Tag Archives: software

Update Samba Servers Immediately to Patch Password Reset and DoS Vulnerabilities

Samba maintainers have just released new versions of their networking software to patch two critical vulnerabilities that could allow unprivileged remote attackers to launch DoS attacks against servers and change any other users’ passwords, including admin’s.

Samba is open-source software (re-implementation of SMB networking protocol) that runs on the majority of operating systems available

Hard-Coded Password in Cisco Software Lets Attackers Take Over Linux Servers

A medium yet critical vulnerability has been discovered in Cisco Prime Collaboration Provisioning software that could allow a local attacker to elevate privileges to root and take full control of a system.

Cisco Prime Collaboration Provisioning (PCP) application allows administrators to remotely control the installation and management of Cisco communication devices (integrated IP telephony,

Flaw in Popular μTorrent Software Lets Hackers Control Your PC Remotely

If you have installed world’s most popular torrent download software, μTorrent, then you should download its latest version for Windows as soon as possible.

Google’s security researcher at Project Zero discovered a serious remote code execution vulnerability in both the ‘μTorrent desktop app for Windows’ and newly launched ‘μTorrent Web’ that allows users to download and stream torrents

Critical Flaw in Grammarly Spell Checker Could Let Attackers Steal Your Data


A critical vulnerability discovered in the Chrome and Firefox browser extension of the grammar-checking software Grammarly inadvertently left all 22 million users’ accounts, including their personal documents and records, vulnerable to remote hackers.

According to Google Project Zero researcher Tavis Ormandy, who discovered the vulnerability on February 2, the Chrome and Firefox extension of Grammarly exposed authentication tokens to all websites that could be grabbed by remote attackers with just 4 lines of JavaScript code.

In other words, any website a Grammarly user visits could steal his/her authentication tokens, which is enough to login into the user’s account and access every “documents, history, logs, and all other data” without permission.

“I’m calling this a high severity bug, because it seems like a pretty severe violation of user expectations,” Ormandy said in a vulnerability report. “Users would not expect that visiting a website gives it permission to access documents or data they’ve typed into other websites.”

Ormandy has also provided a proof-of-concept (PoC) exploit, which explains how one can easily trigger this serious bug to steal Grammarly user’s access token with just four lines of code.


This high-severity flaw was discovered on Friday and fixed early Monday morning by the Grammarly team, which, according to the researcher, is “a really impressive response time” for addressing such bugs.

Security updates are now available for both Chrome and Firefox browser extensions, which should get automatically updated without requiring any action by Grammarly users.

A Grammarly spokesperson also told in an email that the company has no evidence of users being compromised by this vulnerability.

“Grammarly resolved a security bug reported by Google’s Project Zero security researcher, Tavis Ormandy, within hours of its discovery. At this time, Grammarly has no evidence that any user information was compromised by this issue,” the spokesperson said. 

“We’re continuing to monitor actively for any unusual activity. The security issue potentially affected text saved in the Grammarly Editor. This bug did not affect the Grammarly Keyboard, the Grammarly Microsoft Office add-in, or any text typed on websites while using the Grammarly browser extension. The bug is fixed, and there is no action required by Grammarly users.”

Stay tuned for more updates.

Hard-coded Password Lets Attackers Bypass Lenovo’s Fingerprint Scanner


Lenovo has recently rolled out security patches for a severe vulnerability in its Fingerprint Manager Pro software that could allow leak sensitive data stored by the users.

Fingerprint Manager Pro is a utility for Microsoft Windows 7, 8 and 8.1 operating systems that allows users to log into their fingerprint-enabled Lenovo PCs using their fingers. The software could also be configured to store website credentials and authenticate site via fingerprint.

In addition to fingerprint data, the software also stores users sensitive information like their Windows login credentials—all of which are encrypted using a weak cryptography algorithm.

According to the company, Fingerprint Manager Pro version 8.01.86 and earlier contains a hard-coded password vulnerability, identified as CVE-2017-3762, that made the software accessible to all users with local non-administrative access.

“Sensitive data stored by Lenovo Fingerprint Manager Pro, including users’ Windows logon credentials and fingerprint data, is encrypted using a weak algorithm, contains a hard-coded password, and is accessible to all users with local non-administrative access to the system it is installed in,” the company said in its advisory, giving brief about the vulnerability.

The vulnerability impacts Lenovo ThinkPad, ThinkCentre and ThinkStation laptops, and affects more than two dozen Lenovo ThinkPad models, five ThinkStation Models and eight ThinkCentre models that run Windows 7, 8 and the 8.1 operating systems.

Here’s the full list of Lenovo devices compatible with Fingerprint Manager Pro and impacted by the vulnerability:

  • ThinkPad L560
  • ThinkPad P40 Yoga, P50s
  • ThinkPad T440, T440p, T440s, T450, T450s, T460, T540p, T550, T560
  • ThinkPad W540, W541, W550s
  • ThinkPad X1 Carbon (Type 20A7, 20A8), X1 Carbon (Type 20BS, 20BT)
  • ThinkPad X240, X240s, X250, X260
  • ThinkPad Yoga 14 (20FY), Yoga 460
  • ThinkCentre M73, M73z, M78, M79, M83, M93, M93p, M93z
  • ThinkStation E32, P300, P500, P700, P900
Lenovo has credited security researcher Jackson Thuraisamy with Security Compass for discovering and responsibly reporting the vulnerability.

The popular Chinese computer manufacturer strongly recommends its ThinkPad customers to update their devices to Fingerprint Manager Pro version 8.01.87 or later to address the issue. You can also head on to the company’s official website to do so.

Since Microsoft added native fingerprint reader support with Windows 10 operating system, thus eliminating the need for the Fingerprint Manager Pro software, Lenovo laptops running Windows 10 are not impacted by the vulnerability.

New TeamViewer Hack Could Allow Clients to Hijack Viewers’ Computer


Do you have remote support software TeamViewer installed on your desktop?

If yes, then you should pay attention to a critical vulnerability discovered in the software that could allow users sharing a desktop session to gain complete control of the other’s PC without permission.

TeamViewer is a popular remote-support software that lets you securely share your desktop or take full control of other’s PC over the Internet from anywhere in the world.

For a remote session to work both computers—the client (presenter) and the server (viewer)—must have the software installed, and the client has to share a secret authentication code with the person he wants to share his desktop.

However, a GitHub user named “Gellin” has disclosed a vulnerability in TeamViewer that could allow the client (sharing its desktop session) to gain control of the viewer’s computer without permission.

TeamViewer Hack Could Be Used By Anyone—Server Or Client

Gellin has also published a proof-of-concept (PoC) code, which is an injectable C++ DLL, which leverages “naked inline hooking and direct memory modification to change TeamViewer permissions.”

The injectable C++ DLL (hack) can be used by both, the client and the server, which results as mentioned below:

If exploited by the Server—the hack allows viewers to enable “switch sides” feature, which is only active after the server authenticated control with the client, eventually allowing the server to initiate a change of control/sides.


If exploited by the Client—the hack allows the client to take control of the mouse and keyboard of the server “with disregard to servers current control settings and permissions.”


This vulnerability impacts TeamViewer versions running on Windows, macOS as well as Linux machines.

A Reddit user “xpl0yt,” who first publicized this vulnerability, claimed to have been in contact with the TeamViewer security team, who confirmed him the existence of the vulnerability in its software and released a patch for Windows.

A TeamViewer spokesperson told The Hacker News, “We are patching versions 11-13. Windows is already available, whereas MacOS and Linux are expected later today.”

TeamViewer users are recommended to install the patched versions of the software as soon as they become available. Patches will be delivered automatically to those users who have configured their TeamViewer software to receive automatic updates.

Google to Block Third-Party Software from Injecting Code into Chrome Browser


To improve performance and reduce crashes caused by third-party software on Windows, Google Chrome, by mid-2018, will no longer allow outside applications to run code within its web browser.

If you are unaware, many third-party applications, like accessibility or antivirus software, inject code into your web browser for gaining more control over your online activities in order to offer some additional features and function properly.

However, Google notes that over 15 percent of Chrome users running third-party applications on their Windows machines that inject code into their web browsers experience crashes—and trust me it’s really annoying.

But don’t you worry. Google now has a solution to this issue.

In a blog post published Thursday on Chromium Blog, Google announced its plan to block third-party software from injecting code into Chrome—and these changes will take place in three steps:

  1. April 2018 — With the release of Chrome 66, Google will begin informing users if code injection causes their browsers to crash, alerting them with the name of the responsible application and a guide to update or remove it.
  2. July 2018 — Chrome 68 will start blocking third-party software from injecting code into Chrome processes. But if this blocking prevents Chrome from starting, the browser will restart and allow the injection. But it will also display a warning for guiding users to remove that particular software.
  3. January 2019 — With no exception, starting with Chrome 72, Google will completely block code injection by any third-party software.

However, there will be some exceptions. Google Chrome will continue to allow Microsoft-signed code, accessibility software, and IME software to inject code into your browsers.

Today’s blog post is an advance notification for all developers out there, whose applications rely on code injection to function properly, forcing them to use either Native Messaging API calls or Chrome extensions to add functionality to the web browser.

“With Chrome extensions and Native Messaging, there are now modern alternatives to running code inside of Chrome processes,” Google said.

According to Google, both methods can be used by developers to retain their app features without having to risk browser crashes.

“Fewer crashes mean more happy users, and we look forward to continuing to make Chrome better for everyone,” Google said while summing up its blog post.

So, companies have almost 13 months to remove the code injecting bits from their software. Google is encouraging developers to use Chrome Beta channel and test their code, though these changes will more likely take effect in the Dev or Canary channels even sooner.

Now, what you are waiting for? Get ready to start rewriting your code.

Dangerous Malware Allows Anyone to Empty ATMs—And It’s On Sale!

ATM Malware

Hacking ATM is now easier than ever before.

Usually, hackers exploit hardware and software vulnerabilities to hack ATMs and force them to spit out cash, but now anyone can simply buy a malware to steal millions in cash from ATMs.

Hackers are selling ready-made ATM malware on an underground hacking forum that anybody can simply buy for around $5000, researchers at Kaspersky Lab discovered after spotting a forum post advertising the malware, dubbed Cutlet Maker.

The forum post provides a brief description and a detailed manual for the malware toolkit designed to target various ATMs models with the help of a vendor API, without interacting with ATM users and their data.

Therefore, this malware does not affect bank customers directly; instead, it is intended to trick the bank ATMs from a specific vendor to release cash without authorisation.

The manual also mentions an infamous piece of ATM malware, dubbed Tyupkin, which was first analysed in 2014 by Kaspersky Lab and used by an international cybercrime gang to conduct Jackpotting attack and make Millions by infecting ATMs across Europe and beyond.

The list of crimeware contains in the toolkit includes:

  • Cutlet Maker—ATM malware which is the primary element of the toolkit
  • Stimulator—an application to gather cash cassette statuses of a targeted ATM
  • c0decalc—a simple terminal-based application to generate a password for the malware.

According to Kaspersky researchers, the functionality of the Cutlet Maker malware suggests that two people are supposed to be involved in the ATM money theft—the roles are called “drop” and “drop master.”

ATM Malware
ATM Malware

“Access to the dispense mechanism of CUTLET MAKER is password protected. Though there could be just one person with the c0decalc application needed to generate a password,” the researchers say.

“Either network or physical access to an ATM is required to enter the code in the application text area and also to interact with the user interface.”

In order to operate, the application needs a special library, which is part of a proprietary ATM API and controls the cash dispenser unit—this shows how cyber “criminals are using legitimate proprietary libraries and a small piece of code to dispense money from an ATM.”

The price of this ATM malware toolkit was $5000 at the time of Kaspersky’s research.

The advertisement of this Cutlet Maker ATM malware was initially published on the AlphaBay Darknet marketplace, which was recently taken down by the FBI.

Powered by WPeMatico

Millions of Up-to-Date Apple Macs Remain Vulnerable to EFI Firmware Hacks


Always keep your operating system and software up-to-date.”

This is one of the most popular and critical advice that every security expert strongly suggests you to follow to prevent yourself from major cyber attacks.

However, even if you attempt to install every damn software update that lands to your system, there is a good chance of your computer remaining outdated and vulnerable.

Researchers from security firm Duo Labs analysed over 73,000 Macs systems and discovered that a surprising number of Apple Mac computers either fails to install patches for EFI firmware vulnerabilities or doesn’t receive any update at all.

Apple uses Intel-designed Extensible Firmware Interface (EFI) for Mac computers that work at a lower level than a computer’s OS and hypervisors—and controls the boot process.

EFI runs before macOS boots up and has higher-level privileges that, if exploited by attackers, could allow EFI malware to control everything without being detected.

“In addition to the ability to circumvent higher level security controls, attacking EFI also makes the adversary very stealthy and hard to detect (it’s hard to trust the OS to tell you the truth about the state of the EFI); it also makes the adversary very difficult to remove—installing a new OS or even replacing the hard disk entirely is not enough to dislodge them,” Duo researchers say.

What’s worse? In addition to neglecting to push out EFI updates to some systems, Apple does not even warn its users of the failed EFI update process or technical glitch, leaving millions of Macs users vulnerable to sophisticated and advanced persistent cyber attacks.

On average, Duo said 4.2% of 73,324 real-world Macs used in the enterprise environments were found running a different EFI firmware version they should not be running—based on the hardware model, the operating system version, and the EFI version released with that OS.

You will be surprised by knowing the numbers for some specific Mac models—43% of the analysed iMac models (21.5″ of late 2015) were running outdated, insecure firmware, and at least 16 Mac models had never received any EFI firmware updates when Mac OS X 10.10 and 10.12.6 was available.

“For the main EFI vulnerabilities that were acknowledged by Apple and patched during the time of our analysis, there were surprising numbers of models of Macs that received no update to their EFI despite continuing to receive software security updates,” Duo researchers say.

“Even if you’re running the most recent version of macOS and have installed the latest patches that have been released, our data shows there is a non-trivial chance that the EFI firmware you’re running might not be the most up-to-date version,”

Duo also found 47 models that were running 10.12, 10.11, 10.10 versions of macOS and did not receive the EFI firmware update with patches to address the known vulnerability, Thunderstrike 1.


While 31 models did not get the EFI firmware patch addressing the remote version of the same flaw, Thunderstrike 2.

The Thunderstrike attacks, initially developed by the National Security Agency (NSA), were also exposed in the WikiLeaks Vault 7 data dumps, which also mentioned the attack relies on the outdated firmware.

More details on the vulnerable Mac models can be found in the Duo Labs research report.

According to the researchers, their research was focused on the Mac ecosystem as Apple is in a somewhat unique position of controlling the full stack, but it can be widely deployed.

“However, we are of the belief that the main issues we have discovered are generally relevant across all vendors tasked with securing EFI firmware and are not solely Apple,” the researchers said.

Enterprises with a large number of Mac computers should review their models outlined in the Duo Labs whitepaper, “The Apple of Your EFI: Findings From an Empirical Study of EFI Security,” to see if their models are out-of-date.

Mac users and administrators can also check if they are running the latest version of EFI for their systems by using free open-source tool EFIgy, which will soon be made available by the company.

Powered by WPeMatico

Using LabVIEW? Unpatched Flaw Allows Hackers to Hijack Your Computer


If you’re an engineer and use LabVIEW software to design machines or industrial equipments, you should be very suspicious while opening any VI (virtual instrument) file.

LabVIEW, developed by American company National Instruments, is a visual programming language and powerful system-design tool that is being used worldwide in hundreds of fields and provides engineers with a simple environment to build measurement or control systems

Security researchers from Cisco’s Talos Security Intelligence have discovered a critical vulnerability in LabVIEW software that could allow attackers to execute malicious code on a target computer, giving them full control of the system.

Identified as CVE-2017-2779, the code execution vulnerability could be triggered by opening a specially crafted VI file, a proprietary file format used by LabVIEW.

The vulnerability originates because of memory corruption issue in the RSRC segment parsing functionality of LabVIEW.

Modulating the values within the RSRC segment of a VI file causes a controlled looping condition, which results in an arbitrary null write.

“A specially crafted LabVIEW virtual instrument file (with the *.vi extension) can cause an attacker controlled looping condition resulting in an arbitrary null write,” Talos researchers explain

“An attacker controlled VI file can be used to trigger this vulnerability and can potentially result in code execution.”

Talos researchers have successfully tested the vulnerability on LabVIEW 2016 version 16.0, but National Instruments has refused to consider this issue as a vulnerability in their product and had no plans to release any patch to address the flaw.

However, the issue should not be ignored, because the threat vector is almost similar to many previously disclosed Microsoft Office vulnerabilities, in which victims got compromised after opening malicious MS Word file received via an email or downloaded from the Internet.

“The consequences of a successful compromise of a system that interacts with the physical world, such as a data acquisition and control systems, may be critical to safety,” the researchers write. 

“Organisations that deploy such systems, even as pilot projects, should be aware of the risk posed by vulnerabilities such as these and adequately protect systems.”

Since there is no patch available, the LabVIEW users are left with only one option—be very careful while opening any VI file you receive via an email.

For more technical details about the vulnerability, you can head on to Cisco Talos’ advisory.

Powered by WPeMatico