Contents
- Security News
- Latest Vulnerabilities
- Black Hat 2019
Top Security News
Israeli Tech’s Dirty Ops
This hack was used to target a lawyer that is suing the NSO Group in Israeli courts. That lawyer then hired Citizens Lab, who performed a forensic investigation on the phone, who confirmed that the NSO Group was in fact behind it. WhatsApp engineers have since patched the vulnerability and the application is once again secure.
US Customs Loses All The Data
The Register broke a story back in May that a contractor for US Customs and Border Control was hacked and the loot was made available online for download. It turns out that this breach gets worse – this contractor was found in possession of a trove of photos collected from the US border including both license plates and people.
The worst part – the contractor violated privacy rules and security measures that were in place to prevent them from copying this data to their own network. Remember to trust but verify that your security controls are doing their job!
New Spam Campaign Targets Old Office Vulns
Microsoft researchers have warned of a new wave of SPAM campaigns targeting an old vulnerability in Microsoft Office. The vuln (CVE-2017-11882) is a weakness in the Microsoft Equasion Editor that was patched in November 2017, however it is noted to be one of the top weaknesses that were targeted for exploit during 2018 according to several sources.
Recent Vulnerabilities
Microsoft NTLM Flaws Expose All Windows Machines to RCE Attacks
Preempt researchers discovered three new ways to abuse the NTLM authentication protocol. These vulnerabilities can allow attackers to abuse existing NTLM sessions and gain Remote Code Execution that affects all versions of Windows. Install Microsoft security patches and harden your NTLM configurations now – this is one we expect to see in penetration tests for the next few years at minimum!
Exim Mail Server Weakness
A vulnerability was discovered in the popular open source mail server Exim. The weakness (CVE-2019-10149) is easily exploitable to local attackers, and still exploitable (though less easily) by remote attackers under default conditions. Researchers have found that Exim is exposed on the internet by upwards of 4.7 million systems making it a possible target for mass scale attack.
Rowhammer Evolves Into RAMBleed
Ever since Rowhammer was first conceived as an attack in 2014, researchers have been looking for ways to enhance and build capabilities around its central idea. For those that don’t know, Rowhammer attacks involve repeatedly changing a value in RAM to affect values stored in adjacent cells of memory.
Blackhat Training – Security for Hackers and Developers
VDA Labs will once again be offering our training course “Security for Hackers and Developers” at Black Hat USA. Sign up before July 12 to get the ‘Regular’ pricing.
Have any feedback? Let us know!
We are passionate about making this an interesting read for you on a weekly basis. Do you have suggestions for how we could do better? Follow the link below and let us know!