Books & Papers Security Vulnerabilities

Pandora FMS Community Multiple Vulnerabilities

Advisory Information Title: Pandora FMS Community Multiple Vulnerabilities Advisory ID: CORE-2020-0010 Advisory URL: www.coresecurity.com/core-labs/advisories/pandora-fms-community-multiple-vulnerabilities Date published: 2020-06-09 Date of last update: 2020-06-09 Vendors contacted: Ártica ST...

Hybrid DDoS Protection is Like a Faulty Airbag

We know that some businesses are the target of constant DDoS attacks, while others face attacks less frequently. If your company falls on the side of less-frequent attacks or having never been attacked at all, you might be wondering, “does the threat still exist?” And “does it exist to the level...

Password Changing After a Breach

This study shows that most people don't change their passwords after a breach, and if they do they change it to a weaker password. Abstract: To protect against misuse of passwords compromised in a breach, consumers should promptly change affected passwords and any similar passwords on other...

Pydio Cells 2.0.4 Multiple Vulnerabilities

Advisory Information Title: Pydio Cells 2.04 Multiple Vulnerabilities Advisory ID: CORE-2020-0007 Advisory URL: https://www.coresecurity.com/core-labs/advisories/pydio-cells-204-multiple-vulnerabilities Date published: 2020-05-28 Date of last update: 2020-05-28 Vendors contacted: Pydio Release...

CipherMail Multiple Vulnerabilities

Advisory Information Title: CipherMail Email Encryption Gateway Community Virtual Appliance Multiple Vulnerabilities Advisory ID: CORE-2020-0008 Advisory URL: https://www.coresecurity.com/core-labs/advisories/ciphermail-multiple-vulnerabilities Date published: 2020-05-28 Date of last update:...

Iranian APT Group Targets Governments in Kuwait and Saudi Arabia

Today, cybersecurity researchers shed light on an Iranian cyber espionage campaign directed against critical infrastructures in Kuwait and Saudi Arabia. Bitdefender said the intelligence-gathering operations were conducted by Chafer APT (also known as APT39 or Remix Kitten), a threat actor known...

Paying Ransomware Crooks Doubles Clean-up Costs, Report

New research bolsters the often ignored advice to organizations not to pay a ransomware demanded by attackers. The report found paying a ransom to unlock systems can actually cost companies more financially than recovering data themselves in the long run. Research conducted by Vanson Bourne and...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Microsoft

CVE-2009-0229-PoC PoC for CVE-2009-0229 "Print Spooler Read...

Open Redirect in OpenCart

Advisory Information Title: Open Redirect in OpenCart Advisory ID: CORE-2020-0006 Advisory URL: https://www.coresecurity.com/advisories/open-redirect-opencart Date published: 2020-05-04 Date of last update: 2020-05-04 Vendors contacted: OpenCart Release mode: Forced release 2. Vulnerability...

Open-AudIT Multiple Vulnerabilities

Advisory Information Title: Open-AudIT Multiple Vulnerabilities Advisory ID: CORE-2020-0009 Advisory URL: https://www.coresecurity.com/advisories/open-audit-multiple-vulnerabilities Date published: 2020-04-27 Date of last update: 2020-04-24 Vendors contacted: Opmantek Release mode: Coordinated...

Mass surveillance alone will not save us from coronavirus

As the pattern-shattering truth of our new lives drains heavy—as coronavirus rends routines, raids our wellbeing, and whiplashes us between anxiety and fear—we should not look to mass digital surveillance to bring us back to normal. Already, governments have cast vast digital nets. South Koreans...

MS15-046: Description of the security update for Word 2013: May 12, 2015

Describes an update that resolves vulnerabilities in Microsoft Office that could allow remote code execution when an Office file that is located in the same network directory as a specially crafted library file is opened.IntroductionThis update resolves vulnerabilities in Microsoft Office that...

Privilege Escalation

kdelibs is vulnerable to privilege escalation. The vulnerability exists as a flaw was found in the way Konqueror handled certain FTP PASV commands. A malicious FTP server could use this flaw to perform a rudimentary port-scan of machines behind a user's...

Cross-Site Request Forgery (CSRF)

firefox is vulnerable to cross-site request forgery (CSRF). A flaw was found in the way Firefox handled certain FTP PASV commands. A malicious FTP server could use this flaw to perform a rudimentary port-scan of machines behind a user's...

Bypass Logging Mechanism

MySQL is vulnerable to Bypass Logging mechanism.It allowed local authenticated users to bypass logging mechanisms via SQL queries that contain the NULL character, which were not properly handled by the mysql_real_query...

When You Should Blog and When You Should Tweet

I saw my like-minded, friend-that-I've-never-met Andrew Thompson Tweet a poll, posted above. I was about to reply with the following Tweet: "If I'm struggling to figure out how to capture a thought in just 1 Tweet, that's a sign that a blog post might be appropriate. I only use a thread, and...

Hacking Voice Assistants with Ultrasonic Waves

I previously wrote about hacking voice assistants with lasers. Turns you can do much the same thing with ultrasonic waves: Voice assistants -- the demo targeted Siri, Google Assistant, and Bixby -- are designed to respond when they detect the owner's voice after noticing a trigger phrase such as...

Machine learning classifiers trained via gradient descent are vulnerable to arbitrary misclassification attack

Overview Machine learning models trained using gradient descent can be forced to make arbitrary misclassifications by an attacker that can influence the items to be classified. The impact of a misclassification varies widely depending on the ML model's purpose and of what systems it is a part....

LogicalDoc Virtual Appliance Multiple Vulnerabilities

Advisory Information Title: LogicalDoc Virtual Appliance Multiple Vulnerabilities Advisory ID: CORE-2019-004 Advisory URL: http://www.coresecurity.com/advisories/logicaldoc-virtual-appliance-multiple-vulnerabilities Date published: 2020-03-18 Date of last update: 2020-03-17 Vendors contacted:...

LogicalDoc Virtual Appliance Multiple Vulnerabilities

Advisory Information Title: LogicalDoc Virtual Appliance Multiple Vulnerabilities Advisory ID: CORE-2020-004 Date published: 2020-03-18 Date of last update: 2020-03-17 Vendors contacted: LogicalDoc Release mode: Coordinated release 2. Vulnerability Information Class: Unrestricted Upload of File...

CVE-2019-11184

A flaw has been discovered in which an attacker can infer SSH keystrokes when after a victim connects to a compromised host. The attacker must compromise a server that the victim is connecting to and be able to groom the CPU cache on the system prior to or while a connection is in progress. The...

Phishing Attack Skirts Detection With YouTube

Researchers are warning of an increase in phishing emails that use YouTube redirect links, which help attackers skirt traditional defense measures. If certain malicious URLs are blocked by web browser phishing filters, attackers commonly use a redirector URL to bypass these filters and redirect...

Phishing Attack Skirts Detection With YouTube

Researchers are warning of an increase in phishing emails that use YouTube redirect links, which help attackers skirt traditional defense measures. If certain malicious URLs are blocked by web browser phishing filters, attackers commonly use a redirector URL to bypass these filters and redirect...

CVE-2020-10255

Modern DRAM chips (DDR4 and LPDDR4 after 2015) are affected by a vulnerability in deployment of internal mitigations against RowHammer attacks known as Target Row Refresh (TRR), aka the TRRespass issue. To exploit this vulnerability, the attacker needs to create certain access patterns to trigger.....

CVE-2020-10255

Modern DRAM chips (DDR4 and LPDDR4 after 2015) are affected by a vulnerability in deployment of internal mitigations against RowHammer attacks known as Target Row Refresh (TRR), aka the TRRespass issue. To exploit this vulnerability, the attacker needs to create certain access patterns to trigger.....

Privilege escalation

Modern DRAM chips (DDR4 and LPDDR4 after 2015) are affected by a vulnerability in deployment of internal mitigations against RowHammer attacks known as Target Row Refresh (TRR), aka the TRRespass issue. To exploit this vulnerability, the attacker needs to create certain access patterns to trigger.....

CVE-2020-10255

Modern DRAM chips (DDR4 and LPDDR4 after 2015) are affected by a vulnerability in deployment of internal mitigations against RowHammer attacks known as Target Row Refresh (TRR), aka the TRRespass issue. To exploit this vulnerability, the attacker needs to create certain access patterns to trigger.....

CVE-2020-10255

A Rowhammer flaw was found in latest DDR4 DRAM hardware chips. These chips implement Target Row Refresh (TRR) mitigation to prevent a Rowhammer flaw-induced bit corruption across memory space. An unprivileged system user may leverage this flaw and use Rowhammer attack variants to induce bit...

Spear-Phishing Attack Lures Victims With 'HIV Results'

Recently discovered spear-phishing emails are using a unique “scare-factor” lure to convince victims to open attached malicious Microsoft Excel documents: Their HIV test results. Researchers are warning of a recent campaign involving emails claiming to come from Vanderbilt University Medical...

Spear-Phishing Attack Lures Victims With 'HIV Results'

Recently discovered spear-phishing emails are using a unique “scare-factor” lure to convince victims to open attached malicious Microsoft Excel documents: Their HIV test results. Researchers are warning of a recent campaign involving emails claiming to come from Vanderbilt University Medical...

Google Chrome 67, 68 and 69 - Object.create Type Confusion (Metasploit)

...

Google Chrome 67 / 68 / 69 Object.create Type Confusion Exploit

...

Google Chrome 67 / 68 / 69 Object.create Type Confusion

...

GWTUpload XSS in the File Upload Functionality

Advisory Information Title: GWTUpload XSS in the file upload functionality Advisory ID: CORE-2020-0003 Date published: 2020-03-04 Date of last update: 2020-03-04 Vendors contacted: Manuel Carrasco Moñino (https://github.com/manolo/gwtupload) Release mode: Forced release 2. Vulnerability...

Hackers Can Use Ultrasonic Waves to Secretly Control Voice Assistant Devices

Researchers have discovered a new means to target voice-controlled devices by propagating ultrasonic waves through solid materials in order to interact with and compromise them using inaudible voice commands without the victims' knowledge. Called "SurfingAttack," the attack leverages the unique...

RSAC 2020: Lack of Machine Learning Laws Open Doors To Attacks

SAN FRANCISCO – As companies quickly adopt machine learning systems, cybercriminals are close behind scheming to compromise them. That worries legal experts who say a lack of laws swing open the door for bad guys to attack systems. During a panel session at RSA Conference 2020 this week, Cristin...

Introduction and Application of Model Hacking

ARCHIVED STORY Introduction and Application of Model Hacking By Steve Povolny · Febraury 19, 2020 Catherine Huang, Ph.D., and Shivangee Trivedi contributed to this blog. The term “Adversarial Machine Learning” (AML) is a mouthful! The term describes a research field regarding the study and design.....

Introduction and Application of Model Hacking

ARCHIVED STORY Introduction and Application of Model Hacking By Steve Povolny · Febraury 19, 2020 Catherine Huang, Ph.D., and Shivangee Trivedi contributed to this blog. The term “Adversarial Machine Learning” (AML) is a mouthful! The term describes a research field regarding the study and design.....

Model Hacking ADAS to Pave Safer Roads for Autonomous Vehicles

ARCHIVED STORY Model Hacking ADAS to Pave Safer Roads for Autonomous Vehicles Steve Povolny · FEB 19, 2020 The last several years have been fascinating for those of us who have been eagerly observing the steady move towards autonomous driving. While semi-autonomous vehicles have existed for many...

Model Hacking ADAS to Pave Safer Roads for Autonomous Vehicles

ARCHIVED STORY Model Hacking ADAS to Pave Safer Roads for Autonomous Vehicles Steve Povolny · FEB 19, 2020 The last several years have been fascinating for those of us who have been eagerly observing the steady move towards autonomous driving. While semi-autonomous vehicles have existed for many...

Viper RGB Driver Multiple Vulnerabilities

Advisory Information Title: Viper RGB Driver Multiple Vulnerabilities Advisory ID: CORE-2020-0001 Advisory URL: https://www.coresecurity.com/core-labs/advisories/viper-rgb-driver-multiple-vulnerabilities Date published: 2020-02-17 Date of last update: 2020-02-14 Vendors contacted: Patriot...

Google Chrome 67, 68 and 69 Object.create exploit

This modules exploits a type confusion in Google Chromes JIT compiler. The Object.create operation can be used to cause a type confusion between a PropertyArray and a NameDictionary. The payload is executed within the rwx region of the sandboxed renderer process. This module can target the...

CVE-2019-20451

The HTTP API in Prismview System 9 11.10.17.00 and Prismview Player 11 13.09.1100 allows remote code execution by uploading RebootSystem.lnk and requesting /REBOOTSYSTEM or /RESTARTVNC. (Authentication is required but an XML file containing credentials can be...

CVE-2019-20451

The HTTP API in Prismview System 9 11.10.17.00 and Prismview Player 11 13.09.1100 allows remote code execution by uploading RebootSystem.lnk and requesting /REBOOTSYSTEM or /RESTARTVNC. (Authentication is required but an XML file containing credentials can be...

Remote code execution

The HTTP API in Prismview System 9 11.10.17.00 and Prismview Player 11 13.09.1100 allows remote code execution by uploading RebootSystem.lnk and requesting /REBOOTSYSTEM or /RESTARTVNC. (Authentication is required but an XML file containing credentials can be...

CVE-2019-20451

The HTTP API in Prismview System 9 11.10.17.00 and Prismview Player 11 13.09.1100 allows remote code execution by uploading RebootSystem.lnk and requesting /REBOOTSYSTEM or /RESTARTVNC. (Authentication is required but an XML file containing credentials can be...

CVE-2013-3096

D-Link DIR865L v1.03 suffers from an "Unauthenticated Hardware Linking"...

CVE-2013-3096

D-Link DIR865L v1.03 suffers from an "Unauthenticated Hardware Linking"...

CVE-2013-3067

Linksys WRT310Nv2 2.0.0.1 is vulnerable to...

CVE-2013-3091

An Authentication Bypass vulnerability in Belkin N300 (F7D7301v1) router allows remote attackers to bypass authentication using "Javascript...