Select Page
Critical Flaws in ‘OXID eShop’ Software Expose eCommerce Sites to Hacking

Critical Flaws in ‘OXID eShop’ Software Expose eCommerce Sites to Hacking

If your e-commerce website runs on the OXID eShop platform, you need to update it immediately to prevent your site from becoming compromised.

Cybersecurity researchers have discovered a pair of critical vulnerabilities in OXID eShop e-commerce software that could allow unauthenticated attackers to take full control over vulnerable eCommerce websites remotely in less than a few seconds.

OXID eShop is one of the leading German e-commerce shop software solutions whose enterprise edition is being used by industry leaders including Mercedes, BitBurger, and Edeka.

Security researchers at RIPS Technologies GmbH shared their latest findings with The Hacker News, detailing about two critical security vulnerabilities that affect recent versions of Enterprise, Professional, and Community Editions of OXID eShop software.

It should be noted that absolutely no interaction between the attacker and the victim is necessary to execute both vulnerabilities, and the flaws work against the default configuration of e-commerce software.

OXID eShop: SQL Injection Flaw

The first vulnerability, assigned as CVE-2019-13026, is a SQL injection vulnerability that allows an unauthenticated attacker to simply create a new administrator account, with a password of his own choice, on a website running any vulnerable version of OXID eShop software.

“An unauthenticated SQL injection can be exploited when viewing the details of a product. Since the underlying database makes use of the PDO database driver, stacked queries can be used to INSERT data into the database. In our exploit we abuse this to INSERT a new admin user,” researchers told The Hacker News.

Here’s Proof-of-Concept video researchers shared with The Hacker News, demonstrating this attack:

images from Hacker News

DHS Warns Small Airplanes Vulnerable to Flight Data Manipulation Attacks

DHS Warns Small Airplanes Vulnerable to Flight Data Manipulation Attacks

What could be more horrifying than knowing that a hacker can trick the plane’s electronic systems into displaying false flight data to the pilot, which could eventually result in loss of control?

Of course, the attacker would never wish to be on the same flight, so in this article, we are going to talk about a potential loophole that could allow an attacker to exploit a vulnerability with some level of “unsupervised” physical access to a small aircraft before the plane takes off.

The United States Department of Homeland Security’s (DHS) has issued an alert for the same, warning owners of small aircraft to be on guard against a vulnerability that could enable attackers to easily hack the plane’s CAN bus and take control of key navigation systems.

The vulnerability, discovered by a cybersecurity researcher at Rapid 7, resides in the modern aircraft’s implementation of CAN (Controller Area Network) bus—a popular vehicular networking standard used in automobiles and small aircraft that allows microcontrollers and devices to communicate with each other in applications without a host computer.

Rapid7 researcher Patrick Kiley demonstrated that a hacker with physical access to a small aircraft’s wiring could attach a device—or co-opt an existing attached device—to the plane’s avionics CAN bus to insert false data and communicate them to the pilot.

images from Hacker News

Cisco ‘Knowingly’ Sold Hackable Video Surveillance System to U.S. Government

Cisco ‘Knowingly’ Sold Hackable Video Surveillance System to U.S. Government

Cisco Systems has agreed to pay $8.6 million to settle a lawsuit that accused the company of knowingly selling video surveillance system containing severe security vulnerabilities to the U.S. federal and state government agencies.

It’s believed to be the first payout on a ‘False Claims Act‘ case over failure to meet cybersecurity standards.

The lawsuit began eight years ago, in the year 2011, when Cisco subcontractor turned whistleblower, James Glenn, accused Cisco of continue selling a video surveillance technology to federal agencies even after knowing that the software was vulnerable to multiple security flaws.

According to the court documents seen by The Hacker News, Glenn and one of his colleagues discovered multiple vulnerabilities in Cisco Video Surveillance Manager (VSM) suite in September 2008 and tried to report them to the company in October 2008.

Cisco Video Surveillance Manager (VSM) suite allows customers to manage multiple video cameras at different physical locations through a centralized server, which in turn, can be accessed remotely.

The vulnerabilities could have reportedly enabled remote hackers to gain unauthorized access to the video surveillance system permanently, eventually allowing them to gain access to all video feeds, all stored data on the system, modify or delete video feeds, and bypass security measures.

images from Hacker News

Researchers Discover New Ways to Hack WPA3 Protected WiFi Passwords

Researchers Discover New Ways to Hack WPA3 Protected WiFi Passwords

The same team of cybersecurity researchers who discovered several severe vulnerabilities, collectively dubbed as Dragonblood, in the newly launched WPA3 WiFi security standard few months ago has now uncovered two more flaws that could allow attackers to hack WiFi passwords.

WPA, or WiFi Protected Access, is a WiFi security standard that has been designed to authenticate wireless devices using the Advanced Encryption Standard (AES) protocol and intended to prevent hackers from eavesdropping on your wireless data.

The WiFi Protected Access III (WPA3) protocol was launched a year ago in an attempt to address technical shortcomings of the WPA2 protocol from the ground, which has long been considered to be insecure and found vulnerable to more severe KRACK attacks.

WPA3 relies on a more secure handshake, called SAE (Simultaneous Authentication of Equals), which is also known as Dragonfly, that aims to protect WiFi networks against offline dictionary attacks.

However, in less than a year, security researchers Mathy Vanhoef and Eyal Ronen found several weaknesses (Dragonblood) in the early implementation of WPA3, allowing an attacker to recover WiFi passwords by abusing timing or cache-based side-channel leaks.

Shortly after that disclosure, the WiFi Alliance, the non-profit organization which oversees the adoption of the WiFi standard, released patches to address the issues and created security recommendations to mitigate the initial Dragonblood attacks.

But it turns out that those security recommendations, which were created privately without collaborating with the researchers, are not enough to protect users against the Dragonblood attacks. Instead, it opens up two new side-channel attacks, which once again allows attackers to steal your WiFi password even if you are using the latest version of WiFi protocol.

New Side-Channel Attack Against WPA3 When Using Brainpool Curves

The first vulnerability, identified as CVE-2019-13377, is a timing-based side-channel attack against WPA3’s Dragonfly handshake when using Brainpool curves, which the WiFi Alliance recommended vendors to use as one of the security recommendations to add another layer of security.

“However, we found that using Brainpool curves introduces the second class of side-channel leaks in the Dragonfly handshake of WPA3,” the duo says in an updated advisory. “In other words, even if the advice of the WiFi Alliance is followed, implementations remain at risk of attacks.”

“The new side-channel leak is located in the password encoding algorithm of Dragonfly,” the researchers said, “We confirmed the new Brainpool leak in practice against the lastest Hostapd version, and were able to brute-force the password using the leaked information.”

Side-Channel Attack Against FreeRADIUS’ EAP-PWD Implementation

The second vulnerability, identified as CVE-2019-13456, is an information leak bug which resides the implementation of EAP-pwd (Extensible Authentication Protocol-Password) in FreeRADIUS—one of the most widely used open-source RADIUS server that companies utilizes as a central database to authenticate remote users.

images from Hacker News

New Flaws in Qualcomm Chips Expose Millions of Android Devices to Hacking

New Flaws in Qualcomm Chips Expose Millions of Android Devices to Hacking

A series of critical vulnerabilities have been discovered in Qualcomm chipsets that could allow hackers to compromise Android devices remotely just by sending malicious packets over-the-air with no user interaction.

Discovered by security researchers from Tencent’s Blade team, the vulnerabilities, collectively known as QualPwn, reside in the WLAN and modem firmware of Qualcomm chipsets that powers hundreds of millions of Android smartphones and tablets.

According to researchers, there are primarily two critical vulnerabilities in Qualcomm chipsets and one in the Qualcomm’s Linux kernel driver for Android which if chained together could allow attackers to take complete control over targeted Android devices within their Wi-Fi range.

“One of the vulnerabilities allows attackers to compromise the WLAN and Modem over-the-air. The other allows attackers to compromise the Android Kernel from the WLAN chip. The full exploit chain allows attackers to compromise the Android Kernel over-the-air in some circumstances,” researchers said in a blog post.

The vulnerabilities in question are:

  • CVE-2019-10539 (Compromising WLAN) — The first flaw is a buffer overflow issue that resides in the Qualcomm WLAN firmware due to lack of length check when parsing the extended cap IE header length.

 

  • CVE-2019-10540 (WLAN into Modem issue) — The second issue is also a buffer-overflow flaw that also resides in the Qualcomm WLAN firmware and affects its neighborhood area network (NAN) function due to lack of check of count value received in NAN availability attribute.

 

  • CVE-2019-10538 (Modem into Linux Kernel issue) — The third issue lies in Qualcomm’s Linux kernel driver for Android that can be exploited by subsequently sending malicious inputs from the Wi-Fi chipset to overwrite parts of Linux kernel running the device’s main Android operating system.

Once compromised, the kernel gives attackers full system access, including the ability to install rootkits, extract sensitive information, and perform other malicious actions, all while evading detection.

images from Hacker News