HP rolls out patch to fix keylogging bug in certain laptops

May 13, 2017 – 7:10 AM

Consumers with HP laptops that have been accidentally recording their keystrokes can easily address the problem with a patch from the PC maker.

More than two dozen HP laptop models, including the EliteBook, ProBook and ZBook, have an bug in the audio driver that will act as a keylogger, a Swiss security firm said Thursday. A list of affected products can be found here.

Fortunately, HP began rolling out fixes through its support page, and in a Windows update, starting on Thursday, HP Vice President Mike Nash said.

The problem has been found affecting certain HP laptops made since 2015. In some cases, it stores all the captured keystrokes in a log file on the PC. In other cases, the bug will pass the keystrokes to a Windows debugging interface on the machine, exposing them to possible capture.

The security firm Modzero noticed the problem last month and reported it to HP, which prompted the PC maker to investigate it and work on a fix, Nash said in an interview.

“There was some debugging code in the audio driver that was mistakenly left there,” he said. “It was left there by accident. The intent was to help us debug a problem.”

HP’s patch will remove the flaw from the PC’s audio driver and also delete the log file that was storing the keystrokes.

Source:
http://www.csoonline.com/article/3196704/security/hp-rolls-out-patch-to-fix-keylogging-bug-in-certain-laptops.html

Wana Decrypt0r Ransomware Using NSA Exploit Leaked by Shadow Brokers Is on a Rampage

May 12, 2017 – 4:46 PM

Ransomware scum are using an SMB exploit leaked by the Shadow Brokers last month to fuel a massive ransomware outbreak that exploded online today, making victims all over the world in huge numbers.

The ransomware’s name is WCry, but is also referenced online under various names, such as WannaCry, WanaCrypt0r, WannaCrypt, or Wana Decrypt0r. As everybody keeps calling it “Wana Decrypt0r,” this is the name we’ll use in this article, but all are the same thing, which is version 2.0 of the lowly and unimpressive WCry ransomware that first appeared in March.

Activity from this ransomware family was almost inexistent prior to today’s sudden explosion when the number of victims skyrocketed in a few hours.

Source:
https://www.bleepingcomputer.com/news/security/wana-decrypt0r-ransomware-using-nsa-exploit-leaked-by-shadow-brokers-is-on-a-rampage/

Explained – How Intel AMT Vulnerability Allows to Hack Computers Remotely

May 5, 2017 – 4:35 PM
Earlier this week Intel announced a critical escalation of privilege bug that affects its remote management features shipping with Intel Server chipsets for past 7 years, which, if exploited, would allow a remote attacker to take control of vulnerable PCs, laptops, or servers.

The vulnerability, labeled CVE-2017-5689, affects Intel remote management technologies, including Active Management Technology (AMT), Intel Standard Manageability (ISM), and Intel Small Business Technology (SBT) software, versions 6 through 11.6.

The flaw was originally discovered by Maksim Malyutin, a member of Embedi research team, in mid-February, who then responsibly disclosed it to the Intel security team.

My previous article, published earlier this week, was based on the partial information shared by Maksim to The Hacker News, as the reported Intel AMT vulnerability was highly critical and can be exploited remotely, Embedi held technical details until most sysadmins update their systems with a patched firmware.
Today, Embedi research team has disclosed complete technical details about the critical vulnerability, and I have compiled this piece explaining:

  • What is Intel AMT technology?
  • Where the Intel AMT Vulnerability resides?
  • How can an attacker exploit Intel AMT Vulnerability?

Source:
https://thehackernews.com/2017/05/intel-amt-vulnerability.html

Chrome and Firefox Phishing Attack Uses Domains Identical to Known Safe Sites

April 15, 2017 – 7:05 PM

There is a phishing attack that is receiving much attention today in the security community.

As a reminder: A phishing attack is when an attacker sends you an email that contains a link to a malicious website. You click on the link because it appears to be trusted. Merely visiting the website may infect your computer or you may be tricked into signing into the malicious site with credentials from a site you trust. The attacker then has access to your username, password and any other sensitive information they can trick you into providing.

This variant of a phishing attack uses unicode to register domains that look identical to real domains. These fake domains can be used in phishing attacks to fool users into signing into a fake website, thereby handing over their login credentials to an attacker.

This affects the current version of Chrome browser, which is version 57.0.2987 and the current version of Firefox, which is version 52.0.2. This does not affect Internet Explorer or Safari browsers.

We created our own example to demonstrate how an attacker can register their own domain that looks identical to another company’s domain in the browser. We decided to imitate a healthcare site called ‘epic.com’ by registering our own fake site. You can visit our demo site here in Chrome or Firefox. For comparison you can click here to visit the real epic.com.

Source:
https://www.wordfence.com/blog/2017/04/chrome-firefox-unicode-phishing/

Most of the Shadow Brokers exploits are already patched

April 15, 2017 – 10:53 AM

This is getting a ton of press lately, but here is Microsoft’s response to the latest leaks:

Today, Microsoft triaged a large release of exploits made publicly available by Shadow Brokers. Understandingly, customers have expressed concerns around the risk this disclosure potentially creates. Our engineers have investigated the disclosed exploits, and most of the exploits are already patched. Below is our update on the investigation.

When a potential vulnerability is reported to Microsoft, either from an internal or external source, the Microsoft Security Response Center (MSRC) kicks off an immediate and thorough investigation. We work to swiftly validate the claim and make sure legitimate, unresolved vulnerabilities that put customers at risk are fixed. Once validated, engineering teams prioritize fixing the reported issue as soon as possible, taking into consideration the time to fix it across any impacted product or service, as well as versions, the potential threat to customers, and the likelihood of exploitation.

Most of the exploits that were disclosed fall into vulnerabilities that are already patched in our supported products. Below is a list of exploits that are confirmed as already addressed by an update. We encourage customers to ensure their computers are up-to-date.

Source:
https://blogs.technet.microsoft.com/msrc/2017/04/14/protecting-customers-and-evaluating-risk/

Page 4 of 350« First...23456...102030...Last »