Category: Security Threats

CERT/CC Details Critical Flaws in Microsoft Windows, Server

The CERT Coordination Center (CERT/CC) has published data on vulnerabilities affecting versions of Microsoft Windows and Windows Server.

Microsoft had issued an advisory for CVE-2018-8611, a Windows kernel elevation of privilege bug that exists when the Windows kernel fails to properly handle objects in memory. An attacker who exploited this flaw could run arbitrary code in kernel mode. The company also issued CVE-2018-8626 for a Windows DNS server heap overflow vulnerability. A remote code execution flaw exists in Windows DNS servers when they don’t properly handle requests, Microsoft explains.

Read more about the critical Windows flaws on DarkReading.

How Intel Has Responded to Spectre and Meltdown

In January of 2018, the world was introduced to two game-changing CPU vulnerabilities, Spectre and Meltdown, that brought “speculative execution side-channel vulnerability” into the enterprise IT security lexicon. Since then, a number of variants of the initial vulnerabilities have been found, along with new vulnerabilities taking advantage of similar functions within the CPUs.

Intel kicked off 2019 with a Jan. 2 editorial laying out its response to the Spectre and Meltdown vulnerabilities over the past year. The chip giant says the culture of the company has changed since the advent of Spectre and Meltdown, and its response has been effective. But vulnerabilities in the core of a CPU tend not to lend themselves too rapid, complete fixes, Intel says.

Read more about Intel’s response to Meltdown & Spectre on DarkReading.

Hacker Uses Australian Early Warning Network to Send Spam Alerts

Over the weekend, a hacker gained unauthorized access to the Queensland EWN, or Early Warning Network, and used it to send a spam alert via SMS, landline, and email to the company’s subscribers.

EWN is a service offered by Australian company Aeeris that allows Australian councils, or local governments, to send emergency alerts regarding extreme weather, fires, evacuation information, or incident responses. The unauthorized alerts stated that “EWN has been hacked. Your personal data is not safe.” They then went on to tell recipients to email support@ewn.com.au to unsubscribe from the service.

Read more about the security breach on BleepingComputer.

Singapore Airlines data breach affects 285 accounts, exposes travel details

Singapore Airlines (SIA) says a software glitch was the cause of a data breach that affected 285 members of its frequent flyer programme, compromising various personal information including passport and flight details.

The “software bug” surfaced after changes were made to the Singapore carrier’s website on January 4 and enabled some of its Krisflyer members to view information belonging to other travellers, SIA told ZDNet in an email.

Read more about the Singapore Airlines data breach on ZDNet.

Hackers dump data of hundreds of German politicians on Twitter

A group of hackers has published the personal details of hundreds of German politicians, but also German artists and local YouTube celebrities.

The data was uploaded online and later promoted via Twitter, starting a few days before the Christmas holiday. The source of the data appears to be the victims’ smartphones. Details about how the data was stolen and exfiltrated from infected phones remain unclear, at the time of writing. According to German news outlets [123], the leaked data contains names, home addresses, phone numbers, email addresses, photo IDs, personal photos, and personal chat histories.

Read more about the disturbing data leak on ZDNet.

Hackers demand ransom from Dublin’s tram system, after Luas website defaced

The website of Luas, the tram system operating in Ireland’s capital city of Dublin, has been taken offline this morning after hackers defaced the site and demanded a ransom be paid within five days.

Early morning visitors to the website were greeted with a message from the hackers, claiming that data had been stolen from operator Transdev Ireland, and would be published on the internet unless a ransom demand of one Bitcoin (approximately 3,300 Euros or US $3,800) was paid. In the message, the hackers claim that they previously contacted the tram operator about security vulnerabilities and were aggrieved that they received no response.

Read more about the attack on the Luas website on Tripwire.

A Dozen Flaws in Popular Mac Clean-Up Software Allow Local Root Access

A passel of privilege-escalation vulnerabilities in MacPaw’s CleanMyMac X software would allow a local attacker to gain root access to an Apple machine in various ways. CleanMyMac X is a cleanup application for MacOS that optimizes the drives and frees up space by scanning for unused, redundant or unnecessary files and deleting them. No fewer than a dozen flaws plague 4.0 and earlier versions of the software, all of them in the package’s “helper protocol.”

The helper functions of the software run as root functions and the flaws arise from the fact that they can be accessed by applications without validation – thus giving those applications root access.

Read more about the critical flaws in CleanMyMac X software on Threatpost.

‘Town of Salem’ game suffers data breach exposing 7.6 million user details

A hacker has stolen the personal details of 7.6 million users of browser-based game the “Town of Salem,” BlankMediaGames (BMG) has admitted in a blog post. The hack came to light after a mysterious person sent a copy of the stolen data to DeHashed, a commercial data breach indexing service.

DeHashed says it spent all the Christmas and New Year holiday trying to contact BMG and alert the game maker of the hack and its still-compromised server. The hacked servers were finally secured and “multiple backdoors removed” this week. The compromised information appears to include, usernames, email addresses, encrypted passwords, IP addresses and more.

Read more about the Town of Salem data breach on ZDNet.

Adobe Acrobat and Reader Security Updates Released for Critical Bugs

Adobe released security bulletin APSB19-02 that describes two security updates for critical vulnerabilities in Adobe Acrobat and Reader. In these updates only two vulnerabilities were fixed, but they are classified as Critical because they allow privilege escalation and arbitrary code execution.

The first vulnerability was assigned ID CVE-2018-16011 and is a use after free bug that could allow arbitrary code execution. The second vulnerability was assigned CVE-2018-19725 and allows attackers to execute code at a higher privilege level.

Read more about the critical Adobe vulnerabilities on BleepingComputer.

Data of 2.4 million Blur password manager users left exposed online

Abine, the company behind the Blur password manager and the DeleteMe online privacy protection service, has revealed a data breach impacting nearly 2.4 million Blur users. The breach came to light last year, on December 13, when a security researcher contacted the company about a server that exposed a file containing sensitive information about Blur users.

The company said it followed this initial report with an internal security audit to determine the size of the breach. The audit concluded last week, and the company made the data leak public on Monday in a post on its blog.

Read more about the massive Blur data leak on ZDNet.