Skip to main content

Posts

Showing posts from December, 2019

Unpatched Dropbox for Windows Zero-Day Bug Let Hackers get SYSTEM Privileges

A zero-day vulnerability in Dropbox for Windows allows attackers to escalate privileges from simple windows users privilege to the reserved SYSTEM privilege. The vulnerability resides in the  DropBoxUpdater service , which is responsible for keeping the client application up to date. Dropbox Updater Vulnerability The vulnerability was discovered by security researcher Decoder and  Chris Danieli  and they have created a  PoC  to test the vulnerability. The DropBoxUpdater is the component of the Dropbox Client Software suite, the updater installed as a service and keeps 2 scheduled tasks running with SYSTEM permissions. Dropboxupdate writes the log files in the directory “c:\ProgramData\Dropbox\Update\Log”, any users can access the directories or to add, delete the files. Another notable thing is that SetSecurity call made through SYSTEM privileges on the files, this allows an attacker to exploit via  hardlink . “But we have a problem h...

Worst Passwords Used in 2019 – Here is the List of Top 50 Common Passwords

Despite the importance of setting strong passwords, users continue to setup week passwords which are easy to guess for an attacker. A strong password is key to protect your digital assets. Here is the list of  Worst Passwords 2019 Memorizing strong separate passwords for each account is also a difficult task,  password managers  are the solution for this problem. Worst Passwords 2019 Nordpass  compiled  a list of 200 most popular passwords that were leaked in data breaches just this year. The analysis shows that still people using weak passwords. The bad news is that when compared to  2018 leaked passwords  nothing changed, “12345”, “123456” and “123456789” remains at the top spot. Following that “test1” and “password” remain popular. If you have a weak password then it is a cakewalk for hackers, they can gain access to your account easily by using brute force techniques. A strong password should have at least six characters that includ...

4.6 Million Android Devices Affected by 100+ Malicious Apps on Google Play

Researchers discovered over 100 malicious apps from Google play store that downloaded by more than 4.6 android users around the globe. Most of the malicious apps are commits ad fraud, and the app malicious apps are using the same common code package dubbed “Soraka” ( com.android.sorakalibrary.* ). “GBHackers on Security” reported  several adware incidents  in the past few months, and it’s rapidly growing to exclusively target the Android users to generate millions of dollars revenue. Malware, Spyware, and Adware can accompany them, become a parasite in user’s systems resulting in unnecessary disruptions, and breaches of the personal data in your Android devices. In addition to the Soraka code package, Researchers also discovered, in some of the apps, a variant with similar functionality which we dubbed “Sogo” ( com.android.sogolibrary.* ): Some of The Malicious Apps Activities An app called “ Best Fortune Explorer App ” published under the publisher JavierGent...

Hackers Abuse RDP Service to Exfiltrate Data and Drop Different Malicious Payloads

Hackers abuse legitimate RDP service to use fileless attack techniques for dropping multi-purpose off-the-shelf tools for device fingerprinting and to deploy malicious payloads ranging from ransomware to cryptocurrency miners. The Remote Desktop is the built-in feature with most of the Windows installation and it has built-in file-sharing functionality that is used by the attackers as an infection vector. Abusing Remote Desktop Server Feature The infection starts by abusing the feature of the Windows Remote Desktop Server in which the  RDP  client shares the virtual network file share location named “ tsclient ” of the connected computer. Attackers use these paths to create multiple-letter directory names. PC Drives According to Bitdefender researchers  report , the attackers placed a malicious component of the attack named  worker.exe  located on the network share on the “tsclient” network location and it can be executed using explorer.exe or ...

Apple Opens Its Invite-Only Bug Bounty Program to All Researchers

As  promised by Apple  in August this year, the company today finally opened its bug bounty program to all security researchers, offering monetary rewards to anyone for reporting vulnerabilities in the iOS, macOS, watchOS, tvOS, iPadOS, and iCloud to the company. Since its  launch  three years ago,  Apple's bug bounty program  was open only for selected security researchers based on invitation and was only rewarded for reporting vulnerabilities in the iOS mobile operating system. However, speaking at a hacking conference in August this year, Ivan Krstić, head of Apple Security Engineering and Architecture at Apple,  announced  the company's upcoming  extended bug bounty program  which included three main highlights: an enormous increase in the maximum reward from $200,000 to $1.5 million, accepting bug reports for all of its operating systems and latest hardware, opening the program for all researchers. Now starting from tod...

Apple Blackmailer sentenced for $100,000 in London

A 22-year-old man who claimed to have  access to over 300 million iCloud accounts  and threatened to factory reset all accounts unless Apple pays ransom has pleaded guilty in London for trying to blackmail Apple. In March 2017, Kerem Albayrak from North London claimed to be a spokesman for a hacking group called the " Turkish Crime Family " and in possession of 319 million iCloud accounts. Albayrak gave Apple a deadline until April 7, 2017, to pay up $75,000 in crypto-currency or $100,000 worth of iTunes gift cards in return for deleting the copy of stolen database, the U.K. National Crime Agency said in a  statement , calling the blackmailer a "fame-hungry cyber-criminal." However, if the company failed to meet his demands, Albayrak threatened that he would start remotely wiping the victim's Apple devices, factory reset iCloud accounts, and dump the stolen database online. In late March 2017, the NCA's National Cyber Crime Unit arrested Albayrak at hi...