Archive for May 31, 2018

Vulnerability in Windows JScript component allows remote code execution


Trend Micro’s Zero-Day Initiative yesterday released a summary of light technical details regarding a vulnerability in Windows operating system’s JScript component that allows remote hackers to execute malicious code on the victim’s computer.

According to ZDI, the vulnerability can be exploited by targeting installations on Microsoft Windows and requires user interaction by visiting a malicious page or downloading and opening a malicious file on the system.

“The specific flaw exists within the handling of Error objects in JScript,” ZDI said in the advisory. “By performing actions in script, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process.”

ZDI had first reported this vulnerability to Microsoft in January after Dmitri Kaslov of Telspace Systems had discovered the bug and has disclosed the vulnerability to the public according to its 120 day deadline.

Microsoft is reportedly working on a patch but since it was unable to meet ZDI’s deadline, ZDI has disclosed light details of the vulnerability.

Brian Gorenc, director of Trend Micro's Zero Day Initiative, told Bleeping Computer, “Due to the sensitivity of the bug, we don’t want to provide too many technical details until a full fix from Microsoft is available.”

He also said that the flaw does not lead to a full system compromise as it only allows code execution “within a sandbox environment”. "An attacker would need additional exploits to escape the sandbox and execute their code on the target system," he said.

The vulnerability has received a 6.8 CVSS score out of 10.

Vulnerability in Windows JScript component allows remote code execution


Trend Micro’s Zero-Day Initiative yesterday released a summary of light technical details regarding a vulnerability in Windows operating system’s JScript component that allows remote hackers to execute malicious code on the victim’s computer.

According to ZDI, the vulnerability can be exploited by targeting installations on Microsoft Windows and requires user interaction by visiting a malicious page or downloading and opening a malicious file on the system.

“The specific flaw exists within the handling of Error objects in JScript,” ZDI said in the advisory. “By performing actions in script, an attacker can cause a pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process.”

ZDI had first reported this vulnerability to Microsoft in January after Dmitri Kaslov of Telspace Systems had discovered the bug and has disclosed the vulnerability to the public according to its 120 day deadline.

Microsoft is reportedly working on a patch but since it was unable to meet ZDI’s deadline, ZDI has disclosed light details of the vulnerability.

Brian Gorenc, director of Trend Micro's Zero Day Initiative, told Bleeping Computer, “Due to the sensitivity of the bug, we don’t want to provide too many technical details until a full fix from Microsoft is available.”

He also said that the flaw does not lead to a full system compromise as it only allows code execution “within a sandbox environment”. "An attacker would need additional exploits to escape the sandbox and execute their code on the target system," he said.

The vulnerability has received a 6.8 CVSS score out of 10.

Google Rewards $36,000 For Finding Vulnerability





Google has rewarded an Uruguayan teenager with $36,000 for finding a  severe security vulnerability.

Ezequiel Pereira, a 17-year-old was surfing the site when he found a serious security flaw that would have abled him to make changes to internal computer systems of the company.

"I found something almost immediately that was worth $500 and it just felt so amazing. So I decided to just keep trying ever since then," Pereira told CNBC. "It feels really good - I'm glad that I found something that was so important," he added.

Although Pereira found the vulnerability earlier this year but was not allowed to write about the flaw and how he did it. However, this week he got permission from Google to write how he found the vulnerability after Google confirmed that it had fixed the issue.

This was Pereira’s fifth accepted bug, but his most lucrative.

Afghan diplomats in Pakistan targeted by hackers

Afghan diplomats in Pakistan have been warned they are believed to be victims of "government-backed" digital attacks trying to steal their email passwords.

Afghan embassy sources told BBC two staff members and a generic account received alerts from Google this month.

Last week Amnesty International detailed attempts to install malware on computers and phones of activists critical of Pakistan's military. The army did not comment on allegations intelligence services were to blame.

After the Google warning alerts were sent out, another Afghan diplomat's email account was hacked and made to send out emails, without his knowledge, containing suspicious attachments.

The emails purported to contain photographs of rallies by protesters known as the Pashtun Protection Movement (PTM). In fact, the attachments appear to contain malicious files, although it was not possible to download and examine them.

The PTM movement has accused the Pakistani military of committing human rights abuses in the country's fight against terrorism. Protests have been non-violent but controversial due to their unusually direct criticism of the Pakistani intelligence services.

A source in the Afghan embassy told BBC he was concerned that recipients of the emails sent out from the diplomat's account could believe the Afghan embassy was linked to the movement. The two countries regularly accuse each other of working to undermine the other's security.

The email was sent to addresses publicly linked to a number of political figures in Pakistan. They include a former information minister and a former law minister.

It was also sent to a former senator from a Pashtun nationalist party, Bushra Gohar. Ms Gohar told the BBC: "I know for a fact that all my accounts are being observed… this is condemnable." She added: "Parliament needs to form a committee and look into what is going on."

An employee of the Afghan embassy and a former member of staff were also both targeted by a fake Facebook profile linked to cyber-attacks.

Medical Devices Now Vulnerable To Cyber Attacks




It is no denying the Fact that with the advancement in technology and evolution in time tons of changes have been made as well as acknowledged by millions of individuals all around the world, as these progressions have contributed in making their daily lives all the more simpler and comfortable.
One such essential change is the one made in the medicinal field, now medical gadgets of all kinds have the network and connectivity that enormously increases their effectiveness and usefulness, making it significantly less demanding for patients to be monitored.

However, with the way digital attacks are on the rise, a significant number of these attacks may often feel like life and demise circumstances. Be that as it may, with such huge numbers of crucial medical devices requiring network connectivity, some of them may really be targets of lethal attacks. 

Disavowal of administration i.e. service attacks and hackings are two of the most serious dangers confronting the medicinal device industry and the patients, that these propelled medical devices are intended to secure and protect.

The astounding dangers related associated with medical gadgets is very much delineated by the case of implantable cardioverter defibrillators, or ICDs, which are embedded so as to keep a person's pulse controlled and to convey a  life-saving shock in patients who are at high risk of heart failure. ICDs are potentially powerless to a type of digital attack that is firmly identified with DDoS attacks thus, rather than utilizing a system of Internet-connected devices to overpower a target, an assault on an ICD would require only one internet connection.

Vulnerability is that of Insulin over-load. The creators of an insulin pump, in October 2016, made the novel stride of informing clients of a potential security weakness. In the wake of getting data about the defenselessness, Johnson and Johnson and Animas cautioned clients that an attacker, even a remote one, could possibly trigger insulin infusions by mocking the meter remotely, with the risk of eventually causing a hypoglycaemic response in the patient which could be a serious health hazard for a diabetic patient.

Medical imaging gadgets are likewise in danger of cyber interference, the sort that could cause a patient serious harm. The researchers at the Ben-Gurion University of the Negev in Israel found that attackers could be able to expand the level of radiation discharged amid a scan to the point that it could cause ailment, damage or possibly even radiation overdose to a patient.

Nevertheless the message with regards to the medical devices is the same as that of any sort of devices with network or internet connectivity: security should be organized and prioritized better. The device makers should focus on creating devices that focus on playing out the tasks that they had been intended to perform.

This is reasonable, however with the intrinsic vulnerabilities of these gadgets and the hazardous disavowal of administration attacks and hackings that are conceivable as a result of them, security should be the essential need of the hour.