Cybersecurity researchers today uncovered details of two new vulnerabilities in the GoAhead web server software, a tiny application widely embedded in hundreds of millions of Internet-connected smart devices.
One of the two vulnerabilities, assigned as CVE-2019-5096, is a critical code execution flaw that can be exploited by attackers to execute malicious code on vulnerable devices and take control over them.
The first vulnerability resides in the way multi-part/form-data requests are processed within the base GoAhead web server application, affecting GoAhead Web Server versions v5.0.1, v.4.1.1, and v3.6.5.
According to the researchers at Cisco Talos, while processing a specially crafted HTTP request, an attacker exploiting the vulnerability can cause use-after-free condition on the server and corrupt heap structures, leading to code execution attacks.
The second vulnerability, assigned as CVE-2019-5097, also resides in the same component of the GoAhead Web Server and can be exploited in the same way, but this one leads to denial-of-service attacks.
Read more »
A newly discovered Android vulnerability is actively exploited by malware such as the BankBot banking Trojan and it impacts all versions of the operating system up to and including Android 10.
The new vulnerability discovered by Promon security researchers was named StrandHogg and it can be exploited without the need of rooting the device.
Once exploited, it allows malicious apps to camouflage as almost any legitimate app, with Promon finding that “all of the 500 most popular apps (as ranked by app intelligence company 42 Matters) are vulnerable to StrandHogg.”
Unique Android Vulnerability
StrandHogg is “unique because it enables sophisticated attacks without the need for a device to be rooted, uses a weakness in the multitasking system of Android to enact powerful attacks that allows malicious apps to masquerade as any other app on the device,” says Promon.
“This exploit is based on an Android control setting called ‘taskAffinity’ which allows any app – including malicious ones – to freely assume any identity in the multitasking system they desire.”
Read more »
If your Firefox or Chrome browser has any of the below-listed four extensions offered by Avast and its subsidiary AVG installed, you should disable or remove them as soon as possible.
- Avast Online Security
- AVG Online Security
- Avast SafePrice
- AVG SafePrice
Why? Because these four widely installed browser extensions have been caught collecting a lot more data on its millions of users than they are intended to, including your detailed browsing history.
Most of you might not even remember downloading and installing these extensions on your web browser, and that’s likely because when users install Avast or AVG antivirus on their PCs, the software automatically installs their respective add-ons on the users’ browsers.
Both online security extensions have been designed to warn users when they visit a malicious or phishing website; whereas, SafePrice extensions help online shoppers learn about best offers, price comparisons, travel deals, and discount coupons from various sites.
The malicious behaviour of Avast and AVG extensions was discovered almost a month ago by Wladimir Palant, who detailed how the extensions are sending a large amount of data about users’ browsing habits, listed below, to the company’s servers — “far beyond what’s necessary for the extension to function.”
Read more »
A new Windows trojan has been discovered that attempts to steal passwords stored in the Google Chrome browser. While this is nothing unique, what stands out is that the malware uses a remote MongoDB database to store the stolen passwords.
This trojan is called CStealer, and like many other info-stealing trojans, was created to target and steal login credentials that were saved in Google Chrome’s password manager.
Targeting Chrome Passwords
After being discovered by MalwareHunterTeam and further analyzed by James, though, things got a bit more interesting.
Instead of compiling the stolen passwords into a file and sending them to a C2 under the attackers control, the malware connects directly to a remote MongoDB database and uses it to store the stolen credentials. Read more »
If you have ever registered an account with the official Magento marketplace to bought or sold any extension, plugin, or e-commerce website theme, you must change your password immediately.
Adobe—the company owning Magento e-commerce platform—today disclosed a new data breach incident that exposed account information of Magento marketplace users to an unknown group of hackers or individuals.
According to the company, the hacker exploited an undisclosed vulnerability in its marketplace website that allowed him to gain unauthorized third-party access to the database of registered users — both customers (buyers) as well as the developers (sellers).
The leaked database includes affected users’ names, email addresses, MageID, billing and shipping address information, and some limited commercial information.
While Adobe didn’t reveal or might don’t know when the Magento marketplace was compromised, the company did confirm that its security team discovered the breach last week on November 21.
Read more »