Free Republic

Massive data breaches have become so common that we’ve gotten numb to reports detailing another hack or 0-day exploit. That doesn’t reduce the risk of such events happening, as the cat-and-mouse game between security experts and hackers continues. As some vulnerabilities get fixed, others pop up requiring attention from product and service providers. The newest one has a name that will not mean anything to most people. They call the hack Log4Shell in security briefings, which doesn’t sound very scary. But the new 0-day attack is so significant that some people see it as the worst internet hack in history.......

The vulnerability is in Java-based software known as "Log4j" that large organizations, including some of the world's biggest tech firms, use to configure their applications. Apple's cloud computing service, security firm Cloudflare and one of the world's most popular video games, Minecraft, are among the organizations that run Log4j, according to security researchers. The vulnerability can offer a hacker a relatively easy way to access an organization's computer server. From there, an attacker could devise other ways to access systems on an organization's network. Security experts say that the fallout from the software flaw could continue for days and weeks...

Earlier this year, researchers at Russian cybersecurity firm Kaspersky witnessed a cyberespionage campaign targeting Microsoft Windows PCs at government and telecom entities in China and Pakistan. They began in June 2020 and continued through to April 2021. What piqued the researchers’ interest was the hacking software used by the digital spies, whom Kaspersky had dubbed Bitter APT, a pseudonym for an unspecified government agency. Aspects of the code looked like some the Moscow antivirus provider had previously seen and attributed to a company it gave the cryptonym “Moses.” Moses, said Kaspersky, was a mysterious provider of hacking tech known as...

An unpatched zero-day in Microsoft Windows 10 (and prior) allows attackers to corrupt an NTFS-formatted hard drive with a one-line command. In multiple tests by BleepingComputer, this one-liner can be delivered hidden inside a Windows shortcut file, a ZIP archive, batch files, or various other vectors to trigger hard drive errors that corrupt the filesystem index instantly. "Critically underestimated" NTFS vulnerability In August 2020, October 2020, and finally this week, infosec researcher Jonas L drew attention to an NTFS vulnerability impacting Windows 10 that has not been fixed. When exploited, this vulnerability can be triggered by a single-line command to...

Article title: "Disclosing vulnerabilities to protect users across platforms" ... The second vulnerability was in Microsoft Windows. It is a local privilege escalation in the Windows win32k.sys kernel driver that can be used as a security sandbox escape... We strongly believe this vulnerability may only be exploitable on Windows 7 due to recent exploit mitigations added in newer versions of Windows. To date, we have only observed active exploitation against Windows 7 32-bit systems. Pursuant to Google’s vulnerability disclosure policy, when we discovered the vulnerability we reported it to Microsoft. Today, also in compliance with our policy, we are publicly...

Bottom line: Google is urging Chrome users to update their browsers immediately after a zero-day exploit that could give hackers direct access to a user's OS has been found. The most recent version is 72.0.3626.121, and it's the version you want to be running to make sure you're safe from this exploit. Google is urging users to update Chrome across all platforms after a critical vulnerability was discovered and patched. The vulnerability exploits a security flaw known as CVE-2019-5786. The security flaw is a memory management issue in Chrome's FileReader which gives hackers the opportunity to inject and execute malicious...

Google and Microsoft are butting heads over the disclosure of vulnerabilities. On Monday, Google revealed a critical flaw in Windows after it gave Microsoft a ten-day window to warn the public about it.Google posted about the zero-day vulnerability on its security blog, saying Microsoft had yet to publish a fix or issue an advisory about the software flaw."This vulnerability is particularly serious because we know it is being actively exploited," Google said. It lets hackers exploit a bug in the Windows kernel, via a win32k.sys system call, to bypass the security sandbox.The search giant originally told Microsoft about the problem...

PC giant Lenvo has launched an investigation with Intel to find out which of its suppliers introduced the recently-disclosed BIOS level "ThinkPwn" vulnerability that allows attackers to bypass hardware protections on the company's ThinkPad laptops and other computers. Researcher Dmytro Oleksiuk discovered a flaw that allowed arbitrary code execution using the Intel system management mode (SMM) feature in processors. The exploit is able to bypass the write protection in PCs' flash memory, and in turn disable the Unified Extensible Firmware Interface (UEFI) Secure Boot, and the Windows 10 Enterprise Credentials Guard security feature. Oleksiuk also found suspicious SMM code in...

Lenovo, and possibly other PC vendors, is exposed to a UEFI bug that can be exploited to disable firmware write-protection. If the claims made by Dmytro Oleksiuk at Github are correct, an attacker can “disable flash write protection and infect platform firmware, disable Secure Boot, [and] bypass Virtual Secure Mode (Credential Guard, etc.) on Windows 10 Enterprise.” The reason Oleksiuk believes other vendors are also vulnerable is that the buggy code is inherited from Intel. He writes that the SystemSmmRuntimeRt was copied from Intel reference code.

A researcher has discovered a new low-level zero-day exploit that overrides the protection for the firmware code in Lenovo ThinkPads and other laptops, bypassing hardware and Windows security features. Last week, Dmytro Oleksiuk, also known as cr4sh, released the code for his ThnkPwn proof of concept on Github, showing how it can be used to exploit a flaw in the unified extensible firmware interface (UEFI) driver for privilege escalation. This lets attackers remove the write protection for system flash memory, and allows them to run arbitrary code with full access to the entire victim system. Lenovo had not received advance...

A Windows zero day vulnerability granting hackers deeper access to compromised machines is being sold for US$90,000. The local privilege escalation vulnerability is being sold on crime forum exploit.in and promises to help attackers who already have access to hacked machines. Seller BuggiCorp claims in a sales thread and proof-of-concept videos that the local privilege escalation works on Windows systems from version 2000 to the considerably more secure 10. It works in the presence of Microsoft's lauded enhanced mitigation toolkit which introduces many security features baked into Windows 10 to older platforms. Researchers from Trustwave's Spiderlabs team, who found the...

Yet another bad new Zero-Day (already exploited) Adobe Flash vulnerability. Time to uninstall Flash from all your computers and keep it off for good! To remove Flash from Windows: Close your browser In Control Panel -> Programs and Features, remove/uninstall all Adobe Flash or Shockwave items. Restart your browser Go to Add-ons/Plugins and confirm there are no Shockwave or Flash plugins. To remove Flash from OS X (10.6 and later): Download and run this Flash uninstaller: http://fpdownload.macromedia.com/get/flashplayer/current/support/uninstall_flash_player_osx.dmg To remove Flash from Linux: Close your browser Use "apt-get remove", "yum erase", or find the flashplayer .so (e.g. in /usr/lib[64]/mozilla/plugins or ~/.mozilla/plugins)...

Updated -- Two more serious security holes in Adobe Flash that let miscreants hijack vulnerable computers have emerged from the leaked Hacking Team files – and crooks are apparently already exploiting at least one of them to infect machines. The use-after-free() programming flaws, for which no patches exist, are identified as CVE-2015-5122 and CVE-2015-5123. They are similar to the CVE-2015-5119 Flash bug patched last week. The 5122 and 5123 bugs let malicious Flash files execute code on victims' computers and install malware. The bugs are present in the Windows, Linux and OS X builds of the plugin. The 5119, 5122...

A new zero day vulnerability that resides in all versions of Internet Explorer has been spotted in the wild, Microsoft confirmed late Saturday. The vulnerability, which could allow remote code execution, is being used in "limited, targeted attacks," according to an advisory issued by Microsoft. While all versions of the web browser, IE 6 through 11, are affected by the vulnerability, attacks are currently targeting IE versions 9, 10 and 11, according to security firm Fire Eye, which first reported the flaw Friday. The attack leverages a previously unknown "use after free" vulnerability -- data corruption that occurs after memory...

Summary: Microsoft expects to see exploit code targeting at least one of the vulnerabilities within the next 30 days. Microsoft today warned that cyber-criminals could soon aim exploits at critical security flaws in Internet Explorer browser and Windows to hijack and take complete control of vulnerable machines. The warning comes as part of this month’s Patch Tuesday where Microsoft released 7 bulletins with fixes for at least 26 documented vulnerabilities affecting the Windows ecosystem. The company is urging users to pay special attention to MS12-037 and MS12-036, which provides cover for “remote code execution” vulnerabilities that could be used in...

<p>June 20, 2002 -- WASHINGTON - The nation's eavesdropping agency intercepted ominous messages on Sept. 10 - "The match begins tomorrow" and "Tomorrow is zero day" - but nothing was done until it was too late, sources said yesterday.</p> <p>The National Security Agency didn't translate the pair of pre-9/11 Arabic-language messages until Sept. 12, the day after the terror attacks, intelligence officials told a congressional panel.</p>

WASHINGTON (Reuters) - A U.S. Justice Department probe of the leak of classified information about intercepted messages prior to the Sept. 11 attacks is focusing on Sen. Richard Shelby, former chairman of the Senate intelligence committee, The Washington Post reported on Thursday. The newspaper cited a law enforcement official and congressional sources as saying that the probe has focused on the Alabama Republican who was head of the intelligence panel at the time of the disclosure. The FBI is trying to determine the source of the leaked information that the super secret National Security Agency (NSA) had intercepted two messages...