-2019-1150 has affected Pulse VPN's network and is regarded as highly 'severe.' Whereas vulnerability named CVE-2019-2215 targets unpatched android smartphones. As we all know, in the world of cybersecurity, it becomes highly unsafe when the hackers target unpatched devices and systems as they can have terrible consequences. Recently, it has become a trend among hackers to target unpatched Android smartphones. Attackers were also found exploiting the flaws in Pulse Secure VPN in an attempt to compromise the cybersecurity of various organizations and individuals.

The flaw in Pulse Secure VPN

According to Kevin Beaumont, who is a Uk based cybersecurity expert, the assertion that 'Revil' is big-time ransomware and at least 2 companies are affected after the hackers exploited the vulnerability in Pulse Secure's VPN flaw. Many hackers are now exploiting this flaw to launch ransomware attacks. As per the latest information, the organization that is said to be affected by this cyber attack is a currency exchange and travel insurance company 'Travelex.' According to cybersecurity experts, the attack was launched using the Revil ransomware. The consequences of this cyberattack compelled Travelex to shut down all of its online mode of operations.
As a result, the company shut down its system offline and had to manually operate its nationwide branches.

The vulnerability known as CVE-2019-1150 is regarded as highly 'hazardous' by the cybersecurity experts. CVE-2019-1150, an uncertain read data vulnerability attacks different versions of Pulse Secure VPN named Pulse Connect Secure and Pulse Policy Secure. The vulnerability allows hackers access to Https and connects the hackers to the company's network without the hackers having to enter login credentials such as id and password. By exploiting this vulnerability, hackers can view confidential files, download files, and launch various malicious codes to disrupt the company's entire network. Pulse Secure VPN had released a security patch last year in April, and the users are requested to update to the latest security patch.

The flaw in Android Devices

Hacking group 'SideWinder APT' exploited vulnerabilities via 3 apps in the Google play store named as Camera, FileCrypt, and CallCam. “These apps may be attributed to SideWinder as the C&C servers it uses are suspected to be part of SideWinder’s infrastructure. Also, a URL linking to one of the apps’ Google Play pages is found on one of the C&C servers,” says Trend Micro cybersecurity experts.

Cisco's Routers. Switches and IP Equipment Suffer Zero-Day Attacks! Major Vulnerabilities Discovered!

The extremely well-known Cisco’s products, including IP Phones, Routers, cameras, and switches, were determined to have several severe “zero-day” vulnerabilities by researchers in the “Cisco Discovery Protocol (CDP)”, per sources.

CDP is a proprietary “Layer 2” network protocol that is put into effect in all the Cisco devices to be privy to the mechanisms of the devices.

Reports mention that a total of five vulnerabilities were ascertained out of which, four were “Remote Code Execution” (RCE) that let hackers or any other cyber-con to manipulate every single operation of the devices without any sort of consent of the user.

According to sources, one of the vulnerabilities led to a “Denial of Service” in the Cisco FXOS, NX-OS and IOS XR software that ended up damaging the victims’ networks

By exploiting the vulnerabilities effectively, numerous organizations’ and companies’ networks were smashed, costing all the affected parties heavily.

Per legitimate sources, following is the list of all the vulnerable devices in the represented categories:

• Nexus 1000 Virtual Edge
• Nexus 1000V Switch
• Nexus 3000 Series Switches
• Network Convergence System (NCS) 1000 Series
• Network Convergence System (NCS) 5000 Series
• Network Convergence System (NCS) 540 Routers
• Network Convergence System (NCS) 5500 Series
• Network Convergence System (NCS) 560 Routers
• MDS 9000 Series Multilayer Switches
• Nexus 5500 Series Switches
• Nexus 5600 Series Switches
• Nexus 6000 Series Switches
• Nexus 7000 Series Switches
• Nexus 9000 Series Fabric Switches
• Network Convergence System (NCS) 6000 Series
• UCS 6200 Series Fabric Interconnects
• UCS 6300 Series Fabric Interconnects
• UCS 6400 Series Fabric Interconnects

IP Phones
• Unified IP Conference Phone 8831
• Wireless IP Phone 8821-EX
• Wireless IP Phone 8821
• IP Conference Phone 7832
• IP Conference Phone 8832
• IP Phone 6800 Series
• IP Phone 7800 Series
• IP Phone 8800 Series
• IP Phone 8851 Series

IP Cameras
• Video Surveillance 8000 Series IP Cameras

• IOS XRv 9000 Router
• Carrier Routing System (CRS)
• ASR 9000 Series Aggregation Services Routers
• Firepower 1000 Series
• Firepower 2100 Series
• Firepower 4100 Series
• Firepower 9300 Security Appliances
• White box routers running Cisco IOS XR

The exploitation of the other four Remote Execution vulnerabilities could be in a way that a “maliciously” fabricated “CDP Packet” could be sent on the targeted Cisco devices and have their mechanisms altered.

There’s a vulnerability that could be hunted down or traced by (CVE-2020-3119). It helps the attackers to completely override the default switch and network infrastructure settings.

One of the vulnerabilities which could be traced as (CVE-2020- 3118), could help attackers gain control of the target’s router via remote code execution and use it in any harmful way they find acceptable.

Cisco’s 800 series IP cameras were vulnerable to attackers’ remote code execution. The vulnerability could be located as (CVE-2020-3110)

According to sources, in the other Cisco “Voice over IP Phone” vulnerability, an overflow in the parsing function could be exploited to access “code execution”. This vulnerability could be traced to (CVE-2020-311).

The troubles this vulnerability could cause an organization are manifold.
Acquiring access to other devices via “man-in-the-middle” attacks.
Damaging the network’s structure
“Data Exfiltration”, ranging from network traffic to sensitive information and personal phone calls, by the help of manipulated routers and switches.

Per reports, Cisco has come up with patches and the users are directed to employ them without any further delay.