Search This Blog

Showing posts with label Updates. Show all posts

Trend Micro Flaw Being Actively Exploited

 

The cybersecurity firm Trend Micro disclosed that the threat actors are once again using security solutions as attack vectors and this time attackers are deliberately leveraging a vulnerability in its antivirus solutions, identified as CVE-2020-24557, to gain admin rights on Windows systems. 

Apex One and OfficeScan XG enterprise security products are affected by the CVE-2020-24557 vulnerability. The issue resides in the logic that controls access to the Misc folder, it could be manipulated by an attacker to escalate privileges and execute code in the context of SYSTEM. An attacker may use the bug to exploit a specific product folder to temporarily disable protection, abuse a specific Windows feature, and gain privilege escalation, according to experts. 

According to the advisory published by Tenable, “A vulnerability in Trend Micro Apex One on Microsoft Windows may allow an attacker to manipulate a particular product folder to disable the security temporarily, abuse a specific Windows function and attain privilege escalation. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.” 

Microsoft researcher Christopher Vella reported the flaw to Trend Micro via the Zero-Day Initiative programme in 2020, and the security firm addressed it in August 2020. Now, the security company has updated its security warning, acknowledging that the bug is being actively exploited in the wild by attackers and urging customers to install security updates. 

“Known vulnerabilities in Apex One, Apex One SaaS and OfficeScan agents could elevate privileges, allow an attacker to manipulate certain product folders to temporarily disable security features or to temporarily disable certain Windows features. It may be abused.” states the update published. 

JPCert also issued a warning about the above vulnerability, which has affected the following items and versions: 
– Trend Micro Apex One 2019 before Build 8422 
– Trend Micro Apex One as a Service prior to Build 202008 
– OfficeScan prior to XG SP1 Build 5702

In the advisory published by the JPCert, it stated “Since the vulnerability is already being exploited in the wild, the users of the affected products are recommended to update the affected system to the latest version as soon as possible. Please refer to the information provided by Trend Micro.” 

“We have confirmed attacks that exploit known vulnerabilities in the following products. Each patch that has already been released supports it, so if you have not applied it, please apply it as soon as possible.” stated the cybersecurity firm. 

Other vulnerabilities in the Apex One and OfficeScan XG security products, such as CVE-2019-18187, CVE-2020-8467, and CVE-2020-8468 have previously been revealed and some of them have been exploited by nation-state actors in real-world attacks.

WhatsApp to Allow Users to Sync Chat Between iOS and Android


When switching devices from Android to iOS or the other way round, users were not able to retain the chat histories despite the backup option as WhatsApp didn’t provide a means to synchronize chat histories between the two platforms. Although, for the iOS users the chat histories are backed up on the iCloud and similarly, for Android, Google’s cloud gets the work done as long as the platform remains unchanged, having a method to drag the backup to a new platform would add a lot more convenience to both the universes.

Facebook-owned WhatsApp has been working on a new feature aiming to resolve the issue pertaining to the syncing of chats across platforms; the company is planning to come up with a functionality that will allow users to use a single phone number, i.e., one account on multiple devices, as per the sources.

Reports suggest that WhatsApp could allow users to use a single account on four different devices simultaneously. However, as per the idea revolving around this new feature, a Wi-Fi facility will become a must for users as a lot of data will be required for the uploading and downloading of all the multimedia along with the messages, while syncing the chat histories between devices.

Notably, the development came in the wake of users' complaints and demand regarding being able to use one account on multiple devices. Once WhatsApp will securely copy the chat history to the other device, users will finally be able to use their account from it. During the process, the encryption keys will be changed and all active chats will be notified about the same.

Referencing from the report by WABetainfo, “When the user wants to use WhatsApp on a second device, there is the need to copy the chat history. In this case, WhatsApp always requires a Wi-Fi connection, because it may use a large amount of your data plan,”

“Note that any message will be delivered to all your family devices, so your chat history will be always synced across platforms, and when you use or remove a device, your encryption key changes,”

“In this case, WhatsApp Desktop was used for the test, but it will work on a second mobile device too, but it’s really possible that WhatsApp will allow mobile devices to be connected to your main device later than WhatsApp Desktop. Note that, using this feature, an Internet connection on your device will no longer be needed to use WhatsApp Desktop,” read the report. 

StrandHogg is Back and Stronger As a More Sophisticated Vulnerability


Android is vulnerable anew owing it to a new vulnerability which goes by the name of “StrandHogg 2.0”

That is right. StrandHogg is back and now has affected numerous Android devices putting over a Billion Android devices in jeopardy.

The vulnerability is a pretty typical way aids hackers disguise illegitimate applications as legitimate ones with the ultimate aim of making them grant permissions which could end up releasing really important information.

The posing applications then find a way to the users’ sensitive data that too in real-time. Surprisingly, the worst part about the vulnerability is that the users would have no idea at all that they have been attacked and they’d be completely unaware of the malicious applications on their device.

This vulnerability is referenced as “CVE-2020-0096” and is known by the name “StrandHogg 2.0”. This version aids the hackers to make more sophisticated attacks.

As of last year StrandHogg was already listening in on conversations and recording them, accessing login credentials, read/sending unwanted texts and with complete control of the photo album, call logs, and contacts.

Allegedly, StrandHogg 2.0 excepting the latest version of the Android 10 OS, exists on most Android devices.

As per sources, the Google website has it that from a minimum of 2 Billion Android users, just 16% of them have updated to Android 10 hence the rest are allegedly vulnerable.

To fight or prevent any mishap that could be caused by StrandHogg 2.0, steer clear off pop up notifications asking permission for sending notifications, messages, or other related things and applications asking to log in again despite being already logged in.

Due to the Coronavirus Pandemic, not as per usual, Google will be releasing its Android 11 Beta version via an online conference at the Google I/O. Reportedly this conference is scheduled for June 3, 2020.

Sources mention that this conference will be a fresh source for many new updates and news about official events. The schedule for the launching of Android 11 has been released and according to it Android 11 will undergo 3 Beta releases in the upcoming months that are June, July, and August. Word has it that the official version would finally hash out in or near October.


Firefox Now Set To Utilize BITS for Downloading New Software Updates


Mozilla Firefox is all set to utilize the Windows Background Intelligent Transfer Service, or BITS, to download the software updates in the background, this initial phase in the possible release of a standalone "Update Agent" that will perform updates despite when the browser's closed.
Presently Firefox will look for the new updates when the user opens the browser and either show a notification that an update is available or automatically install it.

Mozilla developers are likewise taking a shot at an independent application written in Rust called "Update Agent" which will discreetly run while checking for new browser updates notwithstanding when Firefox isn't open. For the users who don't run Firefox every now and again, it'll make it simpler for them to receive the new updates.

The purpose behind the Update Agent being planned as a 'background process’ which will remain running even after the browser is closed to download and apply updates is to make updating progressively helpful for everybody and lessen the time to get the new updates for users who aren't all around bolstered by the present update process since they don't run Firefox very much or they do not have an access to a proper internet connection.

This technique makes Firefox progressively secure, as regardless of whether a user immediately installs the update when prompted to do so, despite everything it comes up with an open door for a vulnerability which could be exploited before the update as well as its security fixes, can be installed.

For Windows users, Mozilla will utilize the Windows Background Intelligent Transfer Service, or BITS, since it enables updates to be downloaded in a manner that can be recovered if a download ends or is paused for reasons unknown. This enables the update to keep downloading where it left off when it can and spare time completing the update.

As the Update Agent application isn't prepared as of yet and requires a few different bugs to be settled with first, Mozilla is empowering BITS in Firefox with the goal that the browser can start utilizing the support and service of download browser updates.


Firefox BITS preferences


While the Mozilla developers are effectively taking a shot at this venture, with the goal that they can positively finish it sooner rather than later, then again in the Firefox Nightly build, Mozilla has included two new flags that can be utilized to test downloading software updates through BITS. Users can thus enable this test by setting the app.update.BITSenabled and app.update.BITS.inTrialgroup preferences to true in about:config.