Goto

Collaborating Authors

CUJO Smart Firewall vulnerabilities exposed home networks to critical attacks

ZDNet

Security researchers have uncovered a swathe of serious vulnerabilities in a firewall system developed by CUJO which has been designed to prevent cyberattackers from infiltrating home networks. The vulnerabilities were discovered by Claudio Bozzato from the Cisco Talos cybersecurity team. On Tuesday, the organization published an in-depth examination of the security flaws, which included critical remote code execution bugs. CUJO's Smart Firewall is a device which proclaims protection from malware, viruses, and hacking attempts by way of an intelligent home firewall. However, according to Cisco Talos, the device contained flaws which were severe enough to enable cyberattackers to bypass safe browsing functions and fully hijack the product at will.


Critical flaw lets hackers take control of Samsung SmartCam cameras

PCWorld

The popular Samsung SmartCam security cameras contain a critical remote code execution vulnerability that could allow hackers to gain root access and take full control of them. The vulnerability was discovered by researchers from the hacking collective the Exploiteers (formerly GTVHacker), who have found vulnerabilities in the Samsung SmartCam devices in the past. The flaw allows for command injection through a web script, even though the vendor has disabled the local web-based management interface in these devices. The Samsung SmartCam is a series of cloud-enabled network security cameras that were originally developed by Samsung Techwin. Samsung sold this division to South Korean business conglomerate Hanwha Group in 2015 and the company was renamed Hanwha Techwin.


Black Hat: How hackers gain root access to SAP enterprise servers through SolMan

ZDNet

Researchers have demonstrated how a set of vulnerabilities in SAP Solution Manager could be exploited to obtain root access to enterprise servers. Speaking at Black Hat USA on Wednesday, Onapsis cybersecurity researchers Pablo Artuso and Yvan Genuer explained how the bugs were found in SAP Solution Manager (SolMan), a system comparable to Windows Active Directory. SolMan is a centralized application designed to manage IT solutions on-premise, in the cloud, or in hybrid environments. The integrated solution acts as a management tool for business-critical applications, including SAP and non-SAP software. An estimated 87% of the Global 2000 uses SAP in some way, and so vulnerabilities left unpatched could have severe consequences.


Microsoft: This unusual Windows and Linux malware does everything it can to stay on your network

ZDNet

Microsoft has continued its analysis of the LemonDuck malware, known for installing crypto-miners in enterprise environments, and makes a strong case for why it is worth removing it from your network. This group, according to Microsoft, has a well-stocked arsenal of hacking tools, tricks and exploits aimed at one thing: for their malware to retain exclusive access to a compromised network for as long as possible. While crypto-mining malware could be just a nuisance, LemonDuck attributes suggest the attacker group really do try to own compromised networks, by disabling anti-malware, removing rival malware, and even automatically patching vulnerabilities -- a competitive effort to keep rival attackers from feeding off its turf. "This allows them to limit visibility of the attack to [security operations center] analysts within an organization who might be prioritizing unpatched devices for investigation, or who would overlook devices that do not have a high volume of malware present," Microsoft explain in a follow up analysis of LemonDuck to one it published previously. The critical so-called ProxyLogon Microsoft Exchange Server exploits from March and April were treated this way by LemonDuck attackers.


Meetup fixes security flaws which could have allowed hackers to take over groups

ZDNet

Security vulnerabilities in popular online meeting service and events website Meetup could have allowed cyber attackers to gain access to the profiles of millions of members, according to a security company. Researchers from security company Chechmarx found it was possible to combine cross-site scripting (XSS) and cross-site request forgery (CSRF) vulnerabilities on the site to gain administrator privileges, enabling them to perform actions ranging from the annoying – like cancelling or changing events – to the fraudulent, including looking at information about users or redirecting PayPal payments. Researchers found it was possible to inject malicious script into posts made in the discussion section of the Meetup page – something that's enabled by default on every event. However, the script would be hidden to users, but could allow attackers to take advantage by combining it with a CSRF attack – allowing them to carry out unauthorised commands which they can exploit to gain control of groups. "When you have these two vulnerabilities, it's basically the Holy Grail for a hacker. Because what it means if an organiser page runs the script in the browser, we can actually use their role of administrator to do whatever we want," Erez Yalon, director of security research at Checkmarx told ZDNet.