Select Page
This Bug Could Have Let Anyone Crash WhatsApp Of All Group Members

This Bug Could Have Let Anyone Crash WhatsApp Of All Group Members

WhatsApp, the world’s most popular end-to-end encrypted messaging application, patched an incredibly frustrating software bug that could have allowed a malicious group member to crash the messaging app for all members of the same group, The Hacker News learned.

Just by sending a maliciously crafted message to a targeted group, an attacker can trigger a fully-destructive WhatsApp crash-loop, forcing all group members to completely uninstall the app, reinstall it, and remove the group to regain normal function.

Since the group members can’t selectively delete the malicious message without opening the group window and re-triggering the crash-loop, they have to lose the entire group chat history, indefinitely, to get rid of it.

Discovered by researchers at Israeli cybersecurity firm Check Point, the latest bug resided in the WhatsApp’s implementation of XMPP communication protocol that crashes the app when a member with invalid phone number drops a message in the group.

“When we attempt to send a message where the parameter ‘participant’ receives a value of ‘null,’ a ‘Null Pointer Exception’ is thrown,” the researchers explain in a report shared with The Hacker News prior to its release.

 

“The parser for the participant’s phone number mishandles the input when an illegal phone number is received. When it receives a phone number with a length, not in the ranger 5-20 or a non-digit character, it would read it as a ‘null’ string.”

To be noted, the issue resided in both, WhatsApp for Android and iOS, but in an interview with The Hacker News, Check Point researcher Roman Zaikin confirmed that the exploit works smoothly against all vulnerable Android users, but sometimes doesn’t reproduce on iOS.

The attack requires a malicious group member to manipulate other parameters associated with messages in a conversation that is otherwise protected using end-to-end encryption.

images from Hacker News

Flaw in Elementor and Beaver Addons Let Anyone Hack WordPress Sites

Flaw in Elementor and Beaver Addons Let Anyone Hack WordPress Sites

Attention WordPress users!

Your website could easily get hacked if you are using “Ultimate Addons for Beaver Builder,” or “Ultimate Addons for Elementor” and haven’t recently updated them to the latest available versions.

Security researchers have discovered a critical yet easy-to-exploit authentication bypass vulnerability in both widely-used premium WordPress plugins that could allow remote attackers to gain administrative access to sites without requiring any password.

What’s more worrisome is that opportunistic attackers have already started exploiting this vulnerability in the wild within 2 days of its discovery in order to compromise vulnerable WordPress websites and install a malicious backdoor for later access.

Both vulnerable plugins, made by software development company Brainstorm Force, are currently powering over hundreds of thousands of WordPress websites using Elementor and Beaver Builder frameworks, helping website admins and designers extend the functionality of their websites with more widgets, modules, page templates.

Discovered by researchers at web security service MalCare, the vulnerability resides in the way both plugins let WordPress account holders, including administrators, authenticate via Facebook and Google login mechanisms.

images from Hacker News

Russian Police Raided NGINX Moscow Office, Detained Co-Founders

Russian Police Raided NGINX Moscow Office, Detained Co-Founders

Russian law enforcement officers have raided the Moscow offices of Nginx—the company behind the world’s second most popular web server software—over a copyright infringement complaint filed by Rambler, a Russian Internet portal and email service provider.

According to multiple reports from local media and social media, the police conducted searches and has also detained several employees of the company, including Igor Sysoev, the original developer of Nginx and Maxim Konovalov, another co-founder of the company.

Over 30% of the websites on the Internet today, including many of the world’s most popular sites like Netflix and Twitch, run on the Nginx server.

Igor Sysoev created the Nginx web server in the early 2000s and open-sourced it in 2004, after which he founded the company Nginx in 2015 that has now been acquired by F5 Networks, an American technology company, for $ 670 million.

According to a copy of the complaint shared on Twitter, Rambler accused that Sysoev created the software while he was working as a system administrator for the company. Thus, Rambler claims to own the copyright of the application.

images from Hacker News

New Zeppelin Ransomware Targeting Tech and Health Companies

New Zeppelin Ransomware Targeting Tech and Health Companies

A new variant of Vega ransomware family, dubbed Zeppelin, has recently been spotted in the wild targeting technology and healthcare companies across Europe, the United States, and Canada.

However, if you reside in Russia or some other ex-USSR countries like Ukraine, Belorussia, and Kazakhstan, breathe a sigh of relief, as the ransomware terminates its operations if found itself on machines located in these regions.

It’s notable and interesting because all previous variants of the Vega family, also known as VegaLocker, were primarily targeting Russian speaking users, which indicates Zeppelin is not the work of the same hacking group behind the previous attacks.

Since Vega ransomware and its previous variants were offered as a service on underground forums, researchers at BlackBerry Cylance believes either Zeppelin “ended up in the hands of different threat actors” or “redeveloped from bought/stolen/leaked sources.”

According to a report BlackBerry Cylance shared with The Hacker News, Zeppelin is a Delphi-based highly-configurable ransomware that can easily be customized to enable or disable various features, depending upon victims or requirements of attackers.

Zeppelin can be deployed as an EXE, DLL, or wrapped in a PowerShell loader and includes the following features:

  • IP Logger — to track the IP addresses and location of victims
  • Startup — to gain persistence
  • Delete backups — to stop certain services, disable the recovery of files, delete backups and shadow copies, etc.
  • Task-killer — kill attacker-specified processes
  • Auto-unlock — to unlock files that appear locked during encryption
  • Melt — to inject self-deletion thread to notepad.exe
  • UAC prompt — try running the ransomware with elevated privileges

Based on the configurations attackers set from the Zeppelin builder user-interface during the generation of the ransomware binary, the malware enumerates files on all drives and network shares and encrypts them with the same algorithm as used by the other Vega variants.

images from Hacker News

New PlunderVolt Attack Targets Intel SGX Enclaves by Tweaking CPU Voltage

New PlunderVolt Attack Targets Intel SGX Enclaves by Tweaking CPU Voltage

A team of cybersecurity researchers demonstrated a novel yet another technique to hijack Intel SGX, a hardware-isolated trusted space on modern Intel CPUs that encrypts extremely sensitive data to shield it from attackers even when a system gets compromised.

Dubbed Plundervolt and tracked as CVE-2019-11157, the attack relies on the fact that modern processors allow frequency and voltage to be adjusted when needed, which, according to researchers, can be modified in a controlled way to induce errors in the memory by flipping bits.

Bit flip is a phenomenon widely known for the Rowhammer attack wherein attackers hijack vulnerable memory cells by changing their value from 1 to a 0, or vice versa—all by tweaking the electrical charge of neighboring memory cells.

However, since the Software Guard Extensions (SGX) enclave memory is encrypted, the Plundervolt attack leverages the same idea of flipping bits by injecting faults in the CPU before they are written to the memory.

Plundervolt resembles more with speculative execution attacks like Foreshadow and Spectre, but while Foreshadow and Spectre attack the confidentiality of SGX enclave memory by allowing attackers to read data from the secured enclave, Plundervolt attacks the integrity of SGX to achieve the same.

To achieve this, Plundervolt depends upon a second known technique called CLKSCREW, a previously documented attack vector that exploits energy management of CPU to breach hardware security mechanisms and take control over a targeted system.

“We show that a privileged adversary is able to inject faults into protected enclave computations. Crucially, since the faults happen within the processor package, i.e., before the results are committed to memory, Intel SGX’s memory integrity protection fails to defend against our attacks,” the researchers said.

images from Hacker News