Security Alerts & News
by Tymoteusz A. Góral

History
#1286 Researchers crack Microsoft feature, say encryption backdoors similarly crackable
Researchers who uncovered a security key that protects Windows devices as they boot up say their discovery is proof that encryption backdoors do not work.

The pair of researchers, credited by their hacker nicknames MY123 and Slipstream, found the cryptographic key protecting a feature called Secure Boot.

They believe the discovery highlights a problem with requests law enforcement officials have made for technology companies to provide police with some form of access to otherwise virtually unbreakable encryption that might be used by criminals.
#1285 Serious TCP bug in Linux systems allows traffic hijacking
A serious vulnerability in the TCP implementation in Linux systems deployed since 2012 (version 3.6 of the Linux kernel) can be used by attackers to identify hosts communicating over the protocol and ultimately attack that traffic.

Researchers from the University of California, Riverside and the U.S. Army Research Laboratory are expected today at the USENIX Security Symposium deliver their paper, “Off-Path TCP Exploits: Global Rate Limit Considered Dangerous,” that explains the vulnerability and recommendations on how to mitigate it.

Patches for the vulnerability have been developed for the current Linux kernel, said Zhiyun Qian, an assistant computer science professor at the university and project advisor. Qian and fellow authors Yue Cao, Zhiyun Qian, Zhongjie Wang, Tuan Dao, Srikanth V. Krishnamurthy, and Lisa M. Marvel also developed a patch for client and server hosts that raises the challenge ACK limit to large values, making it difficult to exploit.
#1284 Windows 10 attack surface grows with Linux support in anniversary update
Microsoft’s release of Windows Anniversary Update last week included an optional feature called Windows Subsystem for Linux that allows native support for Linux binaries. That has some security experts concerned the Windows 10 attack surface has been expanded.

The threat, according to Alex Ionescu, vice president of endpoint detection and response strategy at Crowdstrike, centers on a capability that allows for some Ubuntu Linux features to run within the Windows 10 operating system. Ionescu, who discussed his research with Threatpost last week at Black Hat USA, said modified Linux code could make system calls to Windows APIs and execute malicious actions within the Windows environment.

“Security researchers, admins and forensic security experts are used to hunting Windows threats on Windows platforms and are adept at auditing them. Now you have a very interesting new paradigm where Linux applications can run on a Windows machine,” Ionescu said. “If this feature is turned on, you have support for unmodified Linux binaries – malicious or not.”
#1283 Dota 2 forum breach leaks 2 million user accounts
A hacker has taken off with almost two million accounts associated with the forum for popular online multiplayer game, Dota 2.

The hack was carried out last month on July 10. The copy of the leaked database was provided to breach notification site LeakedSource.com, which allows users to search their usernames and email addresses in a wealth of stolen and hacked data.

The hacker took advantage of an SQL injection vulnerability used by the older vBulletin forum software, which powers the community.

That allowed them to access the database of limited user data, such as username, email, IP address of the user.

The data also includes the user's hashed password -- which uses the MD5 algorithm, which is widely considered insecure by today's standards, alongside the salt, used to scramble the password further. A member of the LeakedSource group told me that 1.54 million of the passwords -- or about 80 percent -- have already been unscrambled using rudimentary and run-of-the-mill cracking tools.
#1282 Microsoft Patch Tuesday – August 2016
This month the vendor is releasing nine bulletins, six of which are rated Critical.
#1281 Windows PDF library flaw puts Edge users at risk for RCE
A tricky vulnerability patched today in the Windows PDF Library could have put Microsoft Edge users on Windows 10 systems at risk for remote code execution attacks.

Edge automatically renders PDF content when it’s set as a computer’s default browser, unlike most other browsers; the feature means that exploits would execute by simply viewing a PDF online. While this bug has not been publicly disclosed nor attacked, it’s expected to be an attractive attack vector for hackers.

Microsoft patched this flaw in MS16-102, one of four critical security bulletins it published today. The vulnerability, CVE-2106-3319, when exploited corrupts memory and allows an attacker to run arbitrary code with the same privileges as the user. Microsoft said attackers could either lure victims to a site containing a malicious PDF, or add an infected PDF to a site that accepts user-provided content.
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12