#1 Trusted Cybersecurity News Platform Followed by 3.45+ million
The Hacker News Logo
Subscribe to Newsletter

sandbox | Breaking Cybersecurity News | The Hacker News

Not All Sandboxes Are for Children: How to Secure Your SaaS Sandbox

Not All Sandboxes Are for Children: How to Secure Your SaaS Sandbox
Oct 20, 2022
When creating a Sandbox, the mindset tends to be that the Sandbox is considered a place to play around, test things, and there will be no effect on the production or operational system. Therefore, people don't actively think they need to worry about its security. This mindset is not only wrong, but extremely dangerous.  When it comes to software developers, their version of sandbox is similar to a child's playground — a place to build and test without breaking any flows in production. Meanwhile, in the world of cybersecurity, the term 'sandbox' is used to describe a virtual environment or machine used to run suspicious code and other elements.  Many organizations use a Sandbox for their SaaS apps — to test changes without disrupting the production SaaS app or even to connect new apps (much like a software developer's Sandbox). This common practice often leads to a false sense of security and in turn a lack of thought for its security implications. This article wi

Researchers Detail Critical RCE Flaw Reported in Popular vm2 JavaScript Sandbox

Researchers Detail Critical RCE Flaw Reported in Popular vm2 JavaScript Sandbox
Oct 11, 2022
A now-patched security flaw in the vm2 JavaScript sandbox module could be abused by a remote adversary to break out of security barriers and perform arbitrary operations on the underlying machine. "A threat actor can bypass the sandbox protections to gain remote code execution rights on the host running the sandbox," GitHub  said  in an advisory published on September 28, 2022. The issue, tracked as CVE-2022-36067 and codenamed Sandbreak, carries a maximum severity rating of 10 on the CVSS vulnerability scoring system. It has been addressed in  version 3.9.11  released on August 28, 2022. vm2 is a  popular Node library  that's used to run untrusted code with allowlisted built-in modules. It's also one of the most widely downloaded software, accounting for nearly 3.5 million downloads per week. The  shortcoming  is rooted in the error mechanism in Node.js to escape the sandbox, according to application security firm Oxeye, which  discovered the flaw . This mean

Microsoft Details App Sandbox Escape Bug Impacting Apple iOS, iPadOS, macOS Devices

Microsoft Details App Sandbox Escape Bug Impacting Apple iOS, iPadOS, macOS Devices
Jul 14, 2022
Microsoft on Wednesday shed light on a now patched security vulnerability affecting Apple's operating systems that, if successfully exploited, could allow attackers to escalate device privileges and deploy malware. "An attacker could take advantage of this sandbox escape vulnerability to gain elevated privileges on the affected device or execute malicious commands like installing additional payloads," Jonathan Bar Or of the Microsoft 365 Defender Research Team  said  in a write-up. Tracked as  CVE-2022-26706  (CVSS score: 5.5), the security vulnerability impacts iOS, iPadOS, macOS, tvOS, and watchOS and was fixed by Apple in May 2022. Calling it an access issue affecting the LaunchServices (launchd) component, the iPhone maker noted that "A sandboxed process may be able to circumvent sandbox restrictions," adding it mitigated the issue with additional restrictions. While Apple's  App Sandbox  is designed to tightly regulate a third-party app's acce

How to Build a Custom Malware Analysis Sandbox

How to Build a Custom Malware Analysis Sandbox
Mar 24, 2022
Before hunting malware, every researcher needs to find a system where to analyze it. There are several ways to do it: build your own environment or use third-party solutions. Today we will walk through all the steps of creating a custom malware sandbox where you can perform a proper analysis without infecting your computer. And then compare it with a ready-made service. Why do you need a malware sandbox?  A sandbox allows detecting cyber threats and analyzing them safely. All information remains secure, and a suspicious file can't access the system. You can monitor malware processes, identify their patterns and investigate behavior. Before setting up a sandbox, you should have a clear goal of what you want to achieve through the lab.  There are two ways how to organize your working space for analysis: Custom sandbox.  Made from scratch by an analyst on their own, specifically for their needs. A turnkey solution.  A versatile service with a range of configurations to meet yo

Latest Firefox 95 Includes RLBox Sandboxing to Protect Browser from Malicious Code

Latest Firefox 95 Includes RLBox Sandboxing to Protect Browser from Malicious Code
Dec 07, 2021
Mozilla is beginning to roll out Firefox 95 with a new sandboxing technology called RLBox that prevents untrusted code and other security vulnerabilities from causing "accidental defects as well as supply-chain attacks." Dubbed " RLBox " and implemented in collaboration with researchers at the University of California San Diego and the University of Texas, the improved protection mechanism is designed to harden the web browser against potential weaknesses in off-the-shelf libraries used to render audio, video, fonts, images, and other content. To that end, Mozilla is incorporating "fine-grained sandboxing" into five modules, including its  Graphite  font rendering engine,  Hunspell  spell checker,  Ogg  multimedia container format,  Expat  XML parser, and  Woff2  web font compression format. The framework uses  WebAssembly , an open standard that defines a portable binary-code format for executable programs that can be run on modern web browsers, to i

Google uncovers new iOS security feature Apple quietly added after zero-day attacks

Google uncovers new iOS security feature Apple quietly added after zero-day attacks
Jan 29, 2021
Google Project Zero on Thursday disclosed details of a new security mechanism that Apple quietly added to iOS 14 as a countermeasure to prevent attacks that were recently found to leverage zero-days in its messaging app. Dubbed " BlastDoor ," the improved sandbox system for iMessage data was disclosed by Samuel Groß, a Google Project Zero researcher tasked with studying zero-day vulnerabilities in hardware and software systems. "One of the major changes in iOS 14 is the introduction of a new, tightly sandboxed 'BlastDoor' service which is now responsible for almost all parsing of untrusted data in iMessages," Groß  said . "Furthermore, this service is written in Swift, a (mostly) memory safe language which makes it significantly harder to introduce classic memory corruption vulnerabilities into the code base." The development is a consequence of a  zero-click exploit  that leveraged an Apple iMessage flaw in iOS 13.5.1 to get around security p

Windows Built-in Antivirus Gets Secure Sandbox Mode – Turn It ON

Windows Built-in Antivirus Gets Secure Sandbox Mode – Turn It ON
Oct 29, 2018
Microsoft Windows built-in anti-malware tool, Windows Defender, has become the very first antivirus software to have the ability to run inside a sandbox environment. Sandboxing is a process that runs an application in a safe environment isolated from the rest of the operating system and applications on a computer. So that if a sandboxed application gets compromised, the technique prevents its damage from spreading outside the closed area. Since antivirus and anti-malware tools run with the highest level of privileges to scan all parts of a computer for malicious code, it has become a desired target for attackers. The need for sandboxing an antivirus tool has become necessary after multiple critical vulnerabilities were discovered in such powerful applications, including Windows Defender, in past years that could have allowed attackers to gain full control of a targeted system. That's why Microsoft announced to add a sandbox mode to its Windows Defender. So, even if an att

Subgraph OS — Secure Linux Operating System for Non-Technical Users

Subgraph OS — Secure Linux Operating System for Non-Technical Users
Mar 04, 2016
Information security and privacy are consistently hot topics after Edward Snowden revelations of NSA's global surveillance that brought the world's attention towards data protection and encryption as never before. Moreover, just days after Windows 10 's successful launch last summer, we saw various default settings in the Microsoft's newest OS that compromise users' privacy , making a large number of geeks, as well as regular users, migrate to Linux. However, the problem is that majority of users are not friendly to the Linux environment. They don't know how to configure their machine with right privacy and security settings, which makes them still open to hacking and surveillance. However, this gaping hole can be filled with a  Debian-based  Security-focused Linux operating system called Subgraph OS: A key solution to your Privacy Fear. Subgraph OS is a feather weighted Linux flavor that aims to combat hacking attacks easier, even on fai

VirusTotal now Scans Mac OS X Apps for Malware

VirusTotal now Scans Mac OS X Apps for Malware
Nov 19, 2015
Do Mac Computers Get Viruses? Yes, Of Course, they do!  According to stats, malware for MAC OS X has appeared five times more in 2015 alone than the previous five years combined. As malware for Macs is becoming more common, Google has decided to add support for Mac  OS X malware detection to its VirusTotal web-based service. VirusTotal — launched in 2004 and acquired by Google in 2012 — is a free and popular online service for security researchers and Hackers that lets you upload files to check them for viruses. VirusTotal scans uploaded files with more than 55 different Antivirus products and Online scan engines to provide a combined report on the results. VirusTotal also runs certain ' Windows PE files and Android apps ' files in the Sandbox , a controlled research environment used for malware analysis. According to the recent announcement, VirusTotal will also be able to execute suspicious Mac executable files inside its Sandbox environment

Hacker 'Pinkie Pie' successfully compromised Chrome on Nexus 4 and Samsung Galaxy S4

Hacker 'Pinkie Pie' successfully compromised Chrome on Nexus 4 and Samsung Galaxy S4
Nov 14, 2013
A Mysterious Hacker who goes by the " Pinkie Pie " handle is rewarded with $50,000 USD for hacking into the Google Chrome browser for Nexus 4 and Samsung Galaxy S4 . At Information Security Conference PacSec 2013 in Tokyo, during the HP's Pwn2Own contest, a zero-day exploit  showcased by " Pinkie Pie ", that took advantage of two vulnerabilities: An integer overflow that affects Chrome. Chrome vulnerability that resulted in a full sandbox escape. For successful exploitation, you have to get your victim to visit a malicious website e.g. clicking a link in an email, or an SMS or on another web page. He demonstrated this zero-day attack with remote code execution vulnerability on the affected devices. It is not known whether other Android phones are also vulnerable to same flaw or not. Vulnerability has been disclosed to Google by the Contest organizers and the company is working to address the issue as soon as possible. Researchers from

Terminator RAT became more sophisticated in recent APT attacks

Terminator RAT became more sophisticated in recent APT attacks
Oct 27, 2013
Advanced Persistent Threat (APT) is a term referring to targeted attacks on enterprises and other organizations and recently referred to what appeared to be nation-state intelligence agencies using cyber assaults for both conventional espionage and industrial espionage. Advanced threats have targeted control systems in the past and these attacks use commercially available and custom-made advanced malware to steal information or perpetrate fraud. Terminator RAT has been used against Tibetan and Uyghur activists before and while tracking attack against entities in Taiwan, the Cyber Security company FireEye Labs recently analyzed some new samples of ' Terminator RAT ' (Remote Access Tool) that was sent via spear-phishing emails to targets in Taiwan. A word document as an attachment was sent to victims, exploited a vulnerability in Microsoft Office ( CVE-2012-0158 ), which subsequently drops a malware installer named " DW20.exe ". Sometimes the simplest techniques

Android vulnerability allows hackers to modify apps without breaking signatures

Android vulnerability allows hackers to modify apps without breaking signatures
Jul 04, 2013
Almost all Android handsets are  vulnerable to a  flaw that could allow hackers to seize control of a device to make calls, send texts, or build a mobile botnet , has been uncovered by Bluebox Security .i.e almost 900 million Android devices globally. Or simply, The Flaw allow hackers to modify any legitimate and digitally signed application in order to transform it into a Trojan program that can be used to steal data or take control of the OS. When an application is installed and a sandbox is created for it, Android records the application's digital signature and all subsequent updates for that application need to match its signature in order to verify that they came from the same author and anything without the signature certificate won't install or run on a user's device. The vulnerability has existed since at least Android 1.6, which means that it potentially affects any Android device released during the last four years.  Samsung 's flagship Galaxy S4 has a
More Resources

Sign up for free and start receiving your daily dose of cybersecurity news, insights and tips.