Ειδοποιήσεις

Bill Demirkapi, a 17-year-old independent security researcher, has discovered a critical remote code execution vulnerability in the Dell “Support Assist Utility” that comes pre-installed on most Dell computers.

Dell Support Assist, formerly known as Dell System Detect, checks the health of your computer system’s hardware and software.

The utility has been designed to interact with the Dell Support website and automatically detect Service Tag or Express Service Code of your Dell product, scan the existing device drivers and install missing or available driver updates, as well as perform hardware diagnostic tests.

If you are wondering how it works, Dell Support Assist in the background runs a web server locally on the user system, either on port 8884, 8883, 8886, or port 8885, and accepts various commands as URL parameters to perform some-predefined tasks on the computer, like collecting detailed system information or downloading a software from remote server and install it on the system.

Though the local web service has been protected using the “Access-Control-Allow-Origin” response header and has some validations that restrict it to accept commands only from the “dell.com” website or its subdomains, Demirkapi explained ways to bypass these protections in a blog post.

Read more »

If you have an account with Microsoft Outlook email service, there is a possibility that your account information has been compromised by an unknown hacker or group of hackers, Microsoft confirmed.

Earlier this year, hackers managed to breach Microsoft’s customer support portal and access information related to some email accounts registered with the company’s Outlook service. Yesterday, a user on Reddit publicly posted a screenshot of an email which he received from Microsoft warning that unknown attackers were able to access some information of his OutLook account between 1 January 2019 and 28 March 2019.
Read more »

Drupal, the popular open-source content management system, has released security updates to address multiple “moderately critical” vulnerabilities in Drupal Core that could allow remote attackers to compromise the security of hundreds of thousands of websites.

According to the advisories published today by the Drupal developers, all security vulnerabilities Drupal patched this month reside in third-party libraries that are included in Drupal 8.6, Drupal 8.5 or earlier and Drupal 7.

One of the security flaws is a cross-site scripting (XSS) vulnerability that resides in a third-party plugin, called JQuery, the most popular JavaScript library that is being used by millions of websites and also comes pre-integrated in Drupal Core.
Read more »

The National CSIRT-CY would like to inform you of a Ransomware attack that is currently in progress worldwide.

After the analysis of the National CSIRT-CY, the following IOC’s (Hashes) were found.

 

FileDetails

Type PE32 executable (GUI) Intel 80386, for MS Windows
FileName sql.exe
Size 94720 bytes
MD5 5a9eb8d21148bc8b54460d03f4f7c3b6
SHA1 e2bf54f632b98b3f77d15794bf1251d1cf4e2974
SHA256 e83d9e54f12139150e2ba6ed2f6b119dcc593ea7dc3137cef8942674bf69490b
SHA512
7f208bb599d571758cf575ca998ec06f5a5efc79a7763cccc6e884c72b85fd106cc3f3d8adbb153fec14523a94d6b00e8b4c93036553cd7c8fb92d33def7559c

Read more »

Uniden’s website for commercial security products has been hacked to host a Word document that delivers what appears to be a garden variety of the Emotet trojan, also known as Geodo and Heodo.

Compared to Uniden’s main website, which offers a wide range of electronic products (radios, scanners, radar detectors, dash cams, cellular boosters), the solutions available on the commercial branch are limited to cameras (both IP and analog), network video recorders (NVR).

Emotet sitting nice and snug

Discovered by threat tracker JTHL , the malicious Word file is stored in the ‘/wp-admin/legale/’ folder and includes a macro that downloads what seems to be a variant of Emotet, according to URLhaus, a project from abuse.ch that collects, tracks and shares malicious URLs with security professionals and network administrators.

With the help of 265 volunteer security researchers, over a period of about ten months, URLhaus project contributed to taking down 100,000 websites actively engaged in malware distribution.

Read more »