#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

privilege escalation | Breaking Cybersecurity News | The Hacker News

Warning! Over 900 Million Android Phones Vulnerable to New 'QuadRooter' Attack

Warning! Over 900 Million Android Phones Vulnerable to New 'QuadRooter' Attack

Aug 08, 2016
Android has Fallen! Yet another set of Android security vulnerabilities has been discovered in Qualcomm chipsets that affect more than 900 Million Android smartphones and tablets worldwide. What's even worse: Most of those affected Android devices will probably never be patched. Dubbed " Quadrooter ," the set of four vulnerabilities discovered in devices running Android Marshmallow and earlier that ship with Qualcomm chip could allow an attacker to gain root-level access to any Qualcomm device. The chip, according to the latest statistics, is found in more than 900 Million Android tablets and smartphones. That's a very big number. The vulnerabilities have been disclosed by a team of Check Point researchers at the DEF CON 24 security conference in Las Vegas. Critical Quadrooter Vulnerabilities: The four security vulnerabilities are: CVE-2016-2503 discovered in Qualcomm's GPU driver and fixed in Google's Android Security Bulletin for July
Hackers Selling Unpatched Microsoft Windows Zero-Day Exploit for $90,000

Hackers Selling Unpatched Microsoft Windows Zero-Day Exploit for $90,000

Jun 03, 2016
How much a Windows zero-day exploit that affects all versions of Windows operating system costs on the black market? It's $95,000, at least, for the one recently spotted by security researchers. Researchers from Trustwave's SpiderLabs team have uncovered a zero-day exploit on Russian underground malware forum exploit.in, affecting all versions of Microsoft Windows OS from Windows 2000 all the way up to a fully patched version of Windows 10. The zero-day exploit for the previously unknown vulnerability in " every version " of Windows is openly sold for $90,000 ( over £62,000 ). The security team originally discovered the zero-day exploit last month when the firm saw its ad on a Russian hacking forum for $95,000. However, the price has now been dropped to $90,000. The zero-day vulnerability in question claims to be a Local Privilege Escalation (LPE) bug in Windows that offers admin access to run malicious code on a victim's PC and is less dangerous th
Making Sense of Operational Technology Attacks: The Past, Present, and Future

Making Sense of Operational Technology Attacks: The Past, Present, and Future

Mar 21, 2024Operational Technology / SCADA Security
When you read reports about cyber-attacks affecting operational technology (OT), it's easy to get caught up in the hype and assume every single one is sophisticated. But are OT environments all over the world really besieged by a constant barrage of complex cyber-attacks? Answering that would require breaking down the different types of OT cyber-attacks and then looking back on all the historical attacks to see how those types compare.  The Types of OT Cyber-Attacks Over the past few decades, there has been a growing awareness of the need for improved cybersecurity practices in IT's lesser-known counterpart, OT. In fact, the lines of what constitutes a cyber-attack on OT have never been well defined, and if anything, they have further blurred over time. Therefore, we'd like to begin this post with a discussion around the ways in which cyber-attacks can either target or just simply impact OT, and why it might be important for us to make the distinction going forward. Figure 1 The Pu
Microsoft Releases 12 Security Updates (5 Critical and 7 Important Patches)

Microsoft Releases 12 Security Updates (5 Critical and 7 Important Patches)

Sep 09, 2015
With the release of 12 Security Bulletins , Microsoft addresses a total of 56 vulnerabilities in its different products. The bulletins include five critical updates, out of which two address vulnerabilities in all versions of Windows. The September Patch Tuesday update (released on second Tuesday of each month) makes a total of 105 Security Bulletins being released this year; which is more than the previous year with still three months remaining for the current year to end. The reason for the increase in the total number of security bulletins within such less time might be because of Windows 10 release and its installation reaching to a score of 100 million. Starting from MS15-094 to   MS15-105 ( 12 security bulletins ) Microsoft rates the severity of the vulnerabilities and their impact on the affected software. Bulletins MS15-094 and MS15-095 are the cumulative updates, meaning these are product-specific fixes for security related vulnerabilities that are rated
cyber security

Automated remediation solutions are crucial for security

websiteWing SecurityShadow IT / SaaS Security
Especially when it comes to securing employees' SaaS usage, don't settle for a longer to-do list. Auto-remediation is key to achieving SaaS security.
Apple Mac OS X Vulnerability Allows Attackers to Hack your Computer

Apple Mac OS X Vulnerability Allows Attackers to Hack your Computer

Jul 23, 2015
A security researcher has discovered a critical vulnerability in the latest version of Apple's OS X Yosemite  that could allow anyone to obtain unrestricted root user privileges with the help of code that fits in a tweet. The privilege-escalation vulnerability initially reported on Tuesday by German researcher Stefan Esser , could be exploited by to circumvent security protections and gain full control of Mac computers. The most worrying part is that this critical vulnerability is yet to be fixed by Apple in the latest release of its operating system. This could make it easier for hackers to surreptitiously infect Macs with rootkits and other types of persistent malware. Thanks to an environment variable DYLD_PRINT_TO_FILE Apple added to the code of OS X 10.10 Yosemite. Apple Mac OS X Vulnerability Gives Full Control of your Mac This environment variable specifies where in the file system an operating system component called the OS X dynamic linker dyld
Bypassing Windows Security by modifying 1 Bit Only

Bypassing Windows Security by modifying 1 Bit Only

Feb 13, 2015
Among several vulnerabilities, Microsoft on Tuesday patched a critical vulnerability that could be exploited by hackers to bypass security measures on all versions of Windows operating systems from XP to Windows 10, just by modifying a single bit. The local privilege escalation vulnerability ( CVE-2015-0057 ) could give attackers total control of the victims' machines, explains Udi Yavo, the chief technology officer at the security firm enSilo. " A threat actor that gains access to a Windows machine can exploit this vulnerability to bypass all Windows security measures, defeating mitigation measures such as sandboxing, kernel segregation and memory randomization ," said Yavo. INTERESTING PART OF THE FLAW Yavo continued, " Interestingly, the exploit requires modifying only a single bit of the Windows operating system. " The flaw existed in the graphical user interface (GUI) component of the Win32k.sys module within the Windows Kernel which, amon
Google Discloses Another Unpatched Windows 8.1 Vulnerability

Google Discloses Another Unpatched Windows 8.1 Vulnerability

Jan 14, 2015
Google has once again released the details of a new privilege escalation bug in Microsoft's Windows 8.1 operating system before Microsoft planned to patch the bug, triggering a new quarrel between the two tech giants. This is second time in less than a month when the Google's security research team known as Project Zero released details of the vulnerability in Microsoft's operating system, following its 90-day public disclosure deadline policy. Google Project Zero team routinely finds vulnerabilities in different products from different companies. The vulnerabilities then get reported to the affected software vendors and if they do not patch the flaws in 90 days, Google automatically makes the vulnerability along with its details public. DISCLOSURE OF TWO SECURITY HOLES IN LESS THAN A MONTH Two weeks back, Google Project Zero team disclosed details of an elevation of privilege (EoP) vulnerability  affecting Windows 8.1 that may have allowed hackers to modify cont
Google Researcher Reveals Zero-Day Windows 8.1 Vulnerability

Google Researcher Reveals Zero-Day Windows 8.1 Vulnerability

Jan 02, 2015
A Google security researcher, ' James Forshaw ' has discovered a privilege escalation vulnerability in Windows 8.1 that could allow a hacker to modify contents or even to take over victims' computers completely, leaving millions of users vulnerable. The researcher also provided a Proof of Concept (PoC) program for the vulnerability. Forshaw says that he has tested the PoC only on an updated Windows 8.1 and that it is unclear whether earlier versions, specifically Windows 7, are vulnerable. Forshaw unearthed the bug in September 2014 and thereby notified on the Google Security Research mailing list about the bug on 30th September. Now, after 90 days disclosure deadline the vulnerability and Proof of Concept program was made public on Wednesday. The vulnerability resides in the function AhcVerifyAdminContext , an internal function and not a public API which actually checks whether the user is an administrator. "This function has a vulnerability where i
Billions of Android Devices Vulnerable to Privilege Escalation Except Android 5.0 Lollipop

Billions of Android Devices Vulnerable to Privilege Escalation Except Android 5.0 Lollipop

Nov 20, 2014
A security weakness in Android mobile operating system versions below 5.0 that puts potentially every Android device at risk for privilege escalation attacks, has been patched in  Android 5.0 Lollipop  – the latest version of the mobile operating system. The security vulnerability ( CVE-2014-7911 ), discovered by a security researcher named Jann Horn , could allow any potential attacker to bypass the Address Space Layout Randomization (ASLR) defense and execute arbitrary code of their choice on a target device under certain circumstances. ASLR is a technique involved in protection from buffer overflow attacks. The flaw resides in java.io.ObjectInputStream , which fails to check whether an Object that is being deserialized is actually a serializable object. The vulnerability was reported by the researcher to Google security team earlier this year. According to the security researcher, android apps can communicate with system_service, which runs under admin privileges
Rootpipe — Critical Mac OS X Yosemite Vulnerability Allows Root Access Without Password

Rootpipe — Critical Mac OS X Yosemite Vulnerability Allows Root Access Without Password

Nov 04, 2014
A Swedish Security researcher has discovered a critical vulnerability in Apple's OS X Yosemite that gives hackers the ability to escalate administrative privileges on a compromised machine, and allows them to gain the highest level of access on a machine, known as root access. The vulnerability, dubbed as " Rootpipe ", was uncovered by Swedish white-hat hacker Emil Kvarnhammar , who is holding on the full details about the privilege escalation bug until January 2015, as Apple needs some time to prepare a security patch. " Details on the #rootpipe exploit will be presented, but not now. Let's just give Apple some time to roll out a patch to affected users, " Emil Kvarnhammar, IT specialist and hacker security company Truesec, tweeted from his twitter account. By exploiting the vulnerability in the Mac OS X Yosemite , an attacker could bypass the usual safeguard mechanisms which are supposed to stop anyone who tries to root the operating system through a tempora
Linux Kernel Vulnerable to Privilege Escalation and DoS Attack

Linux Kernel Vulnerable to Privilege Escalation and DoS Attack

Jun 07, 2014
Multiple flaws have been identified in Linux Kernel and related software could allow hackers to hack your Linux machines, shared hosting and websites hosted on them. PRIVILEGE ESCALATION VULNERABILITY IN LINUX KERNEL A privilege escalation vulnerability has been identified in the widely used Linux kernel that could allow an attackers to take the control of users' system. On Thursday, the most popular distributor of open source Linux OS, Debian warned about this vulnerability (CVE-2014-3153) in a security update, along with some other vulnerabilities in the Linux kernel that may lead to a denial of service attack. The most critical one is the flaw (CVE-2014-3153) discovered by Pinkie Pie which resides in the futex subsystem call of Linux Kernel 2.6.32.62/3.2.59/3.4.91/3.10.41/3.12.21/3.14.5 versions , leaving a queued kernel waiter on the stack, which can be exploited to potentially execute arbitrary code with kernel mode privileges. " Pinkie Pie discovered an
Vulnerabilities in 'All in One SEO Pack' Wordpress Plugin Put Millions of Sites At Risk

Vulnerabilities in 'All in One SEO Pack' Wordpress Plugin Put Millions of Sites At Risk

May 31, 2014
Multiple Serious vulnerabilities have been discovered in the most famous ' All In One SEO Pack ' plugin for WordPress, that put millions of Wordpress websites at risk. WordPress is easy to setup and use, that's why large number of people like it. But if you or your company is using ' All in One SEO Pack ' Wordpress plugin to optimize the website ranking in search engines, then you should update your SEO plugin immediately to the latest version of All in One SEO Pack 2.1.6 . Today, All in One SEO Pack plugin team has released an emergency security update that patches two critical privilege escalation vulnerabilities and one cross site scripting (XSS) flaw, discovered by security researchers at Sucuri, a web monitoring and malware clean up service. More than 73 million websites on the Internet run their websites on the WordPress publishing platform and more than 15 million websites are currently using All in One SEO Pack plugin for search engine optimization. Acco
Magento vulnerability allows an attacker to create administrative user

Magento vulnerability allows an attacker to create administrative user

Feb 13, 2014
It seems you cannot go a day without hearing about someone or some group hacking a website or stealing credit card and other sensitive data from e-commerce sites. The Market of E-commerce is at its boom, and that provides even more opportunities to hackers. There are many readymade e-commerce platforms available on the Internet, that are easy to install and easy to manage at no extra cost and 'Magento' is one of the most popular out of them. Recently security researchers at Securatary  have reported a critical cross-store vulnerability in the Magento platform that lets attackers to escalation privilege by creating an administrative user on any ' Gostorego' online store. The authentication bypass vulnerability left 200,000 merchants data vulnerable to hackers before it was patched. To exploit the flaw, an attacker only needed to modify the HOST header to the URI of the target account in the GET request. They dubbed it as " Stealth mode ",
23-year-old Stack overflow vulnerability discovered in X11 Server

23-year-old Stack overflow vulnerability discovered in X11 Server

Jan 09, 2014
X.Org Foundation develops the X-Window System, the standard window system for open source operating systems and devices. Most of the graphical user interfaces for Unix and Linux systems rely on it. At the 30th Chaos Communication Congress (CCC) in Germany, Ilja van Sprundel , a security researcher gave the presentation titled  " X11 Server security with being 'worse than it looks.'". He found more than 120 bugs in a few months. In the presentation, he has presented a 23 year old Stack overflow vulnerability in X11 System that could lead to privilege escalation to root and affects all versions of the X Server back to X11R5. Later today, X.Org Foundation released a security Advisory , states " A BDF font file containing a longer than expected string could overflow the buffer on the stack. Testing in X servers built with Stack Protector resulted in an immediate crash when reading a user-provided specially crafted font. " The flaw resides in a file at " libXfo
Microsoft released Security Patch for CVE-2013-5065 TIFF Zero-Day vulnerability

Microsoft released Security Patch for CVE-2013-5065 TIFF Zero-Day vulnerability

Dec 10, 2013
Microsoft has  released  11 Security Patch this Tuesday, including one for CVE-2013-5065  zero-day vulnerability, recently discovered Local privilege escalation vulnerability that could allow a hacker to launch an attack using corrupted TIFF images to take over victims' computers. FireEye researchers said they found the exploit in the wild being used alongside a PDF-based exploit against a patched Adobe Reader vulnerability. December's Patch Tuesday update bundle brings five bulletins ranked critical, including a patch for a vulnerability that could allow remote code execution in Internet Explorer and another remote code execution vulnerability in Office and Microsoft Server is also addressed. Other patches addressing remote code execution vulnerabilities in Lync, all versions of Office and Microsoft Exchange. All supported versions of Windows, from XP to RT and 8.1, are affected by at least one of the critical vulnerabilities. The Six Security bulletins rated important de
CVE-2013-5065: Microsoft Windows XP and Server 2003 Privilege escalation Zero-Day exploit discovered

CVE-2013-5065: Microsoft Windows XP and Server 2003 Privilege escalation Zero-Day exploit discovered

Nov 29, 2013
Researchers at FireEye have discovered a new privilege escalation vulnerability  in Windows XP and Windows Server 2003. CVE-2013-5065, Local privilege escalation vulnerability is used in-the-wild in conjunction with an Adobe Reader exploit ( CVE-2013-3346 ) that appears to target a patched vulnerability. Microsoft has issued an advisory and warned that discovered bug in Windows XP's  NDPROXY.SYS driver could allow hackers to run code in the system's kernel from a standard user account. The exploit could allow a standard user account to execute code in the kernel, which may allow an attacker to gain privileges that would enable him to do various activities, including deleting or viewing data, installing programs, or creating accounts with administrative privileges. "Our investigation of this vulnerability has verified that it does not affect customers who are using operating systems newer than Windows XP and Windows Server 2003 ," Microsoft advised. Last April
Internet Explorer vulnerability exposed by Google Researcher used in targeted attacks

Internet Explorer vulnerability exposed by Google Researcher used in targeted attacks

Jul 11, 2013
Google and Microsoft are at each other's throats again. In a recent statement, Microsoft says hackers have been actively exploiting a vulnerability that was publicly disclosed by a Google researcher,  Tavis Ormandy . Microsoft addressed the vulnerability in its monthly " Patch Tuesday " package of fixes for July. Tavis Ormandy revealed the vulnerability in Windows 7 and 8 allows local users to obtain escalated privileges , making it easier for a hacker to compromise a system. Ormandy has been criticized by Microsoft and some in the security community who subscribe to the practice that a vulnerability shouldn't be made public until a software maker has an opportunity to fix it. Ormandy said that Microsoft " treat vulnerability researchers with great hostility " and are " often very difficult to work with ". He also advised researchers to use pseudonyms when dealing with the software giants. In 2012, Tavis accused Sophos of " poor development practices
BlackBerry Z10 Privilege Escalation Vulnerability

BlackBerry Z10 Privilege Escalation Vulnerability

Jun 18, 2013
BlackBerry Z10 users should be aware that there is a privilege escalation vulnerability. The vulnerability potentially allows a hacker to modify or edit data on a stolen BlackBerry Z10 smartphone with BlackBerry Protect enabled, identified as BSRT-2013-006 (CVE-2013-3692) According to the advisory , an escalation of privilege vulnerability exists in the software 'BlackBerry® Protect™' of  Z10 phones, supposed to help users delete sensitive files on a lost or stolen smartphone , or recover it again if it is lost. " Taking advantage of the weak permissions could allow the malicious app to gain the device password if a remote password reset command had been issued through the BlackBerry Protect website, intercept and prevent the smartphone from acting on BlackBerry Protect commands, such as a remote smartphone wipe. " The company says that version 10.0.9.2743 is not affected and that they have found no evidence of attackers exploiting this vulnerability in
Android malware loaded with Linux kernel privilege escalation exploit

Android malware loaded with Linux kernel privilege escalation exploit

Jun 12, 2013
Malware authors are notorious for quickly leveraging new exploits in the public domain for nefarious purposes. A recently discovered Linux kernel Local privilege escalation exploit , which allows attackers to gain complete control of infected devices, has been ported to the Android smartphone platform. The Linux kernel 2.6.x, including Red Hat Enterprise Linux 6, Ubuntu 12.04 LTS, Debian 6 and Suse Enterprise Linux 11 are vulnerable to privilege escalation flaw with CVE-2013-2094 .  CVE-2013-2094 states, " The perf_swevent_init function in kernel/events/core.c in the Linux kernel before 3.8.9 uses an incorrect integer data type, which allows local users to gain privileges via a crafted perf_event_open system call. " Exploit for Linux machines is publically available here . Privilege escalation exploits are particularly dangerous as they can allow cybercriminals to gain complete control over the compromised device.  The exploit can be used to to access d
Android 4.2 Jelly Bean Security Improvements overview

Android 4.2 Jelly Bean Security Improvements overview

Nov 02, 2012
Google is bringing a host of new features to its Android 4.2 Jelly Bean operating system designed to increase productivity, creativity and peace of mind and some very promising security improvements including: client side malware protection, Security Enhanced Linux, and always-on VPN . Most important Security Improvements in Android 4.2 is that it now includes a service based on Bouncer that works with all apps, not just those on Google Play. For example, it can check the apps you download on the Amazon App Store, or from 3rd Party sites. Whenever user will install any app from a different source than the official market, and will scan it for any malicious code that may prove potentially harmful for your device. Other than this, Users can now control how much data apps can access and share. This is made even more secure by something called VPN lockdown that can limit the amount of information sent over a connection that may not be secure or that is shared rather than priv
Cybersecurity Resources