A vulnerability has been reported in the windows installer (MSI) built with InstallScript custom action. This vulnerability may allow privilege escalation when invoked ‘repair’ of the MSI which has an InstallScript custom action.
A Denial of Service (DoS) vulnerability was discovered in FlexNet Publisher’s lmadmin 11.16.5, when doing a crafted POST request on lmadmin using the web-based tool.
A vulnerability exists in FlexNet Manager Suite releases 2015 R2 SP3 and earlier (including FlexNet Manager Platform 9.2 and earlier) that affects the inventory gathering components and can be exploited by local users to perform certain actions with elevated privileges on the local system.
When I started my job as Cybermum – over 10 years ago – it was quite common to strategise ways to prevent your private information appearing online. But those days have long gone. Unless you have been living off the grid and opted out of life completely, having an online presence is now essential. Whether you’re paying bills, booking appointments or renewing your insurance premiums, many companies have made it almost impossible to conduct your business in person, forcing even the most reluctant of us online.
Now, many of us consider ourselves to be proactive in managing just what we share online by using VPNs, not always setting up accounts with online stores and ensuring our social media privacy settings are nice and tight. But unfortunately, managing your privacy online is more complicated than that. In fact, most of us maybe sharing our private information online every day without even knowing. So, in the spirit of keeping you safe – here are three different areas that I suggest you focus on to ensure you know exactly where you are sharing your private information
Every time you visit an online site, send an email, search for information or basically do anything online, multiple parties collect this information. Your Internet Service Provider (ISP), Wi-Fi network administrator, operating system e.g. Windows or iOS, search engine plus the websites and apps you use will all keep a record of what’s you’re up to – even if you are in Incognito Mode!
This information is often gathered using cookies – small files that are placed on your device by the website that you visit. These are created whenever you visit a website, and they contain data about your visit. Some websites are required by law to advise you if and when they use cookies but if you choose to reject cookies, your browsing experience can become really clunky.
What each of these parties does with your private information varies. Your ISP, for example, can easily put together a pretty accurate profile based on your searching, location and downloads and link this to your IP (unique) address. This data can be held for years – subject to your country’s laws and could potentially be used for surveillance, policing and even advertising.
Now I appreciate that my ISP is required to collect information for the greater good but I am far less comfortable when search engines, websites and apps collect my private data. Since the Cambridge Analytica Scandal of 2018, the industry has definitely had a shake-up however this can still be a risky business.
Consider using a VPN to ensure the private information you share online is encrypted and protected.
Refrain from setting up accounts on every website you visit. Buy items as a guest to avoid creating login details.
Consider a search engine that doesn’t collect and store your information. And there are loads of more ‘privacy focussed’ options to choose from. Check out DuckDuckGo – a website that doesn’t profile users or track or sell your information to third parties.
Never download apps from unknown sources. They may be designed to mine your personal information. Only download apps from reputable sources e.g. App Store for Apple or the Google Play store for Android devices.
Always read reviews to see if anyone has had a problem with an app and always check the fine print before you download.
You know those annoying pop-up adds that just randomly appear on your devices? Well – that’s adware, software that is designed to generate revenue through advertisements. Many of us download it without knowing – you may have downloaded a free program or app without realising it contained bonus adware software. Alternatively, hackers can insert it into your system by exploiting a vulnerability in your software – that’s why you need to keep all your software updated!
And while those pop-ups can be super irritating what you really need to worry about is that adware can compromise your online privacy. Adware is designed to track your search and browsing history so it can display ads that are most relevant to you. And once the adware developer has your location and browser history, they are likely to sell this info to a third party, making themselves a nice, tidy profit – all without you even knowing!!
Use a super-duper internet security software like McAfee’s Total Protection that will identify and remove adware.
Keep your software and operating systems updates to prevent hackers from introducing adware into your system.
Phishing emails are a renowned source of adware links – never open links in an email if you aren’t 100% sure it’s safe.
When I first discovered autofill, I was hooked! No need to tediously enter your name, address, telephone number- even credit card – every time you need it! How good?? But I have since learnt that having autofill enabled on your computer means your personal information is at risk of being hacked. Cybercrims have mastered the art of capturing our credentials by tricking browsers to share our personal details and here’s how: unsuspecting people are lured to a compromised website that has an invisible form. Autofill identifies that there is a form on the site and then gives up your private information allowing the hacker to collect your credentials.
Disable auto-fill – yes it’s convenient but it’s just too risky. Here’s some advice on how to make that happen.
Use a Safe Search service to ensure you don’t get involved in fraudulent websites. Check out McAfee’s WebAdvisor – it’s free!
Not sure whether it’s worth the effort? Well, let me make it simple – if you want to lock down your online identity to ensure your financial health and reputation aren’t compromised then you need to do something very soon! Imagine losing your hard-earned savings or having your Instagram account hacked and your reputation compromised? Not fun at all – so it’s time to take action, my friends.
Stay Safe
Alex
The post How You May be Sharing Private Information Online Without Even Knowing appeared first on McAfee Blog.
When Xiaomi router firmware is updated in 2020, there is an unauthenticated API that can reveal WIFI password vulnerability. This vulnerability is caused by the lack of access control policies on some API interfaces. Attackers can exploit this vulnerability to enter the background and execute background command injection.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of OPC Labs QuickOPC 2022.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of XML files in Connectivity Explorer. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of the current process. Was ZDI-CAN-16596.
This vulnerability allows remote attackers to delete arbitrary files on affected installations of EnterpriseDT CompleteFTP CompleteFTP Server v22.1.0 Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the HttpFile class. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to delete files in the context of SYSTEM. Was ZDI-CAN-17481.
When it comes to threat actors working for the North Korean government, most people have heard of the Lazarus group (APT38). It was responsible for the 2014 attack against Sony Pictures, the 2016 cyber heist of funds belonging to the central bank of Bangladesh, and the 2017 WannaCry ransomware worm. However, another team that security researchers call APT43, Kimsuky, or Thallium has been carrying out cyberespionage and cybercrime operations at the behest of the North Korean government since at least 2018.
APT43 specializes in credential harvesting and social engineering with a focus on foreign policy and nuclear security issues, topics that align with North Korea’s strategic nuclear goals. The group temporarily pivoted to health-related target verticals in 2021, reflecting the Pyongyang regime’s focus at the time on dealing with the COVID-19 pandemic. Since 2022, APT43 has been seen targeting so-called track two diplomatic channels including religious groups, universities, non-governmental organizations, journalists, academics, bloggers, and human rights activists.
It was discovered that the KVM VMX implementation in the Linux kernel did
not properly handle indirect branch prediction isolation between L1 and L2
VMs. An attacker in a guest VM could use this to expose sensitive
information from the host OS or other guest VMs. (CVE-2022-2196)
It was discovered that a use-after-free vulnerability existed in the SGI
GRU driver in the Linux kernel. A local attacker could possibly use this to
cause a denial of service (system crash) or possibly execute arbitrary
code. (CVE-2022-3424)
Ziming Zhang discovered that the VMware Virtual GPU DRM driver in the Linux
kernel contained an out-of-bounds write vulnerability. A local attacker
could use this to cause a denial of service (system crash).
(CVE-2022-36280)
Hyunwoo Kim discovered that the DVB Core driver in the Linux kernel did not
properly perform reference counting in some situations, leading to a use-
after-free vulnerability. A local attacker could use this to cause a denial
of service (system crash) or possibly execute arbitrary code.
(CVE-2022-41218)
Gerald Lee discovered that the USB Gadget file system implementation in the
Linux kernel contained a race condition, leading to a use-after-free
vulnerability in some situations. A local attacker could use this to cause
a denial of service (system crash) or possibly execute arbitrary code.
(CVE-2022-4382)
It was discovered that the NTFS file system implementation in the Linux
kernel did not properly validate attributes in certain situations, leading
to an out-of-bounds write vulnerability. A local attacker could use this to
cause a denial of service (system crash). (CVE-2022-48423)
It was discovered that the NTFS file system implementation in the Linux
kernel did not properly validate attributes in certain situations, leading
to an out-of-bounds read vulnerability. A local attacker could possibly use
this to expose sensitive information (kernel memory). (CVE-2022-48424)
José Oliveira and Rodrigo Branco discovered that the prctl syscall
implementation in the Linux kernel did not properly protect against
indirect branch prediction attacks in some situations. A local attacker
could possibly use this to expose sensitive information. (CVE-2023-0045)
It was discovered that the KSMBD implementation in the Linux kernel did not
properly validate buffer lengths, leading to a heap-based buffer overflow.
A remote attacker could possibly use this to cause a denial of service
(system crash). (CVE-2023-0210)
It was discovered that a use-after-free vulnerability existed in the
Advanced Linux Sound Architecture (ALSA) subsystem. A local attacker could
use this to cause a denial of service (system crash). (CVE-2023-0266)
Kyle Zeng discovered that the class-based queuing discipline implementation
in the Linux kernel contained a type confusion vulnerability in some
situations. An attacker could use this to cause a denial of service (system
crash). (CVE-2023-23454)
Kyle Zeng discovered that the ATM VC queuing discipline implementation in
the Linux kernel contained a type confusion vulnerability in some
situations. An attacker could use this to cause a denial of service (system
crash). (CVE-2023-23455)
It was discovered that the RNDIS USB driver in the Linux kernel contained
an integer overflow vulnerability. A local attacker with physical access
could plug in a malicious USB device to cause a denial of service (system
crash) or possibly execute arbitrary code. (CVE-2023-23559)
It was discovered that the NTFS file system implementation in the Linux
kernel did not properly handle a loop termination condition, leading to an
out-of-bounds read vulnerability. A local attacker could use this to cause
a denial of service (system crash) or possibly expose sensitive
information. (CVE-2023-26606)
Wei Chen discovered that the DVB USB AZ6027 driver in the Linux kernel
contained a null pointer dereference when handling certain messages from
user space. A local attacker could use this to cause a denial of service
(system crash). (CVE-2023-28328)
Jan-Niklas Sohn discovered that the X.Org X Server incorrectly handled
certain memory operations. An attacker could possibly use these issues to
cause the X Server to crash, execute arbitrary code, or escalate
privileges.
