The Hacker News Logo
Subscribe to Newsletter

The Hacker News - Cybersecurity News and Analysis: 0day Exploit

3 New Code Execution Flaws Discovered in Atlantis Word Processor

3 New Code Execution Flaws Discovered in Atlantis Word Processor
November 20, 2018Mohit Kumar
This is why you should always think twice before opening innocent looking email attachments, especially word and pdf files. Cybersecurity researchers at Cisco Talos have once again discovered multiple critical security vulnerabilities in the Atlantis Word Processor that allow remote attackers to execute arbitrary code and take over affected computers. An alternative to Microsoft Word, Atlantis Word Processor is a fast-loading word processor application that allows users to create, read and edit word documents effortlessly. It can also be used to convert TXT, RTF, ODT, DOC, WRI, or DOCX documents to ePub. Just 50 days after disclosing 8 code execution vulnerabilities in previous versions of Atlantis Word Processor, Talos team today revealed details and proof-of-concept exploits for 3 more remote code execution vulnerabilities in the application. All the three vulnerabilities, listed below, allow attackers to corrupt the application's memory and execute arbitrary code und

Wikileaks Reveals How CIA Was Hacking Your iPhones And MacBooks

Wikileaks Reveals How CIA Was Hacking Your iPhones And MacBooks
March 23, 2017Swati Khandelwal
As part of its " Vault 7 " series, Wikileaks — the popular whistle-blowing platform — has just released another batch of classified documents focused on exploits and hacking techniques the Central Intelligence Agency (CIA) designed to target Apple MacOS and iOS devices. Dubbed " Dark Matter ," the leak uncovers macOS vulnerabilities and attack vectors developed by a special division of the CIA called Embedded Development Branch (EDB) – the same branch that created ' Weeping Angel ' attack – and focused specifically on hacking Mac and iOS firmware. CIA Infects Apple Devices With Unremovable Malware The newly released documents revealed that CIA had also been targeting the iPhone since 2008. The Agency has created a malware that is specially designed to infect Apple firmware in a way that the infection remains active on MacOS and iOS devices even if the operating system has been re-installed. According to Wikileaks, the released documents also gives a c

Zerodium Offers $1.5 Million Bounty For iOS Zero-Day Exploits

Zerodium Offers $1.5 Million Bounty For iOS Zero-Day Exploits
September 30, 2016Mohit Kumar
Well, there's some good news for Hackers and Bug hunters, though a terrible news for Apple! Exploit vendor Zerodium has tripled its bug bounty for an Apple's iOS 10 zero-day exploit, offering a maximum payout of $US1.5 Million. Yes, $1,500,000.00 Reward. That's more than seven times what Apple is offering (up to $200,000) for iOS zero-days via its private, invite-only bug bounty program. Zerodium, a startup by the infamous French-based company Vupen that buys and sells zero-day exploits to government agencies around the world, previously offered US$500,000 for remote iOS 9 jailbreaks, which was temporarily increased to $1 Million for a competition help by the company last year. The company paid out $1 million contest reward for the first three iOS 9 zero-days in November to an unnamed hacker group, then lowered the price again to $500,000. With the recent release of iOS 10, Zerodium has agreed to pay $1.5 Million to anyone who can pull off a remote jail

Blackhat Firm Offers $500,000 for Zero-day iOS Exploit; Double Than Apple's Highest Bounty

Blackhat Firm Offers $500,000 for Zero-day iOS Exploit; Double Than Apple’s Highest Bounty
August 11, 2016Mohit Kumar
Last week, Apple finally announced a bug bounty program for researchers and white hat hackers to find and get paid for reporting details of zero-day vulnerabilities in its software and devices. The company offers the biggest payout of $200,000, which is 10 times the maximum reward that Google offers and double the highest bounty paid by Microsoft. But now Apple is going to face competition from a blackhat company named, Exodus Intelligence. Exodus Intelligence is offering more than double Apple's maximum payout for zero-day vulnerabilities affecting the newest versions of iOS. The company is willing to pay more than $500,000 for zero-day vulnerabilities and exploits affecting iOS 9.3 and above. Although Exodus labeled itself as ' Research Sponsorship Program ,' the company actually makes money by buying and selling zero-day vulnerabilities and exploits. On Wednesday, Exodus launched its new bonus structure for the acquisition of details and exploits for zero-day vu

Researchers Demonstrate Zero-Day Vulnerabilities in Tails Operating System

Researchers Demonstrate Zero-Day Vulnerabilities in Tails Operating System
July 24, 2014Swati Khandelwal
The critical zero-day security flaws, discovered in the privacy and security dedicated Linux-based Tails operating system by the researcher at Exodus Intelligence that could help attackers or law enforcements to de-anonymize anyone's identity, actually lie in the I2P software that's bundled with the Operating System. Exodus Intelligence has released some details and a video evidence that demonstrate an exploit against the found vulnerability unmasking an anonymous user of the Tails operating system. The researchers at Exodus claims they can use the vulnerability to upload malicious code to a system running Tails, execute the payload remotely, and de-anonymize the targeted users' public IP address as well. Tails is a security-focused Debian-based Linux distribution and a suite of applications that can be carried on a USB stick, an SD card or a DVD. It keeps users' communications private by running all connectivity through Tor , the network that routes traffic through

Zero-Day TimThumb WebShot Vulnerability leaves Thousands of Wordpress Blogs at Risk

Zero-Day TimThumb WebShot Vulnerability leaves Thousands of Wordpress Blogs at Risk
June 26, 2014Mohit Kumar
Yesterday we learned of a critical Zero-day vulnerability in a popular image resizing library called TimThumb, which is used in thousands WordPress themes and plugins. WordPress is a free and open source blogging tool and a content management system (CMS) with more than 30,000 plugins, each of which offers custom functions and features enabling users to tailor their sites to their specific needs, therefore it is easy to setup and use, that's why tens of millions of websites across the world opt it. But if you or your company are the one using the popular image resizing library called " TimThumb " to resize large images into usable thumbnails that you can display on your site, then you make sure to update the file with the upcoming latest version and remember to check the TimThumb site regularly for the patched update. 0-Day REMOTE CODE EXECUTION & NO PATCH The critical vulnerability discovered by Pichaya Morimoto in the TimThumb Wordpress plugin version 2.8.13,

Growing market of zero-day vulnerability exploits pose real threat to Cyber Security

Growing market of zero-day vulnerability exploits pose real threat to Cyber Security
December 08, 2013Anonymous
NSS Labs issued the report titled " The Known Unknowns " to explain the dynamics behind the market of zero-day exploits. Last week I discussed about the necessity to define a model for " cyber conflict " to qualify the principal issues related to the use of cyber tools and cyber weapons in an Information Warfare context, today I decided to give more info to the readers on cyber arsenals of governments. Governments consider the use of cyber weapons as a coadiuvant to conventional weapons, these malicious application could be used for sabotage or for cyber espionage, they could be used to hit a specifically designed software (e.g. SCADA within a critical infrastructure ) or they could be used for large scale operations infecting thousand of machines exploiting zero-day in common application ( e.g. Java platform, Adobe software ). The zero-day flaw are the most important component for the design of an efficient cyber weapon, governments have recently created dedic

Google sets 7 Day deadline For vulnerability disclosure

Google sets 7 Day deadline For vulnerability disclosure
May 30, 2013Wang Wei
Google will release details of any zero-day flaws it finds in software, if the affected vendor fails to issue a patch or disclose the issue itself within a week. Now, Google is shortening that timeline a good bit to just 7 days. " Based on our experience...we believe that more urgent action within 7 days is appropriate for critical vulnerabilities under active exploitation ", wrote Google Security engineers Chris Evans and Drew Hintz in a blog post . " The reason for this special designation is that each day an actively exploited vulnerability remains undisclosed to the public and unpatched, more computers will be compromised. " Right now, companies use either responsible disclosure or full disclosure when dealing with vulnerabilities . Responsible disclosure allows a company as much time as they want to patch an exploit, and the details surrounding the bug aren't revealed to the public until a patch is issued. Full disclosure, on the other hand, means the company and th

Windows zero day vulnerability publicly exposed by Google engineer

Windows zero day vulnerability publicly exposed by Google engineer
May 23, 2013Mohit Kumar
A Google security engineer has not only discovered a Windows zero-day flaw, but has also stated that Microsoft has a knack of treating outside researchers with great hostility. Tavis Ormandy , a Google security engineer, exposed the flaw on Full Disclosure , that could be used to crash PCs or gain additional access rights. The issue is less critical than other flaws as it's not a remotely exploitable one. Ormandy said on Full Disclosure, " I don't have much free time to work on silly Microsoft code, so I'm looking for ideas on how to fix the final obstacle for exploitation. ". He's been working on it for months, and according to a later post, he has now a working exploit that " grants SYSTEM on all currently supported versions of Windows. "  " I have a working exploit that grants SYSTEM on all currently supported versions of Windows. Code is available on request to students from reputable schools ," Ormandy adds. Microsoft acknowledged

Microsoft will roll out fix for two critical flaws in Windows and Internet Explorer

Microsoft will roll out fix for two critical flaws in Windows and Internet Explorer
April 06, 2013Mohit Kumar
Microsoft has released an advance notification of 9 security bulletins that it plans to release on April 9, 2013. Microsoft said it will patch nine vulnerabilities in total and two of them rated critical and that of the remaining 7 as Important. The critical vulnerabilities are remote code execution issues. First vulnerability affects Microsoft Windows and Internet Explorer while the second vulnerability affects Microsoft Windows.  The vulnerability will fix a flaw that allows a drive-by attack, which hackers can exploit to attack machines running the software using malware loaded websites. Earlier this year, Microsoft released an emergency update for Internet Explorer after all the commotion about the security holes in Java. The update aimed to patch a security vulnerability in Internet Explorer that is being used for attacks on government contractors and other organisations. The remaining 7 vulnerabilities pertain to issues affecting Microsoft Office, Microsoft Server Software a

New Adobe Reader Zero-Day Vulnerability spotted in the wild

New Adobe Reader Zero-Day Vulnerability spotted in the wild
February 13, 2013Wang Wei
FireEye researchers recently came across a zero-day security flaw in Adobe Reader that's being actively exploited in the wild. The zero-day vulnerability is in Adobe PDF Reader 9.5.3, 10.1.5, 11.0.1 and earlier versions. According to researchers, once malware takes advantage of the flaw, its payload drops two dynamic-link libraries, or DLLs, which are application extensions used by executable files to perform a task. In this case, they allow the infected computer to communicate with a hacker-owned server. No additional details about the zero-day vulnerabilities have been publicly released, and but researchers with antivirus provider Kaspersky Lab have confirmed the exploit can successfully escape the Adobe sandbox. " We have already submitted the sample to the Adobe security team. Before we get confirmation from Adobe and a mitigation plan is available, we suggest that you not open any unknown PDF files ," said FireEye team. But until the vulnerability gets patched,

Chinese Hackers exploiting Internet Explorer Zero Day vulnerability for Cyber Espionage

Chinese Hackers exploiting Internet Explorer Zero Day vulnerability for Cyber Espionage
December 29, 2012Mohit Kumar
Web site for the Council on Foreign Relations was compromised and recently hit by a drive-by attack that was detected earlier this week. Hacker are suspected to be from China , who are exploiting a zero day  Internet Explorer vulnerability for Cyber Espionage attack against one of American most elite foreign policy web groups. According to Fireeye  researchers, a malicious content on the website was hosted by hackers, that is exploiting Internet Explorer version 8.0 (fully patched version) to hack windows systems of visitors. " We have chosen not to release the technical details of this exploit, as Microsoft is still investigating the vulnerability at this time. "  Once the system compromised, hackers look for valuable information from their computers, kinda Cyber Espionage. The FBI was notified of the attack and is said to be investigating. The CFR is one of the most elite foreign policy organizations in the United States with a membership of some 4,700 officials, former

Hunting vulnerabilities in SCADA systems, we are still too vulnerable to cyber attacks

Hunting vulnerabilities in SCADA systems, we are still too vulnerable to cyber attacks
December 17, 2012Anonymous
Stuxnet case is considered by security expert the first concrete act of cyber warfare, a malware specifically designed to hit SCADA systems inside nuclear plants in Iran. The event has alerted the international security community on the risks related to the effects of a cyber attack against supervisory control and data acquisition in industrial environment.  SCADA systems are adopted practically in every industrial control system (ICS) used for the control and monitor of industrial processes that are potential targets of a cyber attack such as a critical infrastructures or a utility facilities. Manufacturing, production, power generation, water treatment facilities, electrical power transmission and distribution and large communication systems are all considered critical asset for every countries and represent privileged targets for cyber attacks. Obtain access to SCADA systems is fundamental step for a attackers that desires to compromise the controlled processes and contrary to

Multiple MySQL database Zero-day vulnerabilities published

Multiple MySQL database Zero-day vulnerabilities published
December 03, 2012Mohit Kumar
Researcher discovered Multiple Zero-day vulnerabilities in MySQL database software including Stack based buffer overrun, Heap Based Overrun, Privilege Elevation, Denial of Service and  Remote Preauth User Enumeration. Common Vulnerabilities and Exposures (CVE) assigned as : CVE-2012-5611 — MySQL (Linux) Stack based buffer overrun PoC Zeroday CVE-2012-5612 — MySQL (Linux) Heap Based Overrun PoC Zeroday CVE-2012-5613 — MySQL (Linux) Database Privilege Elevation Zeroday Exploit CVE-2012-5614 — MySQL Denial of Service Zeroday PoC CVE-2012-5615 — MySQL Remote Preauth User Enumeration Zeroday Currently, all reported bugs are under review and most of the researchers believed that some of these can be duplicate of an existing bugs. CVE-2012-5612 and CVE-2012-5614 could cause the SQL instance to crash, according to researchers. Where as another interesting bug CVE-2012-5615 allow attacker to find out that either any username exist on the Mysql server or not by repl

Remote 0day Exploit for Tectia SSH Server released

Remote 0day Exploit for Tectia SSH Server released
December 02, 2012Mohit Kumar
Hacker @kingcope discovered critical vulnerability in Tectia SSH Server. Exploit working on SSH-2.0-6.1.9.95 SSH Tectia Server (Latest available version from www.tectia.com) that allow attacker to bypass Authentication remotely. Description :  An attacker in the possession of a valid username of an SSH Tectia installation running on UNIX (verified on AIX/Linux) can login without a password. The bug is in the "SSH USERAUTH CHANGE REQUEST" routines which are there to allow a user to change their password. A bug in the code allows an attacker to login without a password by forcing a password change request prior to authentication. Download Exploit Code : Click Here A default installation on Linux (version 6.1.9.95 of Tectia) is vulnerable to the attack. Eric Romang posted a Demo video on Youtube, hope you will like it :) Command Source : https://goo.gl/BHqWd
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.