Latest News Latest News

First Cyber Attack 'Mass Exploiting' BlueKeep RDP Flaw Spotted in the Wild

Cybersecurity researchers have spotted a new cyberattack that is believed to be the very first but an amateur attempt to weaponize the infamous BlueKeep RDP vulnerability in the wild to mass compromise vulnerable systems for cryptocurrency mining.

Read More...

Mysterious malware that re-installs itself infected over 45,000 Android Phones

Over the past few months, hundreds of Android users have been complaining online of a new piece of mysterious malware that hides on the infected devices and can reportedly reinstall itself even after users delete it, or factory reset their devices.

Read More...

New PHP Flaw Could Let Attackers Hack Sites Running On Nginx Servers

If you're running any PHP based website on NGINX server and have PHP-FPM feature enabled for better performance, then beware of a newly disclosed vulnerability that could allow unauthorized attackers to hack your website server remotely.

Read More...

Stealthy Microsoft SQL Server Backdoor Malware Spotted in the Wild

Cyber security researchers claim to have discovered a previously undocumented backdoor specifically designed for Microsoft SQL servers that could allow a remote attacker to control an already compromised system stealthily.

Read More...

Attention Linux Users!

A new vulnerability has been discovered in Sudo—one of the most important, powerful, and commonly used utilities that comes as a core command installed on almost every UNIX and Linux-based operating system.

Read More...

Apple iTunes and iCloud for Windows 0-Day Exploited in Ransomware Attacks

The cyber criminal group behind BitPaymer and iEncrypt ransomware attacks has been found exploiting a zero-day vulnerability affecting a little-known component that comes bundled with Apple's iTunes and iCloud software for Windows to evade antivirus detection.

Read More...

New 0-Day Flaw Affecting Most Android Phones Being Exploited in the Wild

Another day, another revelation of a critical unpatched zero-day vulnerability, this time in the world's most widely used mobile operating system, Android.

Read More...

Just a GIF Image Could Have Hacked Your Android Phone Using WhatsApp

Today, the short looping clips, GIFs are everywhere—on your social media, on your message boards, on your chats, helping users perfectly express their emotions, making people laugh, and reliving a highlight.

Read More...

New Critical Exim Flaw Exposes Email Servers to Remote Attacks — Patch Released

A critical security vulnerability has been discovered and fixed in the popular open-source Exim email server software, which could allow a remote attacker to simply crash or potentially execute malicious code on targeted servers.

Read More...

Microsoft Releases Emergency Patches for IE 0-Day and Windows Defender Flaw

It's not a Patch Tuesday, but Microsoft is rolling out emergency out-of-band security patches for two new vulnerabilities, one of which is a critical Internet Explorer(IE) zero-day that cyber criminals are actively exploiting in the wild.

Read More...

Most Viewed News Most Viewed News

Back

Apple iTunes and iCloud for Windows 0-Day Exploited in Ransomware Attacks

Watch out Windows users!

The cybercriminal group behind BitPaymer and iEncrypt ransomware attacks has been found exploiting a zero-day vulnerability affecting a little-known component that comes bundled with Apple's iTunes and iCloud software for Windows to evade antivirus detection.

The vulnerable component in question is the Bonjour updater, a zero-configuration implementation of network communication protocol that works silently in the background and automates various low-level network tasks, including automatically download the future updates for Apple software.

To be noted, since the Bonjour updater gets installed as a separate program on the system, uninstalling iTunes and iCloud doesn't remove Bonjour, which is why it eventually left installed on many Windows computers — un-updated and silently running in the background.

Cybersecurity researchers from Morphisec Labs discovered the exploitation of the Bonjour zero-day vulnerability in August when the attackers targeted an unnamed enterprise in the automotive industry the BitPaymer ransomware.

Unquoted Service Path Vulnerability in Apple's Bonjour Service

The Bonjour component was found vulnerable to the unquoted service path vulnerability, a common software security flaw that occurs when the path of an executable contains spaces in the filename and is not enclosed in quote tags ("").

The unquoted service path vulnerability can be exploited by planting a malicious executable file to the parent path, tricking legitimate and trusted applications into executing malicious programs to maintain persistence and evade detection.

"In this scenario, Bonjour was trying to run from the Program Files folder, but because of the unquoted path, it instead ran the BitPaymer ransomware since it was named Program," the researchers said.

"As many detection solutions are based on behavior monitoring, the chain of process execution (parent-child) plays a major role in alert fidelity. If a legitimate process signed by a known vendor executes a new malicious child process, an associated alert will have a lower confidence score than it would if the parent was not signed by a known vendor."

"Since Bonjour is signed and known, the adversary uses this to their advantage."

Besides escaping from the detection, in some cases, the unquoted service path vulnerability could also be abused to escalate privileges when the vulnerable program has the rights to run under higher privileges.

However, in this particular case, the Bonjour zero-day didn't allow the BitPaymer ransomware to gain SYSTEM rights on the infected computers. But it did allow the malware to evade common detection solutions that are based on behavior monitoring because the Bonjour component appears like a legitimate process.

Security Patches Released (iTunes / iCloud for Windows)

Immediately after discovering the attack, researchers at Morphisec Labs responsibly shared the details of the attack with Apple, who just yesterday released iCloud for Windows 10.7, iCloud for Windows 7.14, and iTunes 12.10.1 for Windows to address the vulnerability.

Windows users who have iTunes or/and iCloud installed on their system are highly recommended to update their software to the latest versions.

In case you ever had installed one of these Apple software on your Windows computer and then uninstalled it, you should check the list of installed applications on your system for the Bonjour updater and uninstall it manually.


Values Values

  • Trustworthiness
  • Innovation
  • Scientific
  • Democracy
  • Synergy
  • Saving