Tony Zeoli, Tony Hayes Security Vulnerabilities

Security Advisory - Use-after-free Vulnerability in Android Kernel

There is a use-after-free vulnerability in binder.c of Android kernel. Successful exploitation may cause the attacker elevate the privilege. (Vulnerability ID: HWPSIRT-2019-10100) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2019-2215. Huawei has...

Symantec SONAR Security Bypass

SUMMARY Symantec has released an update to address an issue that was discovered in the Symantec SONAR component. AFFECTED PRODUCTS Component: SONAR Engine CVE | Affected Version(s) | Remediation CVE-2019-12752 | Prior to 12.0.2 | Upgrade to 12.0.2 (Note: Live updatable; no action required...

Sophisticated Spy Kit Targets Russians with Rare GSM Plugin

A sophisticated cyberespionage platform called Attor has come to light, sporting an unusual capability for fingerprinting mobile devices as part of its attacks on government and diplomatic victims. According to researchers at ESET, Attor, which has flown under the radar since at least 2013, also...

Help, my accounts have been hacked! What should I do?

I run staff security awareness sessions for a huge variety of organisations. Regardless of where I am the most common question I get asked is “How do I recover from being hacked at home?”. For businesses, we have some simple advice, but what about everybody else? A client contacted me. One of...

Security Advisory - Race Condition Vulnerability on Several Smartphones

There is a race condition vulnerability on certain detection module of smartphone. The system does not lock certain function properly, when the function is called by multiple processes could cause out of bound write. An attacker tricks the user into installing a malicious application, successful...

Security Advisory - Key Negotiation of Bluetooth (KNOB) Vulnerability

The KNOB (Key Negotiation of Bluetooth) vulnerability exists in the encryption key negotiation process between two Bluetooth BR/EDR devices. The negotiation process is not encrypted and no authentication is performed. An unauthenticated, adjacent attacker can initiate a man-in-the-middle attack to....

Security Advisory - Null Pointer Reference Vulnerability in Some Huawei Smart Phones

There is a null pointer reference vulnerability in some Huawei smart phones. An attacker crafts specific packets and sends to the affected product to exploit this vulnerability. Successful exploitation may cause the affected phone abnormal. (Vulnerability ID: HWPSIRT-2019-05097) This vulnerability....

kernel security, bug fix, and enhancement update

[4.18.0-80.7.1_0.OL8] Oracle Linux certificates (Alexey Petrenko) Oracle Linux RHCK Module Signing Key was added to the kernel trusted keys list (olkmod_signing_key.pem) [Orabug: 29539237] Update x509.genkey [Orabug: 24817676] [4.18.0-80.7.1_0] [x86] Update stepping values for Whiskey Lake U/Y...

Fake News and Influence: Information Warfare in the Digital Age

It’s 2019 and we live in a world where understanding what is real and what is fake can be challenging. For the security community, we increasingly deal with information warfare adversaries that rely on that fact; and, operating at internet scale, are capable of causing plenty of havoc....

CVE-2019-9506

The Bluetooth BR/EDR specification up to and including version 5.1 permits sufficiently low encryption key length and does not prevent an attacker from influencing the key length negotiation. This allows practical brute-force attacks (aka "KNOB") that can decrypt traffic and inject arbitrary...

Two Denial of Service Vulnerabilities on Some Huawei Smartphones

There are two denial of service vulnerabilities on some Huawei smartphones. An attacker may send specially crafted TD-SCDMA messages from a rogue base station to the affected devices. Due to insufficient input validation of two values when parsing the messages, successful exploit may cause an...

kernel security, bug fix, and enhancement update

[3.10.0-1062.OL7] - Oracle Linux certificates (Alexey Petrenko) - Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)([email protected]) - Update x509.genkey [Orabug: 24817676] [3.10.0-1062] - [fs] revert 'xfs: disable copy_file_range() to avoid broken.....

kernel security, bug fix, and enhancement update

[3.10.0-957.27.2.OL7] - Oracle Linux certificates (Alexey Petrenko) - Oracle Linux RHCK Module Signing Key was compiled into kernel (olkmod_signing_key.x509)([email protected]) - Update x509.genkey [bug 24817676] [3.10.0-957.27.2] - [x86] hyper-v: fix hyperv.h UAPI header (Vitaly...

CVE-2019-5222

There is an information disclosure vulnerability on Secure Input of certain Huawei smartphones in Versions earlier than Tony-AL00B 9.1.0.216(C00E214R2P1). The Secure Input does not properly limit certain system privilege. An attacker tricks the user to install a malicious application and...

CVE-2019-5222

There is an information disclosure vulnerability on Secure Input of certain Huawei smartphones in Versions earlier than Tony-AL00B 9.1.0.216(C00E214R2P1). The Secure Input does not properly limit certain system privilege. An attacker tricks the user to install a malicious application and...

Information disclosure

There is an information disclosure vulnerability on Secure Input of certain Huawei smartphones in Versions earlier than Tony-AL00B 9.1.0.216(C00E214R2P1). The Secure Input does not properly limit certain system privilege. An attacker tricks the user to install a malicious application and...

CVE-2019-5222

There is an information disclosure vulnerability on Secure Input of certain Huawei smartphones in Versions earlier than Tony-AL00B 9.1.0.216(C00E214R2P1). The Secure Input does not properly limit certain system privilege. An attacker tricks the user to install a malicious application and...

Security Advisory - Information Disclosure Vulnerability on Secure Input

There is an information disclosure vulnerability on Secure Input of certain Huawei smartphones. The Secure Input does not properly limit certain system privilege, an attacker tricks the user to install a malicious application, successful exploit could result in information disclosure....

Why Cities Are a Low-Hanging Fruit For Ransomware

Ransomware attacks against local governments and cities are repeatedly making headlines, with crippling results on city operations and budgets. Last month, the Florida city of Riviera Beach paid hackers $600,000 after being hit by a ransomware attack that downed its computer systems for three...

CVE-2019-5220

There is a Factory Reset Protection (FRP) bypass vulnerability on several smartphones. The system does not sufficiently verify the permission, an attacker could do a certain operation on certain step of setup wizard. Successful exploit could allow the attacker bypass the FRP protection. Affected...

CVE-2019-5220

There is a Factory Reset Protection (FRP) bypass vulnerability on several smartphones. The system does not sufficiently verify the permission, an attacker could do a certain operation on certain step of setup wizard. Successful exploit could allow the attacker bypass the FRP protection. Affected...

Design/Logic Flaw

There is a Factory Reset Protection (FRP) bypass vulnerability on several smartphones. The system does not sufficiently verify the permission, an attacker could do a certain operation on certain step of setup wizard. Successful exploit could allow the attacker bypass the FRP protection. Affected...

CVE-2019-5220

There is a Factory Reset Protection (FRP) bypass vulnerability on several smartphones. The system does not sufficiently verify the permission, an attacker could do a certain operation on certain step of setup wizard. Successful exploit could allow the attacker bypass the FRP protection. Affected...

Finding Beauty in the IT Architecture

I have a confession to make. I’m a sucker for good architecture. Visiting places like Singapore, London, Rome, Buenos Aires, and New York City, I quickly find myself gravitating towards beautiful archways, spires, and even the voids used in designing some of the world’s most amazing buildings. I...

Security Advisory - FRP Bypass Vulnerability on Several Smartphones

There is a Factory Reset Protection (FRP) bypass vulnerability on several smartphones. The system does not sufficiently verify the permission, an attacker could do a certain operation on certain step of setup wizard. Successful exploit could allow the attacker bypass the FRP protection....

Unbreakable Enterprise kernel security update

[4.14.35-1902.2.0] - mm: account managed pages to correct zone during deferred page init (Daniel Jordan) [Orabug: 29914836] [4.14.35-1902.1.5] - CVE numbers for build v4.14.35-1902.1.3 and fixup (Jack Vogel) [Orabug: 29890784] [Orabug: 29884301] [Orabug: 29884301] {CVE-2019-11477}...

Smart-TV Bug Allows Rogue Broadcasts

An unpatched vulnerability in smart TVs would allow attackers on the same Wi-Fi network to hijack the TV set to broadcast their own content – including, potentially, fake emergency broadcast messages. Discovered by security researcher Dhiraj Mishra, the flaw (CVE-2019-12477) is found in the SUPRA.....

Don’t get burnt on pay day. How to buy IoT gadgets sensibly

As it’s the end of the month, and pay day for many, I thought some timely advice would be helpful for people itching to spend their money on IoT gadgets. It’s not all bad. While many manufacturers happily continue to fill shelves with dross, we know plenty of responsible companies whose products...

Sharing Threat Intelligence: Time for an Overhaul

Most organizations don’t really have a good way of sharing threat-related data outside of their own industry verticals. Sure, there are Information Sharing and Analysis Centers (ISACs); i.e. FS-ISACs for the financial-services industry. But the information still tends to stay in industry-specific.....

Salesforce Woes Linger as Admins Clean Up After Service Outage

After a massive service outage on Friday, software-as-a-service giant Salesforce restored partial access to its affected customers over the weekend, while admins continued with cleanup into Monday. The outage was brought on by a scripting error that affected all Pardot marketing automation...

Security Advisory - MITM Vulnerability on Huawei Share

There is a man-in-the-middle(MITM) vulnerability on Huawei Share of certain smartphones. When users establish connection and transfer data through Huawei Share, an attacker could sniffer, spoof and do a series of operations to intrude the Huawei Share connection and launch a man-in-the-middle...

Android-Based Sony Smart-TVs Open to Image Pilfering

Two vulnerabilities in Android-based smart-TVs from Sony, including the flagship Bravia line, could allow attackers to access WiFi passwords and images stored on the devices. The bugs exist in the Photo Sharing Plus feature of Sony smart-TVs going back to 2015. They were uncovered by xen1thLabs in....

Preparing the Internet for the Next Mega DDoS Attack

When you think of a distributed denial-of-service (DDoS) attack at this point in the age of the internet, you might be thinking they’re old news. But when a multi-million-dollar business can be easily taken offline by an unskilled adversary and a $5 rent-a-DDoS service, I would argue that the...

Keys to Mature to a Level 4 Threat Hunting Program

Three Commonalities Among Level 4 Threat Hunting Programs Threat hunting programs that have reached level 4 maturity have three commonalities: The have implemented automation wherever possible to scale their effectiveness They have developed threat hunting processes to operationalize how they...

Hacking Superyachts. Advice for integrators

I’ve written previously how superyachts are the homes, the offices, the play areas for their owners and how captains need to consider so many more risks than they used to. However, a common theme is you the integrator. Your job is to put all the owners toys and all the captains tools together in a....

Hacking Superyachts. Advice for captains

I’ve blogged already about how superyachts are the homes, the offices, the play areas for their owners. However, they are also the charge of the captains and homes of the crew, most owners simply see themselves as guests on the captain’s yacht, so what do you the captain and crew need to think...

Hacking Superyachts. Advice for owners

If you own a superyacht they are your homes, your offices, your play areas. They are islands of exclusivity and provide safety and security and above all privacy, but are they really as secure and private as you hope they are? Finding your yacht Most yachts have safety features such as Automatic...

Real World Examples Demonstrating the Need for Mature Threat Hunting

A recent article discussed the keys to becoming a level 4 maturity threat hunting program. This article will bring these concepts into the real world by discussing examples of attacks that required that high level of threat hunting maturity to find them and defend against them. The case studies...

Drones are Quickly Becoming a Cybersecurity Nightmare

Drones are a growing threat for law enforcement and business security officers. In the run-up to Christmas 2018, rogue drones grounded planes at London Gatwick, the UK’s second-busiest airport. But, increasingly it’s not just the air traffic controllers sounding the alarms over drones, it’s also...

Security Advisory - Signature Verification Bypass Vulnerability in Some Huawei Mobile Phones

Some Huawei mobile phones have a signature verification bypass vulnerability. Attackers can induce users to install malicious applications. Due to a defect in the signature verification logic, the malicious applications can invoke specific interface to execute malicious code. A successful exploit.....

Three Ways DNS is Weaponized and How to Mitigate the Risk

In the early stages of the “Net” each computer system participating in this network could only be contacted by knowing it’s unique 32bit IP address. As the Net grew into the Internet that we know today, some changes had to be made to allow this system of interconnected computers to communicate...

Make Sure Your Security Is Ready for the President’s Day Shopping Spree

By Tony Bradley The following article was originally written to provide e-retailers with tip and tricks for the Black Friday and Cyber Monday shopping. However, with the biggest President’s day spring sales approaching, the best practices and how-to remain the same. More about e-commerce security.....

Hacking floating hotels. Cruise ship compromise on the high seas

Modern cruise ships have all the amenities of a large resort hotel. Prior to entering the infosec space, I spent 5 years working in hotels. My experience of the security of both hotels and shipping indicates that the mix is not a good one for security. What’s the difference between a hotel and a...

Fighting Fire with Fire: API Automation Risks

Akamai research shows that 83 percent of all traffic on the web today are API calls (JSON / XML). In many cases this fast growth can be attributed to the adoption and popularity of mobile devices and the mobile app ecosystem, as well as the abuse by threat actors using bots to automate their...

Shipping Firms Speared with Targeted 'Whaling' Attacks

Scammers are honing in on the shipping industry, using “whaling,” a.k.a. business email compromise (BEC) attacks, to scoop up credentials, or worse, compromise critical systems. Hackers are launching whaling attacks to target various types of employees with some serious online (and sometimes...

Automotive Security: It’s More Than Just What’s Under The Hood

It’s a cool Saturday evening as I head out for a night on the town with my wife and some friends. We’re in a late model German made vehicle driving – below the speed limit – as we drive onto the open road. While focusing on the road I notice a strange effect happening to the radio as I accelerate.....

The Nature of Mass Exploitation Campaigns

We’ve all seen the movies where there’s a dark hooded figure sitting behind a keyboard entering a 3D virtualized representation of the internet. Focusing in on their target, the figure sees various bits of information about that person, from their birth date, to headshot of them stepping out of a.....

More on Threat Hunting

Earlier this week hellor00t asked via Twitter: Where would you place your security researchers/hunt team? I replied: For me, "hunt" is just a form of detection. I don't see the need to build a "hunt" team. IR teams detect intruders using two major modes: matching and hunting. Junior people...

OracleVM 3.4 : Unbreakable / etc (OVMSA-2018-0273)

The remote OracleVM system is missing necessary patches to address critical security updates : hugetlbfs: fix kernel BUG at fs/hugetlbfs/inode.c:447! (Mike Kravetz) scsi: libsas: fix memory leak in sas_smp_get_phy_events (Jason Yan) [Orabug: 27927687] (CVE-2018-7757) KVM: vmx:...

Unbreakable Enterprise kernel security update

[4.1.12-124.20.7] - Revert 'rds: RDS (tcp) hangs on sendto() to unresponding address' (Brian Maly) [Orabug: 28837953] [4.1.12-124.20.6] - x86/speculation: Retpoline should always be available on Skylake (Alexandre Chartre) [Orabug: 28801831] [4.1.12-124.20.5] - x86/speculation: Add sysfs entry...