Select Page
36-Year-Old SCP Clients’ Implementation Flaws Discovered

36-Year-Old SCP Clients’ Implementation Flaws Discovered

A set of 36-year-old vulnerabilities has been uncovered in the Secure Copy Protocol (SCP) implementation of many client applications that can be exploited by malicious servers to overwrite arbitrary files in the SCP client target directory unauthorisedly.

Session Control Protocol (SCP), also known as secure copy, is a network protocol that allows users to securely transfer files between a local host and a remote host using RCP (Remote Copy Protocol) and SSH protocol.

In other terms, SCP, which dates back to 1983, is a secure version of RCP that uses authentication and encryption of SSH protocol to transfer files between a server and a client.

Discovered by Harry Sintonen, one of F-Secure’s Senior Security Consultants, the vulnerabilities exist due to poor validations performed by the SCP clients, which can be abused by malicious servers or man-in-the-middle (MiTM) attackers to drop or overwrite arbitrary files on the client’s system.

images from Hacker News

Reminder: Microsoft to end support for Windows 7 in less than one year

Reminder: Microsoft to end support for Windows 7 in less than one year

A new reminder for those who are still holding on to the Windows 7 operating system—you have one year left until Microsoft ends support for its 9-year-old operating system.

So it’s time for you to upgrade your OS and say goodbye to Windows 7, as its five years of extended support will end on January 14, 2020—that’s precisely one year from today.

After that date, the tech giant will no longer release free security updates, bug fixes and new functionalities for the operating system that’s still widely used by people, which could eventually leave a significant number of users more susceptible to malware attacks.

However, the end of free support doesn’t end Windows 7 support for big business and enterprise customers. As always, Microsoft does make exceptions for certain companies that are willing to pay a lot of money to continue their support.

According to a ‘Death of Windows 7’ report from content delivery firm Kollective, as many as 43% of enterprises are still running the nine-year-old operating system, of which 17% didn’t know when Microsoft’s end of support deadline hit.

Millions of Users Are Still Using Windows 7

Want to know how popular Windows 7 is among users? Even after aggressively pushing Windows 10 installations since its release in 2015, its market share finally managed to overtake the user-favourite Windows 7 just by the end of last year.

Windows 7 was released in 2009 and, according to December 2018 stats from Netmarketshare, is currently running on about 37 percent of the world’s PC fleet, which is far ahead of its radically redesigned successor Windows 8 and 8.1 combined.

Microsoft stopped the mainstream support for Windows 7 in January 2015, but Windows users have continued to receive security updates and patches for known security issues as part of the company’s extended support, which runs for at least five years.

In March 2017, Microsoft also started blocking new security patches and updates for Windows 7 and Windows 8.1 users running the latest processors from Intel, AMD, Qualcomm, and others.

“For Windows 7 to run on any modern silicon, device drivers and firmware need to emulate Windows 7’s expectations for interrupt processing, bus support, and power states- which is challenging for WiFi, graphics, security, and more,” the company said.

images from Hacker News

Fortnite Flaws Allowed Hackers to Takeover Gamers’ Accounts

Fortnite Flaws Allowed Hackers to Takeover Gamers’ Accounts

Check Point researchers have discovered multiple security vulnerabilities in Fortnite, a massively popular online battle game, one of which could have allowed remote attackers to completely takeover player accounts just by tricking users into clicking an unsuspectable link.

The reported Fortnite flaws include a SQL injection, cross-site scripting (XSS) bug, a web application firewall bypass issue, and most importantly an OAuth account takeover vulnerability.

Full account takeover could be a nightmare, especially for players of such a hugely popular online game that has been played by 80 million users worldwide, and when a good Fortnite account has been sold on eBay for over $50,000.

The Fortnite game lets its players log in to their accounts using third-party Single Sign-On (SSO) providers, such as Facebook, Google, Xbox, and PlayStation accounts.

According to the researchers, the combination of cross-site scripting (XSS) flaw and a malicious redirect issue on the Epic Games’ subdomains allowed attackers to steal users’ authentication token just by tricking them into clicking a specially crafted web link.

Once compromised, an attacker can then access players’ personal information, buy in-game virtual currencies, and purchase game equipment that would then be transferred to a separate account controlled by the attacker and resold.

images from Hacker News

Flight Booking System Flaw Affected Customers of 141 Airlines Worldwide

Flight Booking System Flaw Affected Customers of 141 Airlines Worldwide

Almost half of the fight travellers around the world were found exposed to a critical security vulnerability discovered in online flight ticket booking system that allowed remote hackers to access and modify their travel details and even claim their frequent flyer miles.

Israeli network security researcher Noam Rotem discovered the vulnerability when he booked a flight on the Israeli airline ELAL, successful exploitation of which just required victim’s PNR (Passenger Name Record) number.

The vulnerability resided in the widely used online flight booking system developed by Amadeus, which is currently being used by nearly 141 international airlines, including United Airlines, Lufthansa and Air Canada.

After booking a flight with ELAL, the traveler receives a PNR number and a unique link that allows customers to check their booking status and related information associated with that PNR.

Rotem found that merely by changing the value of the “RULE_SOURCE_1_ID” parameter on that link to someone else’s PNR number would display personal and booking-related information from the account associated with that customer.

images from Hacker News

Hackers infect e-commerce sites by compromising their advertising partner

Hackers infect e-commerce sites by compromising their advertising partner

Magecart strikes again, one of the most notorious hacking groups specialises in stealing credit card details from poorly-secured e-commerce websites.

According to security researchers from RiskIQ and Trend Micro, cybercriminals of a new subgroup of Magecart, labeled as “Magecart Group 12,” recently successfully compromised nearly 277 e-commerce websites by using supply-chain attacks.

Magecart is the same group of digital credit card skimmers which made headlines last year for carrying out attacks against some big businesses including TicketmasterBritish Airways, and Newegg.

Typically, the Magecart hackers compromise e-commerce sites and insert malicious JavaScript code into their checkout pages that silently captures payment information of customers making purchasing on the sites and then send it to the attacker’s remote server.

However, the researchers from the two firms today revealed that instead of directly compromising targeted websites, the Magecart Group 12 hacked and inserted its skimming code into a third-party JavaScript library, enabling all websites using that script to load the malicious code.

images from Hacker News