New Android Malware Steals Banking Passwords, Private Data and Keystrokes
NA new type of mobile banking malware has been discovered abusing Android's accessibility features to exfiltrate sensitive data from financial applications, read user SMS messages, and hijack SMS-based two-factor authentication codes.
Microsoft Issues Patches for 4 Bugs Exploited as Zero-Day in the Wild
It's April 2020 Patch Tuesday, and during these challenging times of coronavirus pandemic, this month's patch management process would not go easy for many organizations where most of the resources are working remotely.
New Zoom Hack Lets Hackers Compromise Windows and Its Login Password
Zoom has been there for nine years, but the immediate requirement of an easy-to-use video conferencing app during the coronavirus pandemic overnight made it one of the most favorite communication tool for millions of people around the globe.
Warning — Two Unpatched Critical 0-Day RCE Flaws Affect All Windows Versions
Microsoft today issued a new security advisory warning billions of Windows users of two new critical, unpatched zero-day vulnerabilities that could let hackers remotely take complete control over targeted computers.
New Android Cookie-Stealing Malware Found Hijacking Facebook Accounts
A new simple but dangerous strain of Android malware has been found in the wild that steals users' authentication cookies from the web browsing and other apps, including Chrome and Facebook, installed on the compromised devices.
Warning — Unpatched Critical 'Wormable' Windows SMBv3 Flaw Disclosed
Shortly after releasing its monthly batch of security updates, Microsoft late yesterday separately issued an advisory warning billions of its Windows users of a new critical, unpatched, and wormable vulnerability affecting Server Message Block 3.0 (SMBv3) network communication protocol.
Microsoft Issues March 2020 Updates to Patch 115 Security Flaws
Microsoft today released security updates to fix a total of 115 new security vulnerabilities in various versions of its Windows operating system and related software—making March 2020 edition the biggest ever Patch Tuesday in the company's history.
Critical PPP Daemon Flaw Opens Most Linux Systems to Remote Hackers
The US-CERT today issued advisory warning users of a new dangerous 17-year-old remote code execution vulnerability affecting the PPP daemon (pppd) software that comes installed on almost all Linux based operating systems, as well as powers the firmware of many other networking devices.
GhostCat: New High-Risk Vulnerability Affects Servers Running Apache Tomcat
If your web server is running on Apache Tomcat, you should immediately install the latest available version of the server application to prevent hackers from taking unauthorized control over it.
New Wi-Fi Encryption Vulnerability Affects Over A Billion Devices
Cyber security researchers today uncovered a new high-severity hardware vulnerability residing in the widely-used Wi-Fi chips manufactured by Broadcom and Cypress—apparently powering over a billion devices, including smartphones, tablets, laptops, routers, and IoT gadgets.
New Critical Exim Flaw Exposes Email Servers to Remote Attacks — Patch Released
A critical security vulnerability has been discovered and fixed in the popular open-source Exim email server software, which could allow a remote attacker to simply crash or potentially execute malicious code on targeted servers.
Exim maintainers today released an urgent security update—Exim version 4.92.3—after publishing an early warning two days ago, giving system administrators an early head-up on its upcoming security patches that affect all versions of the email server software from 4.92 up to and including then-latest version 4.92.2.
Exim is a widely used, open source mail transfer agent (MTA) developed for Unix-like operating systems like Linux, Mac OSX or Solaris, which runs almost 60 percent of the Internet's email servers today for routing, delivering and receiving email messages.
This is the second time in this month when the Exim maintainers have released an urgent security update. Earlier this month, the team patched a critical remote code execution flaw (CVE-2019-15846) in the software that could have allowed remote attackers to gain root-level access to the system.
Identified as CVE-2019-16928 and discovered by Jeremy Harris of Exim Development Team, the vulnerability is a heap-based buffer overflow (memory corruption) issue in string_vformat defined in string.c file of the EHLO Command Handler component.
The security flaw could allow remote attackers to cause a denial of service (DoS) condition or execute arbitrary code on a targeted Exim mail server using a specially crafted line in the EHLO command with the rights of the targeted user.
According to the Exim advisory, a currently known PoC exploit for this vulnerability allows one to only crash the Exim process by sending a long string in the EHLO command, though other commands could also be used to potentially execute arbitrary code.
"The currently known exploit uses an extraordinary long EHLO string to crash the Exim process that is receiving the message," says the Exim developers' team.
"While at this mode of operation, Exim already dropped its privileges, other paths to reach the vulnerable code may exist."
In mid-year, Exim also patched a severe remote command execution vulnerability (CVE-2019-10149) in its email software that was actively exploited in the wild by various groups of hackers to compromise vulnerable servers.
Therefore, server administrators are highly recommended to install the latest Exim 4.92.3 version as soon as possible, since there is no known mitigation to temporarily resolve this issue.
The team also says, "if you can't install the above versions, ask your package maintainer for a version containing the backported fix. On request and depending on our resources, we will support you in backporting the fix."
The security update is available for Linux distributions, including Ubuntu, Arch Linux, FreeBSD, Debian, and Fedora.