Vulnerabilities of the Past Are the Vulnerabilities of the Future

 

May had the fewest vulnerabilities, with a total of 55 and only four considered critical. The problem is that the critical vulnerabilities are things we have seen for many years, like remote code execution and privilege escalation.

We see monthly security updates coming from Apple, Adobe, Google, Cisco, and others.

Everything old is new again

With major vulnerabilities in so many applications, is there any hope for a secure future? The answer is, of course, yes, but that does not mean there won't be challenges getting there.

The vulnerabilities being seen may not be new to those of us who have been defending against attackers for years or even decades, but the adversaries continually change their tactics.

• Privilege

A common tactic of ransomware operators and other threat actors is to achieve elevated privileges on a system to help legitimize their actions and gain access to sensitive data.

If an info stealer has the same access as the current user, the chances of exfiltrating sensitive data are significantly increased. Meanwhile, admin access nearly guarantees access to juicy data.

In addition to keeping software updated, this is where Zero Trust initiatives and data flow monitoring become critical. At a minimum, Zero Trust means that the principle of least privilege should be applied, and multi-factor authentication should be required wherever it is available.

Essentially, this ensures that anyone who does not need access to a system or file cannot access it – while those who do must prove that they are whom they say they are. Monitoring the flow of data can also help catch a breach early on, limiting the amount of data stolen.

• Remote access

Remote code execution (RCE) is not going away any time soon. These attacks accounted for around 27% of the attacks in 2020, up from 7% the prior year. If an attacker can find a way to run arbitrary code on your system remotely, they have a lot more control than they would from just getting a user to run a piece of malware with predefined functions unwittingly.

If the attacker can run arbitrary code remotely, they gain the ability to move around the system and possibly the network – enabling them to change their goals and tactics based on what they find.

Behavioral monitoring is one of the best ways to detect RCE on your systems. If an application begins running commands and spinning up processes that are not a part of its normal behaviors, you can put a stop to an attack early on. The fact that RCE is so common also mandates that you keep security patches up-to-date to stop many of these attacks before they even start.

• Who needs malware?

Today, a favorite attack method is using legitimate processes and trusted applications to accomplish nefarious goals. These fileless, or living off the land, attacks can be difficult to detect because the malware does not need to be installed.

One of the most common applications to be exploited this way is PowerShell. This makes sense because PowerShell is a powerful application used to script and run system commands.

This is another instance where monitoring the behaviors of applications and processes can be vital in stopping an attack quickly. Does PowerShell really need to disable security features?

In most cases, probably not. Behaviors like this can be monitored, even from trusted applications like PowerShell. Combine this monitoring with advanced machine learning and AI, and you can begin fingerprinting normal behaviors on your network, with automated responses to unusual activity.

• Go forth and repeat yourself

While the common types of attacks may not change much, any changes to application or code have the potential to introduce new vulnerabilities. This doesn't mean we should give up and just let the adversaries win – it means that now is the time to double down on our efforts to thwart their attempts.

Implement a patch management strategy, monitor the network, use behavioral detection, and avoid complacency. The fact that major software providers are regularly patching major vulnerabilities is actually a good thing because the attackers are not giving up, so neither should we.

Thanks For Reading 😊

Hackers Are Using Samsung Pre-Installed Apps to Exploit And Spy On Users 

Multiple critical security flaws have been disclosed in Samsung's pre-installed Android apps, which, if successfully exploited, could have allowed adversaries access to personal data without users' consent and take control of the devices.

"The impact of these bugs could have allowed an attacker to access and edit the victim's contacts, calls, SMS/MMS, install arbitrary apps with device administrator rights, or read and write arbitrary files on behalf of a system user which could change the device's settings," Sergey Toshin, founder of mobile security startup Oversecured, said in an analysis published Thursday

Toshin reported the flaws to Samsung in February 2021, following which patches were issued by the manufacturer as part of its monthly security updates for April and May. 

The list of the Six vulnerabilities is as follows -

• CVE-2021-25356 - third-party authentication bypass in Managed Provisioning

• CVE-2021-25390 - Intent redirection in PhotoTable

• CVE-2021-25391 - Intent redirection in Secure Folder

• CVE-2021-25392 - Possible to access notification policy file of DeX

• CVE-2021-25393 - Possible to read/write access to arbitrary files as a system user (affects the Settings app)

• CVE-2021-25397 - Arbitrary file write in TelephonyUI

The impact of these flaws means they could be exploited to install arbitrary third-party apps, grant the device admin privileges to delete other installed applications or steal sensitive files, read or write arbitrary files as a system user, and even execute privileged actions.

Samsung device owners are recommended to apply the latest firmware updates from the company to avoid any potential security risks.

Jai Hind ☺️

Windows XP | Windows Server 2003 source code leaks online | 4chan

 Microsoft's long-lived operating system Windows XP—that still powers over 1% of all laptops and desktop computers worldwide—has had its source code leaked online, allegedly, along with Windows Server 2003.

The source code for Microsoft's 19-year-old operating system was published as a torrent file on notorious bulletin board website 4chan, and it's for the very first time when source code for Microsoft's operating system has been leaked to the public.

This latest XP leak isn’t the first time Microsoft’s operating system source code has appeared online. At least 1GB of Windows 10-related source code leaked a few years ago, and Microsoft has even faced a series of Xbox-related source code leaks this year. Original Xbox and Windows NT 3.5 source code appeared online back in May, just weeks after Xbox Series X graphics source code was stolen and leaked online.

• Windows 2000
• Windows CE 3 
• Windows CE 4 
• Windows CE 5 
• Windows Embedded 7
• Windows Embedded CE
• Windows NT 3.5
• Windows NT 4
• MS-DOS 3.30 
• MS-DOS 6.0

So, the leaker decided to share the source code to the public, saying that "information should be free and available to everyone."

"I created this torrent for the community, as I believe information should be free and available to everyone, and hoarding information for oneself and keeping it secret is an evil act in my opinion," the leaker said, adding that the company "claims to love open source so then I guess they'll love how open this source code is now that it's passed around on BitTorrent."

Besides containing source code, the torrent also includes a media folder (files and videos) related to conspiracy theories about Bill Gates.

The leaked source code should not come as a surprise as Microsoft does have a history of providing its OS source code to governments worldwide via a special Government Security Program (GSP) the company runs that allows governments and organizations controlled access to the source code.

 Microsoft ended its support for Windows XP back in 2014, so its source code leak doesn't make the systems running the outdated OS version more of a target, because there's probably a ton of other unpatched vulnerabilities already exist. So hackers may find malware software for that source code and may threat for your system 

 Windows XP source code still present in Windows 10 can allow hackers to target newer versions of Windows operating system altogether, which would be a real threat to billions of users.

Jai Hind 😊 

WordPress Vulnerability | credentails News May 2020

According to the report of team Wordfence 

At the end of the may wordfence has detected over 130 million attacks caught and blocked 

 

attackers are are targeting at older vulnerabilities in outdated plugins or themes that allows to download the file  wp-config.php, 

these file contains database, databases credentials, and connection information, plus authentication

 An attacker with access to this file could gain access to the site’s database, where site content and users are stored cookies using xss bug

below some of attacking IP addresses in this campaign are listed 

200.25.60.53

194.60.254.42

31.131.251.113

107.170.19.251

188.165.195.184

192.254.68.134

93.190.140.8

you should chance your database password and authentication unique keys and salts immediately.

 If your server is configured to allow remote database access

• An attacker with your database credentials could
• Add an administrative user,
• Stealing sensitive data
•  delete your site altogether. 

Even if your site does not allow remote database access, an attacker who can bypass other security mechanisms 

using your security authentication keys and passwords 

how to know your website was attacked or not

in your server logs. Look for any log entries containing wp-config.php 

in the query string that returned a 200 response code.

JAI HIND 

let me know your thoughts Email