Jump to content
Search In
  • More options...
Find results that contain...
Find results in...
  • Security

    15 blog articles in this category

      Security flaw in Sudo - Heap-Based Buffer Overflow allow root access

      A new security flaw has been identified in the sudo software. Sudo, which is installed by default in many operating systems, is by default setuid root. This means that any shortcomings can lead to local users being able to obtain root permissions.
      Over the years, sudo has also become larger and more features have been added. This has i.a. led to OpenBSD now having an option called doas.
      Yesterday, the American security company Qualys reported that they had identified a vulnerability in sudo (CVE-2021-3156). The vulnerability allows a local user to exploit a heap vulnerability and thus become rooted. The bug has been around since 2011 and is found in the standard configuration. It is important to point out that it is included in the standard configuration, as many vulnerabilities discovered in sudo require special configurations.
      The vulnerability is found in the set_cmnd () function and can be most easily triggered by using sudoedit and the following command:
      sudoedit -s '\' `perl -e 'print "A" x 65536'` And if you are vulnerable, you get a segfault. Please note that you need a local account but not a member of sudoers or similar. And that not all installations have sudoedit, such as macOS.
      Video from Qualys showing vulnerability:

      Logokit Phishing Kit allow near instant websites using JavaScript

      A new report from the security company RiskIQ inform of a new phishing kit that use JavaScript to manipulate the DOM, which allows for the script to dynamically alter the visible content and HTML form data within a page without user interaction.  This Phishing kit,  called LogoKit has seen a significant upswing in usage over the last month.
      Phishing has been on the rise lately, following the increased usage of data communication in the wake of COVID-19. This new phishing kit seem to have attracted attention lately due to its flexibility and very fast application compared to building websites manually  as is the common practice.
      This is both interesting and scary as it allows for very fast and dynamic application for bad elements and since it looks quite real and have your email already filled in, chances are that a lot of people will fall for this. Fortunately you often can see in the URL that something is not right. In LogoKit you can often see your email in the url, which look something like this:
      phishingpage[.]site/login.html#victim@company.com Sadly this is not a sure way to detect  phishing attack as there are other ways to forward data, but if you see this then at least you know to look at the page you entered a bit more carefully.
      LogoKit has seen a big increase in usage in the last month with over 700 unique domains running it. Targeted services range from generic login portals to false SharePoint portals, Adobe Document Cloud, OneDrive, Office 365, and interestingly enough Cryptocurrency exchanges. So be alert (as always) when accessing your external cloud services and portals.
      RiskIQ have concluded that this is a threat on the rise due to it's simplicity and ease of use.

      Ubiquiti hacked - the extent of the breach is still unclear

      Yesterday I received an email that the American company Ubiquiti has been hacked. Ubiquiti is i.a. one of the world's largest manufacturers of base devices for WiFi communication. The email contains relatively little information because the company states that they do not know the extent yet.
      Although it has been a long time since I myself used Ubiquiti's cloud service, I assume that it is entirely possible to gain access to the local network via Ubiquiti's central service, hence this is extra serious. I can also imagine that DNS can be reconfigured, firmware can be changed, etc.
      What appears in the email is that the username, hashed password, address and telephone number may have been leaked. It also appears that this is a third-party supplier where the leak must have taken place.
      The mailing has also been confirmed by Ubiquiti themselves, see forum thread here (via the Security Bubble). The mailing went via Mailchimp and used i.a. tracking links, which made it initially difficult to determine the authenticity of the email.

      Sweden stregthen their security - by establishing a national security center

      Sweden is setting up a national security center. This was decided on December 10th by the government to commission Försvarets radioanstalt, Försvars­makten, Myndig­heten för samhälls­skydd och beredskap and Säkerhets­polisen to establish a national cyber security center. The purpose is to strengthen Sweden's overall ability to prevent, detect and manage cyber threats.
      The government writes that the cyber threats against Sweden and Swedish interests are extensive. With technology development and digitalization, the threats and vulnerabilities increase, which means that security needs to be strengthened. The national cyber security center will contribute to making Sweden safer by increasing the overall ability to meet cyber threats and effectively support both public and private actors. This will contribute to strengthening security in society as a whole, the government believes.
      Within the framework of the cyber security center, the authorities shall:
      Coordinate work to prevent, detect and manage cyber attacks and other IT incidents. Provide advice and support regarding threats, vulnerabilities and risks. Provide a national platform for collaboration and information exchange with private and public actors in the field of cyber security. In total, the government estimates an investment of SEK 440 million in the cyber security center up to and including 2025.
      2021 - 50 million SEK 2022 - 60 million SEK 2023 - 60 million SEK 2024 - 120 million SEK 2025 - 150 million SEK  

      Vulnerabilities in SAP Products Could compromise systems and it's data

      Multiple vulnerabilities have been reported in SAP products where things like cross-site scripting (xss) and server side request forgery open up access points through which a hacker can compromise the systems and it's data. These vulnerabilities have been patched in SAP Security Patch Day – July 2020 and it is strongly advised to make that update as soon as possible.
      Multiple Vulnerabilities in SAP NetWeaver AS JAVA (LM Configuration Wizard) (CVE-2020-6286). Security updates for the browser control Google Chromium delivered with SAP Business Client Information Disclosure in SAP NetWeaver (XMLToolkit for Java) (CVE-2020-6285). Multiple vulnerabilities in SAP Disclosure Management (CVE-2020-6267). Cross-Site Scripting (XSS) vulnerability in SAP Business Objects Business Intelligence Platform(BI Launch pad) (CVE-2020-6281). Cross-Site Scripting (XSS) vulnerability in SAP Business Objects Business Intelligence Platform(Bipodata) (CVE-2020-6276). Server-Side Request Forgery in SAP NetWeaver AS JAVA (IIOP service) (CVE-2020-6282). Cross-Site Scripting (XSS) vulnerability in SAP Business Objects Business Intelligence Platform (BI Launchpad and CMC) (CVE-2020-6278). Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface) (CVE-2020-6222). Information Disclosure in SAP NetWeaver (ABAP Server) and ABAP Platform (CVE-2020-6280).
  • Create New...