Cyber Security Training from QA

Cyber Pulse: Edition 37

Read the latest edition of Cyber Pulse, our roundup of Cyber news.


22 October 2018

Critical Flaw Found in Streaming Library Used by VLC and Other Media Players

Security researchers have discovered a serious code execution vulnerability in the LIVE555 Streaming Media library—which is being used by popular media players including VLC and MPlayer, along with a number of embedded devices capable of streaming media. The vulnerable library is internally being used by many well-known media software such as VLC and MPlayer, exposing their millions of users to cyber attacks. The code execution vulnerability, tracked as CVE-2018-4013 and discovered by researcher Lilith Wyatt of Cisco Talos Intelligence Group, resides in the HTTP packet-parsing functionality of the LIVE555 RTSP, which parses HTTP headers for tunneling RTSP over HTTP. A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution. An attacker can send a packet to trigger this vulnerability. To exploit this vulnerability, all an attacker needs to do is create and send "a packet containing multiple 'Accept:' or 'x-sessioncookie' strings" to the vulnerable application, which will trigger a stack buffer overflow in the 'lookForHeader' function, leading to arbitrary code execution. Cisco Talos team confirmed the vulnerability in Live Networks LIVE555 Media Server version 0.92, but the team believes the security issue may also be present in the earlier version of the product. Cisco Talos responsibly reported the vulnerability to Live Networks on October 10 and publicly disclosed the security issue on October 18 after the vendor released security patches on October 17.

Critical Flaws Found in Amazon FreeRTOS IoT Operating System

A security researcher has discovered several critical vulnerabilities in one of the most popular embedded real-time operating systems—called FreeRTOS—and its other variants, exposing a wide range of IoT devices and critical infrastructure systems to hackers. FreeRTOS is a leading open source real-time operating system (RTOS) for embedded systems that has been ported to over 40 microcontrollers, which are being used in IoT, aerospace, medical, automotive industries, and more. RTOS has specifically been designed to carefully run applications with very precise timing and a high degree of reliability, every time. Ori Karliner, a security researcher at Zimperium Security Labs (zLabs), discovered a total of 13 vulnerabilities in FreeRTOS's TCP/IP stack that also affect its variants maintained by Amazon and WHIS. The vulnerabilities could allow attackers to crash the target device, leak information from its memory, and the most worrisome, remotely execute malicious code on it, thus taking complete control over the target device. To allow smaller vendors to patch the issues before attackers try to leverage them, zLabs has decided not to disclose technical details of these vulnerabilities to the public for at least a month.

Tumblr Patches A Flaw That Could Have Exposed Users’ Account Info

Tumblr published a report admitting the presence of a security vulnerability in its website that could have allowed hackers to steal login credentials and other private information for users' accounts. The affected information included users email addresses, protected (hashed and salted) account passwords, self-reported location (a feature no longer available), previously used email addresses, last login IP addresses, and names of the blog associated with every account. In short, your account could only be affected if it was recommended to some an attacker via the vulnerable feature. The company fails to determine which specific accounts were recommended via the vulnerable feature, thus is unable to disclose the number of affected users, but it concludes that "the bug was rarely present." Tumblr disclosure comes less than a week after Facebook announced its worst-ever security breach that allowed attackers to steal personal information, including secret access tokens, for 30 million users.

Data Breach That Hit 79 Million People Will Cost Anthem $16 Million

The nation’s second-largest health insurer has agreed to pay the government a record $16 million to settle potential privacy violations in the biggest known health care hack in U.S. history, officials said Monday. The personal information of nearly 79 million people – including names, birthdates, Social Security numbers and medical IDs – was exposed in the cyberattack, discovered by the company in 2015. The settlement between Anthem Inc. and the Department of Health and Human Services represents the largest amount collected by the agency in a health care data breach, officials said. The company discovered the data breach in early 2015, but hackers had been burrowing into its systems for weeks. Security experts said at the time that the size and scope of the attack indicated potential involvement by a foreign government. Hackers used a common email technique called spear-phishing in which unwitting company insiders are tricked into revealing usernames and passwords. The Anthem attackers gained the credentials of system administrators, allowing them to probe deeply into the insurer’s systems.

LibSSH Flaw Allows Hackers to Take Over Servers Without Password

A four-year-old severe vulnerability has been discovered in the Secure Shell (SSH) implementation library known as Libssh that could allow anyone to completely bypass authentication and gain unfettered administrative control over a vulnerable server without requiring a password. The security vulnerability, tracked as CVE-2018-10933, is an authentication-bypass issue that was introduced in Libssh version 0.6 released earlier 2014, leaving thousands of enterprise servers open to hackers for the last four years. But before you get frightened, you should know that neither the widely used OpenSSH nor Github's implementation of libssh was affected by the vulnerability. The vulnerability resides due to a coding error in Libssh and is "ridiculously simple" to exploit. According to a security advisory published Tuesday, all an attacker needs to do is sending an "SSH2_MSG_USERAUTH_SUCCESS" message to a server with an SSH connection enabled when it expects an "SSH2_MSG_USERAUTH_REQUEST" message. Due to a logical flaw in libssh, the library fails to validate if the incoming “successful login” packet was sent by the server or the client, and also fails to check if the authentication process has been completed or not. Therefore, if a remote attacker (client) sends this "SSH2_MSG_USERAUTH_SUCCESS" response to libssh, it considers that the authentication has been successful and will grant the attacker access to the server, without needing to enter a password.

 

Visit cyber.qa.com for more information on how they can help solve the Cyber Security skills gap.

 

Useful links

Cyber Pulse: Edition 36

Cyber Pulse: Edition 35

Cyber Pulse: Edition 34

Cyber Pulse: Edition 33

Cyber Pulse: Edition 32

Cyber Pulse: Edition 31

Cyber Pulse: Edition 30

Cyber Pulse: Edition 29

Cyber Pulse: Edition 28

Cyber Pulse: Edition 27

 

Edited and compiled by

 

James Aguilan

James Aguilan

Cyber Security Specialist

James Aguilan currently works as a Cybersecurity Researcher. He has provided upskilling and development to Government Agencies, National Critical Infrastructures and Large Corporations through the simulation of cyber-attacks and forensic investigations workshops. In the past, James worked as a Data Consultant where he advised high profiling clients on how to handle their data in a Civil Litigation or Criminal Investigation. Notably, this includes the largest Merger between two US Powerhouse Conglomerate, a deal worth $87 billion. Additionally, he has also served as a Cybersecurity Consultant where he would Respond to Incidents and Perform Full Forensic Investigations. James holds a first-class honour in Computer Forensics and is actively working towards a Masters in Network Security and Penetration Testing.
Talk to our learning experts

Talk to our team of learning experts

Every business has different learning needs. QA has over 30 years of experience in combining the highest quality training with the most comprehensive range of learning services, ensuring the very best fit for your organisation.

Get in touch with our learning experts to talk about how we can help.