While doing firmware analysis for ThreatPROTECT, I came across a firmware running on Netgear D3600 and D6000 series router. So I decided to analyse it because these models have been used in multiple countries. In this blog post, I am going to explain how did I found flaws, which pose a risk to the privacy … Continue reading “Netgear D6000/D3600 Hard-Coded Cryptographic keys and Auth Bypass”
Adobe Flash Player CVE-2016-4171 Zero Day and Active Attacks
Adobe Flash Player 21.0.0.242 are earlier versions for Windows, Macintosh, Linux, and Chrome OS are currently being exploited and there is no patch. Therefore we have marked them as ‘Zero Day’ as well as ‘Active Attacks’ in ThreatPROTECT. The exploit uses CVE-2016-4171 in targeted attacks. Adobe is expected to address this vulnerability on June 16. We have … Continue reading “Adobe Flash Player CVE-2016-4171 Zero Day and Active Attacks”
Exploiting Buffer Overflow Vulnerability In Boxoft WAV
Abstract While analyzing exploits for ThreatPROTECT, I came across a proof of concept (PoC) for Boxoft WAV to MP3 Converter that creates a message box on older windows systems. So I decided to pimp-it-up so that it can be converted into a robust exploit which will work on all modern Windows operating systems, demonstrating that the … Continue reading “Exploiting Buffer Overflow Vulnerability In Boxoft WAV”
Neutrino Exploit Kit and CVE-2016-4117
Exploit Kits are swiftly taking advantage of Adobe Flash vulnerabilities. Four days after Adobe released the Flash player update 21.0.0.242, exploit kits quickly added the Flash exploit into their “Lunch package”. This blog is about how we identified CVE-2016-4117 in the Neutrino Exploit Kit and the process of how we extracted the multiple layers of … Continue reading “Neutrino Exploit Kit and CVE-2016-4117”
Adobe Flash new 0-day – Update
Update: three ExploitKits have so far integrated this new vulnerability. Our RTI for QId: 120098 in ThreatPROTECT is nowExploitKit and ActiveAttacks. Original: According to Adobe a new 0-day vulnerability in its Flash player is under attack in the wild. The vulnerability in tagged as CVE-2016-4117 and affects Flash player version equal or less than V21.0.0.226. Adobe expects … Continue reading “Adobe Flash new 0-day – Update”
Internet Explorer under active attack
Microsoft has released a new version of Internet Explorer 7-11 that addresses the critical vulnerability CVE-2016-0189 together with four other vulnerabilities. According to Microsoft’s bulletins MS16-051 and MS16-053, CVE-2016-0189 is under active attack in the wild. Our RTI for QId: 100284 and 91220 is ActivelyAttacked.
ImageMagick vulnerability under active attack
ImageMagick is a popular open source package for image manipulation. A number of vulnerabilities have been identified in the software: one of them, CVE-2016-3714, allows for Remote Code Execution (RCE) and is under active attack in the wild. There is no patch available at the moment, but users can configure the “policy.xml” file to neutralize … Continue reading “ImageMagick vulnerability under active attack”
Analysis of RIG Exploit Kit weaponizing CVE-2016-0034
Exploit kit authors often update the capabilities of their exploit kits by adding support for new vulnerabilities so that they can compromise and install malware or ransomware on even more machines. As part of the ThreatPROTECT research team, I analyze exploit kits to keep track of the latest vulnerabilities being incorporated into them. Back in February, I analyzed the … Continue reading “Analysis of RIG Exploit Kit weaponizing CVE-2016-0034”
Accellion FTA Vulnerabilities
Security researcher Orange recently managed to gain access to a file transfer server at Facebook. He used a set of vulnerabilities that he found in the product that provides the service: the Accellion File Transfer Server (FTA). He notified Facebook under their bug bounty program and was awarded US$ 10,000. Accellion addressed vulnerabilities CVE-2016-2350/1/2/3 in … Continue reading “Accellion FTA Vulnerabilities”
Microsoft Windows under active attack
Microsoft published MS16-039 for all versions of Windows on April 12, 2016. MS16-039 addresses four vulnerabilities, one rated “critical” allowing for Remote Code Execution, three rated “important” allowing for escalation of privilege. Two of the “important” vulnerabilities (CVE-2016-0165 and CVE-2016-0167) are under active attack. In a typical scenario an attacker would use a first vulnerability … Continue reading “Microsoft Windows under active attack”