The Hacker News Logo
Subscribe to Newsletter

lundi 19 août 2019

4 New BlueKeep-like 'Wormable' Windows Remote Desktop Flaws Discovered

If you are using any supported version of the Windows operating system, stop everything and install the latest security updates from Microsoft immediately.

Windows operating system contains four new critical wormable, remote code execution vulnerabilities in Remote Desktop Services, similar to the recently patched 'BlueKeep' RDP vulnerability.

Discovered by Microsoft's security team itself, all four vulnerabilities, CVE-2019-1181, CVE-2019-1182, CVE-2019-1222, and CVE-2019-1226, can be exploited by unauthenticated, remote attackers to take control of an affected computer system without requiring any user interaction.

Just like BlueKeep RDP flaw, all four newly discovered vulnerabilities are also wormable and could be exploited by potential malware to propagate itself from one vulnerable computer to another automatically.

    "An attacker can get code execution at the system level by sending a specially crafted pre-authentication RDP packet to an affected RDS server," Microsoft warned.

    "The affected versions of Windows are Windows 7 SP1, Windows Server 2008 R2 SP1, Windows Server 2012, Windows 8.1, Windows Server 2012 R2, and all supported versions of Windows 10, including server versions."


Though the first two vulnerabilities affect all supported versions of the Windows operating system, the second set of flaws (1222 and 1226) only affects Windows 10 and Windows Server Editions.

The new vulnerabilities neither affect Windows XP, Windows Server 2003, and Windows Server 2008 nor affect Remote Desktop Protocol (RDP) itself that Microsoft developed for the Remote Desktop Services.

Instead, the vulnerabilities reside in Remote Desktop Services—formerly known as Terminal Services—could be exploited by unauthenticated, remote attackers by sending specially crafted requests over RDP protocol to a targeted system.

Besides this, Microsoft also says that the company has found "no evidence that these vulnerabilities were known to any third party," or being exploited in the wild.

    "It is important that affected systems are patched as quickly as possible because of the elevated risks associated with wormable vulnerabilities like these," Microsoft strongly recommended.


If left unpatched, these security vulnerabilities could allow attackers to spread wormable malware in a similar way as the infamous WannaCry and NotPetya malware was spread across the globe in 2017.

Microsoft August 2019 Patch Tuesday Updates

Besides these four critical security flaws, Microsoft has also patched 89 vulnerabilities as part of the company's monthly batch of software security updates for August, 25 of which are rated critical and 64 important in severity.


The August 2019 Patch Tuesday security updates include patches for various supported versions of Windows and other Microsoft products, including Internet Explorer, Edge, Office, ChakraCore, Visual Studio, Online Services, and Active Directory Microsoft Dynamics.

All critical vulnerabilities listed this month impact various versions of Windows 10 operating system and Server editions and mostly reside in Chakra Scripting Engine, with some also reside in Windows Graphics Device Interface (GDI), Word, Outlook, Hyper-V, and VBScript Engine, LNK, and Windows DHCP Server.

Some important-rated vulnerabilities also lead to remote code execution attacks, while the majority of them allow elevation of privilege, denial of service, information disclosure, security bypass, spoofing, tampering, and cross-site scripting attacks.

Users and system administrators are highly recommended to apply the latest security patches as soon as possible to keep cybercriminals and hackers away from taking control of their computers.

For installing the latest security updates, you can head on to Settings → Update & Security → Windows Update → Check for updates on your computer, or you can install the updates manually.

Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.
Read more

samedi 1 décembre 2018

Someone Hacked 50,000 Printers to Promote PewDiePie YouTube Channel


This may sound crazy, but it’s true!

The war for "most-subscribed Youtube channel" crown between T-Series and PewDiePie just took an interesting turn after a hacker yesterday hijacked more than 50,000 internet-connected printers worldwide to print out flyers asking everyone to subscribe to PewDiePie YouTube channel.

PewDiePie, whose real name is Felix Kjellberg, is a famous YouTuber from Sweden known for his game commentary and pranks and has had the most subscribers on YouTube since 2013.

However, the channel owned by Bollywood record label T-Series has been catching up in recent months, and now both are hovering around 72.5 million YouTube subscribers.

From this fear that PewDiePie won't remain the number one most-subscribed YouTuber in the world, an anonymous hacker (probably his die-hard fan) with the Twitter username "TheHackerGiraffe" came up with a hackish idea.
Read more

500 Million Marriott Guest Records Stolen in Starwood Data Breach


The world's biggest hotel chain Marriott International today disclosed that unknown hackers compromised guest reservation database its subsidiary Starwood hotels and walked away with personal details of about 500 million guests.

Starwood Hotels and Resorts Worldwide was acquired by Marriott International for $13 billion in 2016. The brand includes St. Regis, Sheraton Hotels & Resorts, W Hotels, Westin Hotels & Resorts, Aloft Hotels, Tribute Portfolio, Element Hotels, Le Méridien Hotels & Resorts, The Luxury Collection, Four Points by Sheraton and Design Hotels.

The incident is believed to be one of the largest data breaches in history, behind 2016 Yahoo hacking in which nearly 3 billion user accounts were stolen.

The breach of Starwood properties has been happening since 2014 after an "unauthorized party" managed to gain unauthorized access to the Starwood's guest reservation database, and had copied and encrypted the information.

Marriott discovered the breach on September 8 this year after it received an alert from an internal security tool "regarding an attempt to access the Starwood guest reservation database in the United States."

On November 19, the investigation into the incident revealed that there was unauthorized access to the database, containing "guest information relating to reservations at Starwood properties on or before September 10, 2018."

The stolen hotel database contains sensitive personal information of nearly 327 million guests, including their names, mailing addresses, phone numbers, email addresses, passport numbers, dates of birth, genders, arrival and departure information, reservation date, and communication preferences.

What's worrisome? For some users, stolen data also includes payment card numbers and payment card expiration dates.
Read more

Dell Resets All Customers' Passwords After Potential Security Breach


Multinational computer technology company Dell disclosed Wednesday that its online electronics marketplace experienced a "cybersecurity incident" earlier this month when an unknown group of hackers infiltrated its internal network.

On November 9, Dell detected and disrupted unauthorized activity on its network attempting to steal customer information, including their names, email addresses and hashed passwords.

According to the company, the initial investigation found no conclusive evidence that the hackers succeeded to extract any information, but as a countermeasure Dell has reset passwords for all accounts on Dell.com website whether the data had been stolen or not.

Dell did not share any information on how hackers managed to infiltrate its network at the first place or how many user accounts were affected, but the company did confirm that payment information and Social Security numbers were not targeted.
Read more