Archive for the ‘Security’ Category

May 2018: Two Zero-Day Microsoft Flaws Under Active Attack

May 14, 2018

Microsoft Patches Two Zero-Day Flaws Under Active Attack
Tuesday, May 08, 2018 Swati Khandelwal

CVE-2018-8120
Risk: Medium

Recommendations

Permit local access for trusted individuals only. Where possible, use restricted environments and restricted shells.
To exploit this vulnerability, an attacker requires local access to an affected computer. Grant local access for trusted and accountable users only.

CVE-2018-8174
Risk: High

Recommendations

Block external access at the network boundary, unless external parties require service.
If global access isn’t needed, filter access to the affected computer at the network boundary. Restricting access to only trusted computers and networks might greatly reduce the likelihood of successful exploits.

Run all software as a nonprivileged user with minimal access rights.
To reduce the impact of latent vulnerabilities, always run nonadministrative software as an unprivileged user with minimal access rights.

Do not accept or execute files from untrusted or unknown sources.
To reduce the likelihood of successful exploits, do not open or handle files from unknown or untrusted locations.

Do not follow links provided by unknown or untrusted sources.
Never follow links provided by unfamiliar or untrusted sources or visit sites of questionable integrity.

Advertisements

Spectre Meltdown CPU Checker

March 30, 2018

Easily examine and understand any Windows system’s hardware and software capability to prevent Meltdown and Spectre attacks.

  1. GRC InSpectre – check Spectre & Meltdown Protection
  2. AShampoo Spectre Meltdown CPU checker

How a Fitness App’s Heat Map Uncovers Military Bases | NYT

January 31, 2018

Published on Jan 30, 2018

Strava’s online exercise-tracking map unwittingly reveals remote military outposts — and even the identities of soldiers based there. The situation shows how data collection can lead to unintended consequences

Singapore heatmap – Pulau Ubin / Google Map (Pulau Ubin)

Fitness-Tracker App Exposes Security Flaw at Taiwan’s Missile Command Center

How to Use and Interpret Data from Strava’s Activity Map

How to opt out of the Strava heat map that’s revealing secret locations

Intel’s Spectre/Meltdown patch is causing computers to reboot spontaneously

January 23, 2018

INTEL recommend users to stop using the current patch as “they may introduce higher than expected reboots and other unpredictable system behavior.” If you have yet to patch your system, hold off and wait for a newer update from Intel. End-users should continue to apply updates recommended by their system and operating system providers.

Intel Security Issue Update: Addressing Reboot Issues, 11 Jan 2018
Root Cause of Reboot Issue Identified; Updated Guidance for Customers and Partners, 22 Jan 2018

Intel’s processors have a security bug and the fix could slow down PCs

January 4, 2018

A lot of time will be spent flushing the translation look-aside buffers when switching between applications and the operating system’s kernel after the patches for the currently embargoed hardware bug takes effect.

The affected Intel CPUs are of the 6th, 7th and 8th generations. For mac users, it impacts devices using the core i3, i5, and i7 processors.

[More Info]
Design flaw found in Intel chips; fix causes them to slow: report
Intel’s processors have a security bug and thefix could slow down PCs
Intel CPU kernel bug FAQ: Fix for massive security flaw could slow down PCs and Macs
Intel responds to the CPU kernel bug, downplaying its impact on home users
Today’s CPU vulnerability: what you need to know
Reading privileged memory with a side-channel

Pre-Installed Keylogger Found On Over 460 HP Laptop Models

December 12, 2017

Pre-Installed Keylogger Found On Over 460 HP Laptop Models
Friday, December 08, 2017 Wang Wei

A security researcher who goes by the name of ZwClose discovered a keylogger in several Hewlett-Packard (HP) laptops that could allow hackers to record your every keystroke and steal sensitive data, including passwords, account information, and credit card details.

The Keylogger was found embedded in the SynTP.sys file, a part of Synaptics touchpad driver that ships with HP notebook computers, leaving more than 460 HP Notebook models vulnerable to hackers.

Although the keylogger component is disabled by default, hackers can make use of available open source tools for bypassing User Account Control (UAC) to enable built-in keylogger “by setting a registry value.”

Here’s the location of the registry key:
HKLM\Software\Synaptics\%ProductName%
HKLM\Software\Synaptics\%ProductName%\Default

The researcher reported the keylogger component to HP last month, and the company acknowledges the presence of keylogger, saying it was actually “a debug trace” which was left accidentally, but has now been removed.

The company has released a Driver update for all the affected HP Notebook Models. If you own an HP laptop, you can look for updates for your model. The list of affected HP notebooks can be found at the HP Support website.

Serious security flaws in Intel’s ME, including those running Intel’s latest chips

November 28, 2017

Intel ID: INTEL-SA-00086
Product family: Various
Impact of vulnerability: Elevation of Privilege
Severity rating: Important
Original release: Nov 20, 2017
Last revised: Nov 22, 2017

There are multiple security vulnerabilities in its Management Engine (ME), a remote administration feature that allows IT administrators to manage devices and perform wide-ranging functions.

The security advisory points out bugs in ME, in addition to the Sever Platform Services (SPS) remote server management tool and the Trusted Execution Engine (TXE) hardware authentication tool.

What’s more, because ME has its own microprocessor, it can run even when a PC is off (but plugged in), as the microprocessor can function as a separate computer. This could then allow attackers to gain greater degrees of control by using ME as a launchpad.

Furthermore, the exploit could let an attack operate separately from the main computer, so they wouldn’t trigger any alarms.

Intel has released a detection tool for Linux and Windows to help customers check if their systems are vulnerable.

 

How do you find out whether an account has already been hacked?

June 26, 2017

Check if your info has been stolen

The site will sift through your accounts in search of security breaches. Run your email address and username through the search field, and it will tell you if your login information has been linked to any security breaches.

Show all wireless profiles & their security passwords on the Windows PC

May 20, 2017

Show all wireless profiles on the PC
At the command prompt, type:
netsh wlan show profiles

Show a security key
At the command prompt, type:
netsh wlan show profile name=“ProfileName” key=clear

 

Find & Show Wi-Fi Network Passwords from the Command Line in Mac OS X

Open Spotlight (Cmd+Space) and type terminal to open the Terminal window  or

Open the Terminal app from /Applications/Utilities/, then use the following command syntax to find and display the password for a specific wireless network:
security find-generic-password -ga “SSID” | grep “password:”

Customer Guidance for WannaCrypt attacks

May 15, 2017

https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/

Further resources:

Download English language security updates: Windows Server 2003 SP2 x64, Windows Server 2003 SP2 x86, Windows XP SP2 x64, Windows XP SP3 x86, Windows XP Embedded SP3 x86, Windows 8 x86, Windows 8 x64

Download localized language security updates: Windows Server 2003 SP2 x64, Windows Server 2003 SP2 x86, Windows XP SP2 x64, Windows XP SP3 x86, Windows XP Embedded SP3 x86, Windows 8 x86, Windows 8 x64

General information on ransomware: https://www.microsoft.com/en-us/security/portal/mmpc/shared/ransomware.aspx

MS17-010 Security Update: https://technet.microsoft.com/en-us/library/security/ms17-010.aspx