#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

Hacking Windows | Breaking Cybersecurity News | The Hacker News

Researchers Leak PoC Exploit for a Critical Windows RCE Vulnerability

Researchers Leak PoC Exploit for a Critical Windows RCE Vulnerability

Jun 30, 2021
A proof-of-concept (PoC) exploit related to a remote code execution vulnerability affecting Windows Print Spooler and patched by Microsoft earlier this month was briefly published online before being taken down. Identified as  CVE-2021-1675 , the security issue could grant remote attackers full control of vulnerable systems.  Print Spooler  manages the printing process in Windows, including loading the appropriate printer drivers and scheduling the print job for printing, among others. Print Spooler flaws are concerning, not least because of the wide attack surface, but also owing to the fact that it runs at the highest privilege level and is capable of dynamically loading third-party binaries. The Windows maker addressed the vulnerability as part of its Patch Tuesday update on June 8, 2021. But almost two weeks later, Microsoft revised the flaw's impact from an elevation of privilege to remote code execution (RCE) as well as upgraded the severity level from Important to Crit
Warning: Critical WinRAR Flaw Affects All Versions Released In Last 19 Years

Warning: Critical WinRAR Flaw Affects All Versions Released In Last 19 Years

Feb 21, 2019
Beware Windows users... a new dangerous remote code execution vulnerability has been discovered in the WinRAR software, affecting hundreds of millions of users worldwide. Cybersecurity researchers at Check Point have disclosed technical details of a critical vulnerability in WinRAR—a popular Windows file compression application with 500 million users worldwide—that affects all versions of the software released in last 19 years. The flaw resides in the way an old third-party library, called UNACEV2.DLL, used by the software handled the extraction of files compressed in ACE data compression archive file format. However, since WinRAR detects the format by the content of the file and not by the extension, attackers can merely change the .ace extension to .rar extension to make it look normal. According to researchers, they found an "Absolute Path Traversal" bug in the library that could be leveraged to execute arbitrary code on a targeted system attempting to uncompre
How to Find and Fix Risky Sharing in Google Drive

How to Find and Fix Risky Sharing in Google Drive

Mar 06, 2024Data Security / Cloud Security
Every Google Workspace administrator knows how quickly Google Drive becomes a messy sprawl of loosely shared confidential information. This isn't anyone's fault; it's inevitable as your productivity suite is purposefully designed to enable real-time collaboration – both internally and externally.  For Security & Risk Management teams, the untenable risk of any Google Drive footprint lies in the toxic combinations of sensitive data, excessive permissions, and improper sharing. However, it can be challenging to differentiate between typical business practices and potential risks without fully understanding the context and intent.  Material Security, a company renowned for its innovative method of protecting sensitive data within employee mailboxes, has recently launched  Data Protection for Google Drive  to safeguard the sprawl of confidential information scattered throughout Google Drive with a powerful discovery and remediation toolkit. How Material Security helps organ
Researcher Discloses New Zero-Day Affecting All Versions of Windows

Researcher Discloses New Zero-Day Affecting All Versions of Windows

Sep 21, 2018
A security researcher has publicly disclosed an unpatched zero-day vulnerability in all supported versions of Microsoft Windows operating system (including server editions) after the company failed to patch a responsibly disclosed bug within the 120-days deadline. Discovered by Lucas Leong of the Trend Micro Security Research team, the zero-day vulnerability resides in Microsoft Jet Database Engine that could allow an attacker to remotely execute malicious code on any vulnerable Windows computer. The Microsoft JET Database Engine, or simply JET (Joint Engine Technology), is a database engine integrated within several Microsoft products, including Microsoft Access and Visual Basic. According to the an  advisory  released by Zero Day Initiative (ZDI), the vulnerability is due to a problem with the management of indexes in the Jet database engine that, if exploited successfully, can cause an out-out-bounds memory write, leading to remote code execution. An attacker must convi
cyber security

Uncover Critical Gaps in 7 Core Areas of Your Cybersecurity Program

websiteArmor PointCyber Security / Assessment
Turn potential vulnerabilities into strengths. Start evaluating your defenses today. Download the Checklist.
Warning: Your Windows PC Can Get Hacked by Just Visiting a Site

Warning: Your Windows PC Can Get Hacked by Just Visiting a Site

Apr 10, 2018
Can you get hacked just by clicking on a malicious link or opening a website? — YES . Microsoft has just released its April month's Patch Tuesday security updates, which addresses multiple critical vulnerabilities in its Windows operating systems and other products, five of which could allow an attacker to hack your computer by just tricking you visit a website. Microsoft has patched five critical vulnerabilities in Windows Graphics Component that reside due to improper handling of embedded fonts by the Windows font library and affects all versions of Windows operating systems to date, including Windows 10 / 8.1 / RT 8.1 / 7, Windows Server 2008 / 2012 / 2016. An attacker can exploit these issues by tricking an unsuspecting user to open a malicious file or a specially crafted website with the malicious font, which if open in a web browser, would hand over control of the affected system to the attacker. All these five vulnerabilities in Windows Microsoft Graphics were dis
Microsoft's Meltdown Patch Made Windows 7 PCs More Insecure

Microsoft's Meltdown Patch Made Windows 7 PCs More Insecure

Mar 29, 2018
Meltdown CPU vulnerability was bad, and Microsoft somehow made the flaw even worse on its Windows 7, allowing any unprivileged, user-level application to read content from and even write data to the operating system's kernel memory. For those unaware, Spectre and Meltdown were security flaws disclosed by researchers earlier this year in processors from Intel, ARM, and AMD, leaving nearly every PC, server, and mobile phone on the planet vulnerable to data theft. Shortly after the researchers disclosed the Spectre and Meltdown exploits , software vendors, including Microsoft, started releasing patches for their systems running a vulnerable version of processors. However, an independent Swedish security researcher Ulf Frisk found that Microsoft's security fixes to Windows 7 PCs for the Meltdown flaw—which could allow attackers to read kernel memory at a speed of 120 KBps—is now allowing attackers to read the same kernel memory at a speed of Gbps, making the issue even wo
AngelFire: CIA Malware Infects System Boot Sector to Hack Windows PCs

AngelFire: CIA Malware Infects System Boot Sector to Hack Windows PCs

Aug 31, 2017
A team of hackers at the CIA, the Central Intelligence Agency, allegedly used a Windows hacking tool against its targets to gain persistent remote access. As part of its Vault 7 leaks , WikiLeaks today revealed details about a new implant developed by the CIA, dubbed AngelFire , to target computers running Windows operating system. AngelFire framework implants a persistent backdoor on the target Windows computers by modifying their partition boot sector. AngelFire framework consists five following components: 1. Solartime — it modifies the partition boot sector to load and execute the Wolfcreek (kernel code) every time the system boots up. 2. Wolfcreek — a self-loading driver (kernel code that Solartime executes) that loads other drivers and user-mode applications 3. Keystone — a component that utilizes DLL injection technique to execute the malicious user applications directly into system memory without dropping them into the file system. 4. BadMFS — a covert file
New GhostHook Attack Bypasses Windows 10 PatchGuard Protections

New GhostHook Attack Bypasses Windows 10 PatchGuard Protections

Jun 23, 2017
Vulnerabilities discovered in Microsoft PatchGuard kernel protection could allow hackers to plant rootkits on computers running the company's latest and secure operating system, Windows 10. Researchers at CyberArk Labs have developed a new attack technique which could allow hackers to completely bypass PatchGuard, and hook a malicious kernel code (rootkits) at the kernel level. PatchGuard, or (or Kernel Patch Protection) is a software tool that has been designed to forbid the kernel of 64-bit versions of Windows OS from being patched, preventing hackers from running rootkits or executing malicious code at the kernel level. Dubbed GhostHook , the attack is what the CyberArk Labs researchers call the first attack technique that thwarts the defensive technology to bypass PatchGuard, though it requires a hacker to already be present on a compromised system and running code in the kernel. So, basically, this is a post-exploitation attack. "[GhostHook] is neither an
Brutal Kangaroo: CIA-developed Malware for Hacking Air-Gapped Networks Covertly

Brutal Kangaroo: CIA-developed Malware for Hacking Air-Gapped Networks Covertly

Jun 22, 2017
WikiLeaks has published a new batch of the ongoing Vault 7 leak , this time detailing a tool suite – which is being used by the CIA for Microsoft Windows that targets "closed networks by air gap jumping using thumb drives," mainly implemented in enterprises and critical infrastructures. Air-gapped computers that are isolated from the Internet or other external networks are believed to be the most secure computers on the planet have become a regular target in recent years. Dubbed Brutal Kangaroo (v1.2.1), the tool suit was allegedly designed by the Central Intelligence Agency (CIA) in year 2012 to infiltrate a closed network or air-gapped computer within an organization or enterprise without requiring any direct access. The previous version of Brutal Kangaroo was named as EZCheese , which was exploiting a vulnerability that was zero-day until March 2015, though the newer version was using " unknown link file vulnerability (Lachesis/RiverJack) related to the lib
This CIA Tool Hacks Windows Computers Silently Over the Network

This CIA Tool Hacks Windows Computers Silently Over the Network

Jun 02, 2017
WikiLeaks has published a new batch of the ongoing Vault 7 leak , this time detailing an alleged CIA project that allowed the agency to turn Windows file servers into covert attack machines that can silently infect other computers of interest inside a targeted network. Codenamed Pandemic , the tool is a persistent implant for Microsoft Windows machines that share files with remote users on a local network. The documents leaked by the whistleblower organisation date from April 2014 to January 2015. According to WikiLeaks, Pandemic infect networks of Windows computers through the Server Message Block (SMB) file sharing protocol by replacing application code on-the-fly with a trojanized version of the software. "Pandemic is a tool which is run as kernel shellcode to install a file system filter driver," a leaked CIA manual reads. "The filter will 'replace' a target file with the given payload file when a remote user accesses the file via SMB (read-only, not w
Beware! Hackers Can Steal Your Windows Password Remotely Using Chrome

Beware! Hackers Can Steal Your Windows Password Remotely Using Chrome

May 17, 2017
A security researcher has discovered a serious vulnerability in the default configuration of the latest version of Google's Chrome running on any version of Microsoft's Windows operating system, including Windows 10, that could allow remote hackers to steal user's login credentials. Researcher Bosko Stankovic of DefenseCode has found that just by visiting a website containing a malicious SCF file could allow victims to unknowingly share their computer's login credentials with hackers via Chrome and the SMB protocol. This technique is not new and was exploited by the Stuxnet — a powerful malware that specially designed to destroy Iran's nuclear program — that used the Windows shortcut LNK files to compromise systems. What's make this attack different from others is the fact that such SMB authentication related attacks have been first time demonstrated on Google Chrome publicly, after Internet Explorer (IE) and Edge. Chrome + SCF + SMB = Stealing Windows
Weeks Before WannaCry, Cryptocurrency Mining Botnet Was Using Windows SMB Exploit

Weeks Before WannaCry, Cryptocurrency Mining Botnet Was Using Windows SMB Exploit

May 16, 2017
A security researcher has just discovered a stealthy cryptocurrency-mining malware that was also using Windows SMB vulnerability at least two weeks before the outbreak of WannaCry ransomware attacks. According to Kafeine, a security researcher at Proofpoint , another group of cyber criminals was using the same EternalBlue exploit , created by the NSA and dumped last month by the Shadow Brokers, to infect hundreds of thousands of computers worldwide with a cryptocurrency mining malware called ' Adylkuzz .' This malicious campaign went unnoticed for weeks because unlike WannaCry , this malware does not install ransomware or notify victims, but instead, it quietly infects unpatched computers with malware that only mine ' Monero ,' a Bitcoin-like cryptocurrency. This Malware Saves Computers From Getting Hacked By WannaCry The Researcher believes Adylkuzz malware attack could be larger in scale than WannaCry ransomware attack because it has been designed to blo
Microsoft Issues Emergency Patch For Critical RCE in Windows Malware Scanner

Microsoft Issues Emergency Patch For Critical RCE in Windows Malware Scanner

May 09, 2017
Microsoft's own antivirus software made Windows 7, 8.1, RT and 10 computers, as well as Windows Server 2016 more vulnerable. Microsoft has just released an out-of-band security update to patch the crazy bad bug discovered by a pair of Google Project Zero researchers over the weekend. Security researchers Tavis Ormandy announced on Twitter during the weekend that he and another Project Zero researcher Natalie Silvanovich discovered "the worst Windows remote code [execution vulnerability] in recent memory." Natalie Silvanovich also published a  proof-of-concept (PoC) exploit code that fits in a single tweet. The reported RCE vulnerability , according to the duo, could work against default installations with "wormable" ability – capability to replicate itself on an infected computer and then spread to other PCs automatically. According to an advisory released by Microsoft, the remotely exploitable security flaw (CVE-2017-0290) exists in Microsoft
Google 0-Day Hunters Find 'Crazy Bad' Windows RCE Flaw

Google 0-Day Hunters Find 'Crazy Bad' Windows RCE Flaw

May 08, 2017
Update (Monday, May 08, 2017):  Microsoft has released an emergency security update to patch below-reported crazy bad remote code execution vulnerability in its Microsoft Malware Protection Engine (MMPE) that affects Windows 7, 8.1, RT and 10 computers, as well as Windows Server 2016 operating systems. Google Project Zero's security researchers have discovered another critical remote code execution (RCE) vulnerability in Microsoft's Windows operating system, claiming that it is something truly bad. Tavis Ormandy announced during the weekend that he and another Project Zero researcher Natalie Silvanovich discovered "the worst Windows remote code [execution vulnerability] in recent memory. This is crazy bad. Report on the way." Ormandy did not provide any further details of the Windows RCE bug, as Google gives a 90-day security disclosure deadline to all software vendors to patch their products and disclose it to the public. This means the details of the new RC
Microsoft Finally Releases Security Patches For Publicly-Disclosed Critical Flaws

Microsoft Finally Releases Security Patches For Publicly-Disclosed Critical Flaws

Mar 15, 2017
After last month's postponement, Microsoft's Patch Tuesday is back with a massive release of fixes that includes patches for security vulnerabilities in Windows and associated software disclosed and exploited since January's patch release. Meanwhile, Adobe has also pushed out security updates for its products, releasing patches for at least seven security vulnerabilities in its Flash Player software. Microsoft patched a total of 140 separate security vulnerabilities across 18 security bulletins, nine of them critical as they allow remote code execution on the affected computer. Microsoft Finally Patches Publicly Disclosed Windows Flaws Among the "critical" security updates include a flaw in the SMB (server message block) network file sharing protocol, which had publicly disclosed exploit code since last month. The original patch released last year for this flaw was incomplete. The flaw is a memory corruption issue that could allow remote code execu
This $5 Device Can Hack your Password-Protected Computers in Just One Minute

This $5 Device Can Hack your Password-Protected Computers in Just One Minute

Nov 16, 2016
You need to be more careful next time while leaving your computer unattended at your office, as it cost hackers just $5 and only 30 seconds to hack into any computer. Well-known hardware hacker Samy Kamkar has once again devised a cheap exploit tool, this time that takes just 30 seconds to install a privacy-invading backdoor into your computer, even if it is locked with a strong password. Dubbed PoisonTap , the new exploit tool runs freely available software on a tiny $5/£4 Raspberry Pi Zero microcomputer, which is attached to a USB adapter. The attack works even if the targeted computer is password-protected if a browser is left open in the computer's background. All an attacker need is to plug the nasty device in the target computer and wait. Here's How PoisonTap works: Once plugged into a Windows or Mac computer via USB port, the tiny device starts impersonating a new ethernet connection. Even if the victim's device is connected to a WiFi network, Poi
This Code Injection Technique can Potentially Attack All Versions of Windows

This Code Injection Technique can Potentially Attack All Versions of Windows

Oct 28, 2016
Guess what? If you own a Windows PC, which is fully-patched, attackers can still hack your computer. Isn't that scary? Well, definitely for most of you. Security researchers have discovered a new technique that could allow attackers to inject malicious code on every version of Microsoft's Windows operating system, even Windows 10, in a manner that no existing anti-malware tools can detect, threaten millions of PCs worldwide. Dubbed " AtomBombing ," the technique does not exploit any vulnerability but abuses a designing weakness in Windows. New Code Injection Attack helps Malware Bypass Security Measures AtomBombing attack abuses the system-level Atom Tables, a feature of Windows that allows applications to store information on strings, objects, and other types of data to access on a regular basis. And since Atom are shared tables, all sorts of applications can access or modify data inside those tables. You can read a more detailed explanation of Atom T
Cybersecurity Resources