Kategorie

Socially engineered SMS messages are being used to install malware on Android devices as part of a widespread phishing campaign that impersonates the Iranian government and social security services to make away with credit card details and steal funds from victims' bank accounts. Unlike other variants of banking malware that bank of overlay attacks to capture sensitive data without the knowledge

A Russian national charged with providing bulletproof hosting services for cybercriminals, who used the platform to spread malware and attack U.S. organizations and financial institutions between 2009 to 2015, has received a 60-month prison sentence. 34-year-old Aleksandr Grichishkin, along with Andrei Skvortsov, founded the bulletproof hosting service and rented its infrastructure to other

Mozilla has rolled out fixes to address a critical security weakness in its cross-platform Network Security Services (NSS) cryptographic library that could be potentially exploited by an adversary to crash a vulnerable application and even execute arbitrary code. Tracked as CVE-2021-43527, the flaw affects NSS versions prior to 3.73 or 3.68.1 ESR, and concerns a heap overflow vulnerability when

Unofficial patches have been issued to remediate an improperly patched Windows security vulnerability that could allow information disclosure and local privilege escalation (LPE) on vulnerable systems. Tracked as CVE-2021-24084 (CVSS score: 5.5), the flaw concerns an information disclosure vulnerability in the Windows Mobile Device Management component that could enable an attacker to gain

Four different Android banking trojans were spread via the official Google Play Store between August and November 2021, resulting in more than 300,000 infections through various dropper apps that posed as seemingly harmless utility apps to take full control of the infected devices. Designed to deliver Anatsa (aka TeaBot), Alien, ERMAC, and Hydra, cybersecurity firm ThreatFabric said the malware

A sixth member associated with an international hacking group known as The Community has been sentenced in connection with a multimillion-dollar SIM swapping conspiracy, the U.S. Department of Justice (DoJ) said. Garrett Endicott, 22, from the U.S. state of Missouri, who pleaded guilty to charges of wire fraud and aggravated identity theft following an indictment in 2019, was sentenced to 10

Three different state-sponsored threat actors aligned with China, India, and Russia have been observed adopting a new method called RTF (aka Rich Text Format) template injection as part of their phishing campaigns to deliver malware to targeted systems. "RTF template injection is a novel technique that is ideal for malicious phishing attachments because it is simple and allows threat actors to

The Variation Swatches plugin security flaw lets attackers with low-level permissions tweak important settings on e-commerce sites to inject malicious scripts.

@import url('https://themes.googleusercontent.com/fonts/css?kit=t66UaDGGO9uRFa9A_n0Ge4kPz49mG1-u2NJpkhDAP5E');.lst-kix_q4elz23jmthh-5>li{counter-increment:lst-ctn-kix_q4elz23jmthh-5}ol.lst-kix_q4elz23jmthh-6.start{counter-reset:lst-ctn-kix_q4elz23jmthh-6 0}ul.lst-kix_wy7koemfbmv1-3{list-style-type:none}ul.lst-kix_wy7koemfbmv1-2{list-style-type:none}ul.lst-kix_wy7koemfbmv1-5{list-style-type:none}.lst-kix_2hgb22nra90i-8>li:before{content:"\0025a0 "}ul.lst-kix_wy7koemfbmv1-4{list-style-type:none}ul.lst-kix_wy7koemfbmv1-1{list-style-type:none}.lst-kix_2hgb22nra90i-7>li:before{content:"\0025cb "}ul.lst-kix_wy7koemfbmv1-0{list-style-type:none}ol.lst-kix_q4elz23jmthh-0.start{counter-reset:lst-ctn-kix_q4elz23jmthh-0 0}.lst-kix_2hgb22nra90i-4>li:before{content:"\0025cb "}.lst-kix_2hgb22nra90i-6>li:before{content:"\0025cf "}.lst-kix_2hgb22nra90i-5>li:before{content:"\0025a0 "}ul.lst-kix_z8xtsan2wa5s-5{list-style-type:none}ul.lst-kix_z8xtsan2wa5s-6{list-style-type:none}.lst-kix_q4elz23jmthh-7>li{counter-increment:lst-ctn-kix_q4elz23jmthh-7}ul.lst-kix_z8xtsan2wa5s-7{list-style-type:none}ul.lst-kix_z8xtsan2wa5s-8{list-style-type:none}.lst-kix_2hgb22nra90i-0>li:before{content:"\0025cf "}.lst-kix_2hgb22nra90i-2>li:before{content:"\0025a0 "}.lst-kix_2hgb22nra90i-3>li:before{content:"\0025cf "}ul.lst-kix_z8xtsan2wa5s-0{list-style-type:none}ul.lst-kix_z8xtsan2wa5s-1{list-style-type:none}ul.lst-kix_wy7koemfbmv1-7{list-style-type:none}ul.lst-kix_z8xtsan2wa5s-2{list-style-type:none}ul.lst-kix_wy7koemfbmv1-6{list-style-type:none}ul.lst-kix_z8xtsan2wa5s-3{list-style-type:none}ul.lst-kix_z8xtsan2wa5s-4{list-style-type:none}.lst-kix_2hgb22nra90i-1>li:before{content:"\0025cb "}ul.lst-kix_wy7koemfbmv1-8{list-style-type:none}.lst-kix_q4elz23jmthh-5>li:before{content:"" counter(lst-ctn-kix_q4elz23jmthh-5,lower-roman) ". "}.lst-kix_q4elz23jmthh-6>li:before{content:"" counter(lst-ctn-kix_q4elz23jmthh-6,decimal) ". "}.lst-kix_q4elz23jmthh-4>li:before{content:"" counter(lst-ctn-kix_q4elz23jmthh-4,lower-latin) ". "}.lst-kix_q4elz23jmthh-8>li:before{content:"" counter(lst-ctn-kix_q4elz23jmthh-8,lower-roman) ". "}.lst-kix_oetzaqvyxxoa-0>li:before{content:"\0025cf "}.lst-kix_oetzaqvyxxoa-1>li:before{content:"\0025cb "}.lst-kix_oetzaqvyxxoa-2>li:before{content:"\0025a0 "}.lst-kix_oetzaqvyxxoa-3>li:before{content:"\0025cf "}.lst-kix_q4elz23jmthh-7>li:before{content:"" counter(lst-ctn-kix_q4elz23jmthh-7,lower-latin) ". "}.lst-kix_q4elz23jmthh-0>li:before{content:"" counter(lst-ctn-kix_q4elz23jmthh-0,decimal) ". "}.lst-kix_q4elz23jmthh-1>li:before{content:"" counter(lst-ctn-kix_q4elz23jmthh-1,lower-latin) ". "}.lst-kix_q4elz23jmthh-2>li:before{content:"" counter(lst-ctn-kix_q4elz23jmthh-2,lower-roman) ". "}.lst-kix_q4elz23jmthh-3>li{counter-increment:lst-ctn-kix_q4elz23jmthh-3}.lst-kix_q4elz23jmthh-3>li:before{content:"" counter(lst-ctn-kix_q4elz23jmthh-3,decimal) ". "}ul.lst-kix_ohd9cwgi2ci1-5{list-style-type:none}ul.lst-kix_ohd9cwgi2ci1-4{list-style-type:none}ul.lst-kix_ohd9cwgi2ci1-7{list-style-type:none}ul.lst-kix_ohd9cwgi2ci1-6{list-style-type:none}ul.lst-kix_ohd9cwgi2ci1-8{list-style-type:none}ul.lst-kix_ugjdqlaeq7aq-2{list-style-type:none}ul.lst-kix_ugjdqlaeq7aq-3{list-style-type:none}.lst-kix_oetzaqvyxxoa-6>li:before{content:"\0025cf "}.lst-kix_oetzaqvyxxoa-7>li:before{content:"\0025cb "}ul.lst-kix_ugjdqlaeq7aq-0{list-style-type:none}ul.lst-kix_ugjdqlaeq7aq-1{list-style-type:none}ol.lst-kix_q4elz23jmthh-5.start{counter-reset:lst-ctn-kix_q4elz23jmthh-5 0}ul.lst-kix_ugjdqlaeq7aq-6{list-style-type:none}ul.lst-kix_ugjdqlaeq7aq-7{list-style-type:none}.lst-kix_oetzaqvyxxoa-4>li:before{content:"\0025cb "}.lst-kix_oetzaqvyxxoa-5>li:before{content:"\0025a0 "}.lst-kix_oetzaqvyxxoa-8>li:before{content:"\0025a0 "}ul.lst-kix_ugjdqlaeq7aq-4{list-style-type:none}ul.lst-kix_ugjdqlaeq7aq-5{list-style-type:none}ul.lst-kix_ugjdqlaeq7aq-8{list-style-type:none}.lst-kix_x7i5vtjupm2f-2>li:before{content:"\0025a0 "}.lst-kix_x7i5vtjupm2f-6>li:before{content:"\0025cf "}ul.lst-kix_2fd9br43vo52-4{list-style-type:none}ul.lst-kix_2fd9br43vo52-3{list-style-type:none}.lst-kix_ohd9cwgi2ci1-3>li:before{content:"\0025cf "}ul.lst-kix_2fd9br43vo52-6{list-style-type:none}ul.lst-kix_2fd9br43vo52-5{list-style-type:none}ul.lst-kix_2fd9br43vo52-8{list-style-type:none}.lst-kix_fvn7czyjg1wz-2>li:before{content:"\0025a0 "}ul.lst-kix_2fd9br43vo52-7{list-style-type:none}.lst-kix_x7i5vtjupm2f-4>li:before{content:"\0025cb "}.lst-kix_2fd9br43vo52-3>li:before{content:"\0025cf "}.lst-kix_fvn7czyjg1wz-4>li:before{content:"\0025cb "}ul.lst-kix_2fd9br43vo52-0{list-style-type:none}.lst-kix_2fd9br43vo52-5>li:before{content:"\0025a0 "}ul.lst-kix_2fd9br43vo52-2{list-style-type:none}ul.lst-kix_2fd9br43vo52-1{list-style-type:none}.lst-kix_4idwybng3hbx-2>li:before{content:"\0025a0 "}.lst-kix_2fd9br43vo52-7>li:before{content:"\0025cb "}.lst-kix_fvn7czyjg1wz-8>li:before{content:"\0025a0 "}.lst-kix_ohd9cwgi2ci1-1>li:before{content:"\0025cb "}.lst-kix_4idwybng3hbx-0>li:before{content:"\0025cf "}.lst-kix_fvn7czyjg1wz-6>li:before{content:"\0025cf "}.lst-kix_x7i5vtjupm2f-0>li:before{content:"\0025cf "}.lst-kix_ugjdqlaeq7aq-8>li:before{content:"\0025a0 "}ul.lst-kix_fvn7czyjg1wz-2{list-style-type:none}ul.lst-kix_fvn7czyjg1wz-1{list-style-type:none}ul.lst-kix_fvn7czyjg1wz-0{list-style-type:none}.lst-kix_wy7koemfbmv1-4>li:before{content:"\0025cb "}.lst-kix_ugjdqlaeq7aq-6>li:before{content:"\0025cf "}ol.lst-kix_q4elz23jmthh-7.start{counter-reset:lst-ctn-kix_q4elz23jmthh-7 0}.lst-kix_wy7koemfbmv1-0>li:before{content:"\0025cf "}.lst-kix_wy7koemfbmv1-2>li:before{content:"\0025a0 "}.lst-kix_ugjdqlaeq7aq-0>li:before{content:"\0025cf "}.lst-kix_ohd9cwgi2ci1-5>li:before{content:"\0025cf "}.lst-kix_ohd9cwgi2ci1-7>li:before{content:"\0025cf "}.lst-kix_2fd9br43vo52-1>li:before{content:"\0025cb "}.lst-kix_ugjdqlaeq7aq-2>li:before{content:"\0025a0 "}ul.lst-kix_2hgb22nra90i-0{list-style-type:none}ul.lst-kix_2hgb22nra90i-1{list-style-type:none}ul.lst-kix_2hgb22nra90i-2{list-style-type:none}ul.lst-kix_2hgb22nra90i-3{list-style-type:none}.lst-kix_fvn7czyjg1wz-0>li:before{content:"\0025cf "}.lst-kix_ugjdqlaeq7aq-4>li:before{content:"\0025cb "}ul.lst-kix_2hgb22nra90i-4{list-style-type:none}ul.lst-kix_2hgb22nra90i-5{list-style-type:none}ul.lst-kix_fvn7czyjg1wz-8{list-style-type:none}ul.lst-kix_2hgb22nra90i-6{list-style-type:none}ul.lst-kix_fvn7czyjg1wz-7{list-style-type:none}ul.lst-kix_2hgb22nra90i-7{list-style-type:none}ul.lst-kix_fvn7czyjg1wz-6{list-style-type:none}ul.lst-kix_2hgb22nra90i-8{list-style-type:none}ul.lst-kix_fvn7czyjg1wz-5{list-style-type:none}ul.lst-kix_fvn7czyjg1wz-4{list-style-type:none}.lst-kix_x7i5vtjupm2f-8>li:before{content:"\0025a0 "}ul.lst-kix_fvn7czyjg1wz-3{list-style-type:none}ul.lst-kix_81cegzboe9ky-8{list-style-type:none}ul.lst-kix_81cegzboe9ky-5{list-style-type:none}ul.lst-kix_81cegzboe9ky-4{list-style-type:none}ul.lst-kix_81cegzboe9ky-7{list-style-type:none}ul.lst-kix_81cegzboe9ky-6{list-style-type:none}ol.lst-kix_q4elz23jmthh-8.start{counter-reset:lst-ctn-kix_q4elz23jmthh-8 0}ul.lst-kix_oetzaqvyxxoa-2{list-style-type:none}ul.lst-kix_oetzaqvyxxoa-3{list-style-type:none}ul.lst-kix_oetzaqvyxxoa-0{list-style-type:none}ul.lst-kix_oetzaqvyxxoa-1{list-style-type:none}ul.lst-kix_oetzaqvyxxoa-6{list-style-type:none}ul.lst-kix_oetzaqvyxxoa-7{list-style-type:none}ul.lst-kix_oetzaqvyxxoa-4{list-style-type:none}ul.lst-kix_oetzaqvyxxoa-5{list-style-type:none}ul.lst-kix_oetzaqvyxxoa-8{list-style-type:none}ul.lst-kix_4idwybng3hbx-5{list-style-type:none}ul.lst-kix_4idwybng3hbx-4{list-style-type:none}.lst-kix_81cegzboe9ky-2>li:before{content:"\0025a0 "}.lst-kix_81cegzboe9ky-4>li:before{content:"\0025cb "}ul.lst-kix_4idwybng3hbx-7{list-style-type:none}ul.lst-kix_4idwybng3hbx-6{list-style-type:none}.lst-kix_wy7koemfbmv1-6>li:before{content:"\0025cf "}ul.lst-kix_4idwybng3hbx-8{list-style-type:none}.lst-kix_2gk0zovl15u8-4>li:before{content:"\0025cb "}.lst-kix_81cegzboe9ky-0>li:before{content:"\0025cf "}.lst-kix_81cegzboe9ky-6>li:before{content:"\0025cf "}.lst-kix_81cegzboe9ky-8>li:before{content:"\0025a0 "}.lst-kix_wy7koemfbmv1-8>li:before{content:"\0025a0 "}ul.lst-kix_4idwybng3hbx-1{list-style-type:none}ul.lst-kix_4idwybng3hbx-0{list-style-type:none}ul.lst-kix_4idwybng3hbx-3{list-style-type:none}.lst-kix_2gk0zovl15u8-6>li:before{content:"\0025cf "}ul.lst-kix_4idwybng3hbx-2{list-style-type:none}.lst-kix_prwgb47nvxz6-8>li:before{content:"\0025a0 "}.lst-kix_2gk0zovl15u8-8>li:before{content:"\0025a0 "}ul.lst-kix_81cegzboe9ky-1{list-style-type:none}ul.lst-kix_81cegzboe9ky-0{list-style-type:none}ul.lst-kix_81cegzboe9ky-3{list-style-type:none}ul.lst-kix_81cegzboe9ky-2{list-style-type:none}.lst-kix_z8xtsan2wa5s-3>li:before{content:"\0025cf "}.lst-kix_z8xtsan2wa5s-2>li:before{content:"\0025a0 "}.lst-kix_z8xtsan2wa5s-4>li:before{content:"\0025cb "}.lst-kix_prwgb47nvxz6-0>li:before{content:"\0025cf "}.lst-kix_z8xtsan2wa5s-1>li:before{content:"\0025cb "}.lst-kix_z8xtsan2wa5s-5>li:before{content:"\0025a0 "}.lst-kix_prwgb47nvxz6-1>li:before{content:"\0025cb "}ol.lst-kix_q4elz23jmthh-4{list-style-type:none}ol.lst-kix_q4elz23jmthh-3{list-style-type:none}ol.lst-kix_q4elz23jmthh-3.start{counter-reset:lst-ctn-kix_q4elz23jmthh-3 0}ol.lst-kix_q4elz23jmthh-6{list-style-type:none}ol.lst-kix_q4elz23jmthh-5{list-style-type:none}ol.lst-kix_q4elz23jmthh-0{list-style-type:none}ol.lst-kix_q4elz23jmthh-2{list-style-type:none}ol.lst-kix_q4elz23jmthh-1{list-style-type:none}.lst-kix_prwgb47nvxz6-6>li:before{content:"\0025cf "}.lst-kix_prwgb47nvxz6-5>li:before{content:"\0025a0 "}.lst-kix_z8xtsan2wa5s-7>li:before{content:"\0025cb "}.lst-kix_prwgb47nvxz6-3>li:before{content:"\0025cf "}.lst-kix_z8xtsan2wa5s-6>li:before{content:"\0025cf "}.lst-kix_z8xtsan2wa5s-8>li:before{content:"\0025a0 "}.lst-kix_prwgb47nvxz6-2>li:before{content:"\0025a0 "}.lst-kix_prwgb47nvxz6-4>li:before{content:"\0025cb "}.lst-kix_2gk0zovl15u8-3>li:before{content:"\0025cf "}.lst-kix_q4elz23jmthh-6>li{counter-increment:lst-ctn-kix_q4elz23jmthh-6}.lst-kix_2gk0zovl15u8-2>li:before{content:"\0025a0 "}.lst-kix_2gk0zovl15u8-1>li:before{content:"\0025cb "}.lst-kix_cw1yal3teuur-8>li:before{content:"\0025a0 "}.lst-kix_2gk0zovl15u8-0>li:before{content:"\0025cf "}.lst-kix_cw1yal3teuur-6>li:before{content:"\0025cf "}.lst-kix_cw1yal3teuur-7>li:before{content:"\0025cb "}.lst-kix_q4elz23jmthh-4>li{counter-increment:lst-ctn-kix_q4elz23jmthh-4}ol.lst-kix_q4elz23jmthh-8{list-style-type:none}ol.lst-kix_q4elz23jmthh-7{list-style-type:none}.lst-kix_z8xtsan2wa5s-0>li:before{content:"\0025cf "}.lst-kix_cw1yal3teuur-0>li:before{content:"\0025cf "}.lst-kix_cw1yal3teuur-2>li:before{content:"\0025a0 "}.lst-kix_cw1yal3teuur-3>li:before{content:"\0025cf "}ol.lst-kix_q4elz23jmthh-4.start{counter-reset:lst-ctn-kix_q4elz23jmthh-4 0}.lst-kix_cw1yal3teuur-1>li:before{content:"\0025cb "}.lst-kix_cw1yal3teuur-4>li:before{content:"\0025cb "}.lst-kix_cw1yal3teuur-5>li:before{content:"\0025a0 "}.lst-kix_4idwybng3hbx-6>li:before{content:"\0025cf "}.lst-kix_4idwybng3hbx-5>li:before{content:"\0025a0 "}.lst-kix_4idwybng3hbx-7>li:before{content:"\0025cb "}.lst-kix_q4elz23jmthh-0>li{counter-increment:lst-ctn-kix_q4elz23jmthh-0}.lst-kix_4idwybng3hbx-3>li:before{content:"\0025cf "}.lst-kix_4idwybng3hbx-4>li:before{content:"\0025cb "}.lst-kix_4idwybng3hbx-8>li:before{content:"\0025a0 "}.lst-kix_x7i5vtjupm2f-5>li:before{content:"\0025a0 "}.lst-kix_x7i5vtjupm2f-7>li:before{content:"\0025cb "}.lst-kix_x7i5vtjupm2f-3>li:before{content:"\0025cf "}.lst-kix_ohd9cwgi2ci1-4>li:before{content:"\0025cf "}.lst-kix_2fd9br43vo52-2>li:before{content:"\0025a0 "}.lst-kix_fvn7czyjg1wz-3>li:before{content:"\0025cf "}ul.lst-kix_x7i5vtjupm2f-8{list-style-type:none}ul.lst-kix_ohd9cwgi2ci1-1{list-style-type:none}ul.lst-kix_x7i5vtjupm2f-4{list-style-type:none}ul.lst-kix_ohd9cwgi2ci1-0{list-style-type:none}ul.lst-kix_x7i5vtjupm2f-5{list-style-type:none}ul.lst-kix_ohd9cwgi2ci1-3{list-style-type:none}.lst-kix_2fd9br43vo52-4>li:before{content:"\0025cb "}ul.lst-kix_x7i5vtjupm2f-6{list-style-type:none}.lst-kix_fvn7czyjg1wz-5>li:before{content:"\0025a0 "}ul.lst-kix_ohd9cwgi2ci1-2{list-style-type:none}ul.lst-kix_x7i5vtjupm2f-7{list-style-type:none}.lst-kix_ohd9cwgi2ci1-2>li:before{content:"\0025a0 "}ul.lst-kix_x7i5vtjupm2f-0{list-style-type:none}ul.lst-kix_x7i5vtjupm2f-1{list-style-type:none}ul.lst-kix_prwgb47nvxz6-8{list-style-type:none}.lst-kix_4idwybng3hbx-1>li:before{content:"\0025cb "}ul.lst-kix_x7i5vtjupm2f-2{list-style-type:none}.lst-kix_x7i5vtjupm2f-1>li:before{content:"\0025cb "}ul.lst-kix_x7i5vtjupm2f-3{list-style-type:none}.lst-kix_ohd9cwgi2ci1-0>li:before{content:"\0025cf "}.lst-kix_2fd9br43vo52-6>li:before{content:"\0025cf "}.lst-kix_fvn7czyjg1wz-7>li:before{content:"\0025cb "}.lst-kix_wy7koemfbmv1-5>li:before{content:"\0025a0 "}ul.lst-kix_prwgb47nvxz6-2{list-style-type:none}ul.lst-kix_prwgb47nvxz6-3{list-style-type:none}ul.lst-kix_prwgb47nvxz6-0{list-style-type:none}ul.lst-kix_prwgb47nvxz6-1{list-style-type:none}ul.lst-kix_prwgb47nvxz6-6{list-style-type:none}ul.lst-kix_prwgb47nvxz6-7{list-style-type:none}ul.lst-kix_prwgb47nvxz6-4{list-style-type:none}ul.lst-kix_prwgb47nvxz6-5{list-style-type:none}.lst-kix_wy7koemfbmv1-3>li:before{content:"\0025cf "}.lst-kix_ugjdqlaeq7aq-7>li:before{content:"\0025cb "}.lst-kix_wy7koemfbmv1-1>li:before{content:"\0025cb "}.lst-kix_ohd9cwgi2ci1-6>li:before{content:"\0025cf "}.lst-kix_ugjdqlaeq7aq-1>li:before{content:"\0025cb "}.lst-kix_2fd9br43vo52-0>li:before{content:"\0025cf "}.lst-kix_fvn7czyjg1wz-1>li:before{content:"\0025cb "}.lst-kix_ugjdqlaeq7aq-5>li:before{content:"\0025a0 "}.lst-kix_ugjdqlaeq7aq-3>li:before{content:"\0025cf "}.lst-kix_q4elz23jmthh-1>li{counter-increment:lst-ctn-kix_q4elz23jmthh-1}.lst-kix_ohd9cwgi2ci1-8>li:before{content:"\0025cf "}ol.lst-kix_q4elz23jmthh-1.start{counter-reset:lst-ctn-kix_q4elz23jmthh-1 0}.lst-kix_q4elz23jmthh-8>li{counter-increment:lst-ctn-kix_q4elz23jmthh-8}.lst-kix_q4elz23jmthh-2>li{counter-increment:lst-ctn-kix_q4elz23jmthh-2}.lst-kix_81cegzboe9ky-3>li:before{content:"\0025cf "}.lst-kix_81cegzboe9ky-1>li:before{content:"\0025cb "}.lst-kix_81cegzboe9ky-5>li:before{content:"\0025a0 "}.lst-kix_2fd9br43vo52-8>li:before{content:"\0025a0 "}.lst-kix_wy7koemfbmv1-7>li:before{content:"\0025cb "}.lst-kix_81cegzboe9ky-7>li:before{content:"\0025cb "}.lst-kix_2gk0zovl15u8-5>li:before{content:"\0025a0 "}ul.lst-kix_2gk0zovl15u8-0{list-style-type:none}ul.lst-kix_2gk0zovl15u8-2{list-style-type:none}.lst-kix_2gk0zovl15u8-7>li:before{content:"\0025cb "}ul.lst-kix_2gk0zovl15u8-1{list-style-type:none}li.li-bullet-0:before{margin-left:-18pt;white-space:nowrap;display:inline-block;min-width:18pt}ul.lst-kix_2gk0zovl15u8-4{list-style-type:none}ul.lst-kix_2gk0zovl15u8-3{list-style-type:none}ul.lst-kix_cw1yal3teuur-5{list-style-type:none}.lst-kix_prwgb47nvxz6-7>li:before{content:"\0025cb "}ul.lst-kix_2gk0zovl15u8-6{list-style-type:none}ul.lst-kix_cw1yal3teuur-4{list-style-type:none}ul.lst-kix_2gk0zovl15u8-5{list-style-type:none}ul.lst-kix_cw1yal3teuur-7{list-style-type:none}ul.lst-kix_2gk0zovl15u8-8{list-style-type:none}ul.lst-kix_cw1yal3teuur-6{list-style-type:none}ul.lst-kix_2gk0zovl15u8-7{list-style-type:none}ul.lst-kix_cw1yal3teuur-8{list-style-type:none}ul.lst-kix_cw1yal3teuur-1{list-style-type:none}ol.lst-kix_q4elz23jmthh-2.start{counter-reset:lst-ctn-kix_q4elz23jmthh-2 0}ul.lst-kix_cw1yal3teuur-0{list-style-type:none}ul.lst-kix_cw1yal3teuur-3{list-style-type:none}ul.lst-kix_cw1yal3teuur-2{list-style-type:none}ol{margin:0;padding:0}table td,table th{padding:0}.c15{border-right-style:solid;padding:5pt 5pt 5pt 5pt;border-bottom-color:#000000;border-top-width:1pt;border-right-width:1pt;border-left-color:#000000;vertical-align:top;border-right-color:#000000;border-left-width:1pt;border-top-style:solid;border-left-style:solid;border-bottom-width:1pt;width:468pt;border-top-color:#000000;border-bottom-style:solid}.c6{color:#000000;font-weight:700;text-decoration:none;vertical-align:baseline;font-size:11pt;font-family:"Arial";font-style:italic}.c2{padding-top:0pt;padding-bottom:0pt;line-height:1.5;orphans:2;widows:2;text-align:left;height:11pt}.c31{background-color:#ffffff;padding-top:0pt;padding-bottom:0pt;line-height:1.3;text-align:left;height:11pt}.c13{padding-top:0pt;padding-bottom:0pt;line-height:1.5;orphans:2;widows:2;text-align:left}.c19{background-color:#ffffff;font-size:8pt;font-family:Consolas,"Courier New";color:#009900;font-weight:400}.c34{background-color:#ffffff;padding-top:0pt;padding-bottom:0pt;line-height:1.3;text-align:left}.c12{background-color:#ffffff;font-size:8pt;font-family:Consolas,"Courier New";color:#993333;font-weight:400}.c1{background-color:#ffffff;font-size:8pt;font-family:Consolas,"Courier New";color:#212529;font-weight:400}.c45{color:#333333;text-decoration:none;vertical-align:baseline;font-size:30pt;font-family:"Amatic SC"}.c7{font-size:8pt;font-family:Consolas,"Courier New";color:#333333;font-weight:400}.c4{margin-left:36pt;border-spacing:0;border-collapse:collapse;margin-right:auto}.c14{border-spacing:0;border-collapse:collapse;margin-right:auto}.c26{text-decoration-skip-ink:none;-webkit-text-decoration-skip:none;color:#1155cc;text-decoration:underline}.c11{color:#000000;font-weight:400;font-size:11pt;font-family:"Arial"}.c3{padding-top:0pt;padding-bottom:0pt;line-height:1.0;text-align:left}.c10{font-size:8pt;font-family:Consolas,"Courier New";color:#0000ff;font-weight:400}.c40{padding-top:0pt;padding-bottom:0pt;line-height:1.5;text-align:center}.c24{color:#000000;font-weight:700;font-size:11pt;font-family:"Arial"}.c0{font-size:9pt;font-family:Consolas,"Courier New";color:#333333;font-weight:400}.c18{font-size:8pt;font-family:Consolas,"Courier New";color:#008080;font-weight:400}.c5{font-size:9pt;font-family:Consolas,"Courier New";color:#0000ff;font-weight:400}.c30{color:#000000;font-weight:400;font-size:10pt;font-family:"Arial"}.c42{background-color:#ffffff;font-size:8pt;color:#b1b100}.c47{font-weight:400;font-size:8pt;font-family:"Arial"}.c28{background-color:#ffffff;font-size:8pt;color:#000066}.c38{background-color:#ffffff;font-size:8pt;color:#ff0000}.c23{background-color:#ffffff;font-size:8pt;color:#339933}.c8{text-decoration:none;vertical-align:baseline;font-style:normal}.c50{background-color:#ffffff;max-width:468pt;padding:72pt 72pt 72pt 72pt}.c46{text-decoration:none;vertical-align:baseline;font-style:italic}.c51{background-color:#ffffff;font-size:8pt;color:#0000dd}.c9{color:inherit;text-decoration:inherit}.c27{margin-left:36pt;padding-left:0pt}.c17{padding:0;margin:0}.c22{font-size:9pt;color:#008000}.c21{font-weight:400;font-family:Consolas,"Courier New"}.c33{orphans:2;widows:2}.c44{width:33%;height:1px}.c35{font-weight:400;font-style:italic}.c48{font-size:8pt;color:#8b0000}.c29{height:0pt}.c39{font-size:11pt}.c32{font-weight:700}.c41{font-size:10pt}.c20{vertical-align:super}.c49{height:11pt}.c36{color:#000000}.c16{page-break-after:avoid}.c37{font-size:5pt}.c43{margin-left:36pt}.c25{font-size:9pt}.title{padding-top:0pt;color:#000000;font-weight:700;font-size:11pt;padding-bottom:0pt;font-family:"Arial";line-height:1.5;page-break-after:avoid;orphans:2;widows:2;text-align:left}.subtitle{padding-top:0pt;color:#000000;font-size:10pt;padding-bottom:0pt;font-family:"Arial";line-height:1.0;page-break-after:avoid;orphans:2;widows:2;text-align:left}li{color:#000000;font-size:11pt;font-family:"Arial"}p{margin:0;color:#000000;font-size:11pt;font-family:"Arial"}h1{padding-top:0pt;color:#000000;font-weight:700;font-size:11pt;padding-bottom:0pt;font-family:"Arial";line-height:1.5;page-break-after:avoid;orphans:2;widows:2;text-align:left}h2{padding-top:0pt;color:#000000;font-weight:700;font-size:11pt;padding-bottom:0pt;font-family:"Arial";line-height:1.5;page-break-after:avoid;orphans:2;widows:2;text-align:left}h3{padding-top:0pt;color:#000000;font-weight:700;font-size:11pt;padding-bottom:0pt;font-family:"Arial";line-height:1.5;page-break-after:avoid;orphans:2;widows:2;text-align:left}h4{padding-top:0pt;color:#000000;font-weight:700;font-size:11pt;padding-bottom:0pt;font-family:"Arial";line-height:1.5;page-break-after:avoid;orphans:2;widows:2;text-align:left}h5{padding-top:12pt;color:#666666;font-size:11pt;padding-bottom:4pt;font-family:"Arial";line-height:1.5;page-break-after:avoid;orphans:2;widows:2;text-align:left}h6{padding-top:12pt;color:#666666;font-size:11pt;padding-bottom:4pt;font-family:"Arial";line-height:1.5;page-break-after:avoid;font-style:italic;orphans:2;widows:2;text-align:left}

Posted by Tavis Ormandy, Project Zero

Introduction

This is an unusual blog post. I normally write posts to highlight some hidden attack surface or interesting complex vulnerability class. This time, I want to talk about a vulnerability that is neither of those things. The striking thing about this vulnerability is just how simple it is. This should have been caught earlier, and I want to explore why that didn’t happen.

In 2021, all good bugs need a catchy name, so I’m calling this one “BigSig”.

First, let’s take a look at the bug, I’ll explain how I found it and then try to understand why we missed it for so long.

Analysis

Network Security Services (NSS) is Mozilla's widely used, cross-platform cryptography library. When you verify an ASN.1 encoded digital signature, NSS will create a VFYContext structure to store the necessary data. This includes things like the public key, the hash algorithm, and the signature itself.

struct VFYContextStr {

   SECOidTag hashAlg; /* the hash algorithm */

   SECKEYPublicKey *key;

   union {

       unsigned char buffer[1];

       unsigned char dsasig[DSA_MAX_SIGNATURE_LEN];

       unsigned char ecdsasig[2 * MAX_ECKEY_LEN];

       unsigned char rsasig[(RSA_MAX_MODULUS_BITS + 7) / 8];

   } u;

   unsigned int pkcs1RSADigestInfoLen;

   unsigned char *pkcs1RSADigestInfo;

   void *wincx;

   void *hashcx;

   const SECHashObject *hashobj;

   SECOidTag encAlg;    /* enc alg */

   PRBool hasSignature;

   SECItem *params;

};

Fig 1. The VFYContext structure from NSS.

The maximum size signature that this structure can handle is whatever the largest union member is, in this case that’s RSA at 2048 bytes. That’s 16384 bits, large enough to accommodate signatures from even the most ridiculously oversized keys.

Okay, but what happens if you just....make a signature that’s bigger than that?

Well, it turns out the answer is memory corruption. Yes, really.

The untrusted signature is simply copied into this fixed-sized buffer, overwriting adjacent members with arbitrary attacker-controlled data.

The bug is simple to reproduce and affects multiple algorithms. The easiest to demonstrate is RSA-PSS. In fact, just these three commands work:

# We need 16384 bits to fill the buffer, then 32 + 64 + 64 + 64 bits to overflow to hashobj,

# which contains function pointers (bigger would work too, but takes longer to generate).

$ openssl genpkey -algorithm rsa-pss -pkeyopt rsa_keygen_bits:$((16384 + 32 + 64 + 64 + 64)) -pkeyopt rsa_keygen_primes:5 -out bigsig.key

# Generate a self-signed certificate from that key

$ openssl req -x509 -new -key bigsig.key -subj "/CN=BigSig" -sha256 -out bigsig.cer

# Verify it with NSS...

$ vfychain -a bigsig.cer

Segmentation fault

Fig 2. Reproducing the BigSig vulnerability in three easy commands.

The actual code that does the corruption varies based on the algorithm; here is the code for RSA-PSS. The bug is that there is simply no bounds checking at all; sig and key are  arbitrary-length, attacker-controlled blobs, and cx->u is a fixed-size buffer.

           case rsaPssKey:

               sigLen = SECKEY_SignatureLen(key);

               if (sigLen == 0) {

                   /* error set by SECKEY_SignatureLen */

                   rv = SECFailure;

                   break;

               }

               if (sig->len != sigLen) {

                   PORT_SetError(SEC_ERROR_BAD_SIGNATURE);

                   rv = SECFailure;

                   break;

               }

               PORT_Memcpy(cx->u.buffer, sig->data, sigLen);

               break;

Fig 3. The signature size must match the size of the key, but there are no other limitations. cx->u is a fixed-size buffer, and sig is an arbitrary-length, attacker-controlled blob.

I think this vulnerability raises a few immediate questions:

• Was this a recent code change or regression that hadn’t been around long enough to be discovered? No, the original code was checked in with ECC support on the 17th October 2003, but wasn't exploitable until some refactoring in June 2012. In 2017, RSA-PSS support was added and made the same error.

• Does this bug require a long time to generate a key that triggers the bug? No, the example above generates a real key and signature, but it can just be garbage as the overflow happens before the signature check. A few kilobytes of A’s works just fine.

• Does reaching the vulnerable code require some complicated state that fuzzers and static analyzers would have difficulty synthesizing, like hashes or checksums? No, it has to be well-formed DER, that’s about it.

• Is this an uncommon code path? No, Firefox does not use this code path for RSA-PSS signatures, but the default entrypoint for certificate verification in NSS, CERT_VerifyCertificate(), is vulnerable.

• Is it specific to the RSA-PSS algorithm? No, it also affects DSA signatures.

• Is it unexploitable, or otherwise limited impact? No, the hashobj member can be clobbered. That object contains function pointers, which are used immediately.

This wasn’t a process failure, the vendor did everything right. Mozilla has a mature, world-class security team. They pioneered bug bounties, invest in memory safety, fuzzing and test coverage.

NSS was one of the very first projects included with oss-fuzz, it was officially supported since at least October 2014. Mozilla also fuzz NSS themselves with libFuzzer, and have contributed their own mutator collection and distilled coverage corpus. There is an extensive testsuite, and nightly ASAN builds.

I'm generally skeptical of static analysis, but this seems like a simple missing bounds check that should be easy to find. Coverity has been monitoring NSS since at least December 2008, and also appears to have failed to discover this.

Until 2015, Google Chrome used NSS, and maintained their own testsuite and fuzzing infrastructure independent of Mozilla. Today, Chrome platforms use BoringSSL, but the NSS port is still maintained.

• Did Mozilla have good test coverage for the vulnerable areas? YES.
• Did Mozilla/chrome/oss-fuzz have relevant inputs in their fuzz corpus? YES.
• Is there a mutator capable of extending ASN1_ITEMs? YES.
• Is this an intra-object overflow, or other form of corruption that ASAN would have difficulty detecting? NO, it's a textbook buffer overflow that ASAN can easily detect.

How did I find the bug?

I've been experimenting with alternative methods for measuring code coverage, to see if any have any practical use in fuzzing. The fuzzer that discovered this vulnerability used a combination of two approaches, stack coverage and object isolation.

Stack Coverage

The most common method of measuring code coverage is block coverage, or edge coverage when source code is available. I’ve been curious if that is always sufficient. For example, consider a simple dispatch table with a combination of trusted and untrusted parameters, as in Fig 4.

#include <stdio.h>

#include <string.h>

#include <limits.h>

 

static char buf[128];

 

void cmd_handler_foo(int a, size_t b) { memset(buf, a, b); }

void cmd_handler_bar(int a, size_t b) { cmd_handler_foo('A', sizeof buf); }

void cmd_handler_baz(int a, size_t b) { cmd_handler_bar(a, sizeof buf); }

 

typedef void (* dispatch_t)(int, size_t);

 

dispatch_t handlers[UCHAR_MAX] = {

    cmd_handler_foo,

    cmd_handler_bar,

    cmd_handler_baz,

};

 

int main(int argc, char **argv)

{

    int cmd;

 

    while ((cmd = getchar()) != EOF) {

        if (handlers[cmd]) {

            handlers[cmd](getchar(), getchar());

        }

    }

}

Fig 4. The coverage of command bar is a superset of command foo, so an input containing the latter would be discarded during corpus minimization. There is a vulnerability unreachable via command bar that might never be discovered. Stack coverage would correctly keep both inputs.[1]

To solve this problem, I’ve been experimenting with monitoring the call stack during execution.

The naive implementation is too slow to be practical, but after a lot of optimization I had come up with a library that was fast enough to be integrated into coverage-guided fuzzing, and was testing how it performed with NSS and other libraries.

Object Isolation

Many data types are constructed from smaller records. PNG files are made of chunks, PDF files are made of streams, ELF files are made of sections, and X.509 certificates are made of ASN.1 TLV items. If a fuzzer has some understanding of the underlying format, it can isolate these records and extract the one(s) causing some new stack trace to be found.

The fuzzer I was using is able to isolate and extract interesting new ASN.1 OIDs, SEQUENCEs, INTEGERs, and so on. Once extracted, it can then randomly combine or insert them into template data. This isn’t really a new idea, but is a new implementation. I'm planning to open source this code in the future.

Do these approaches work?

I wish that I could say that discovering this bug validates my ideas, but I’m not sure it does. I was doing some moderately novel fuzzing, but I see no reason this bug couldn’t have been found earlier with even rudimentary fuzzing techniques.

Lessons Learned

How did extensive, customized fuzzing with impressive coverage metrics fail to discover this bug?

What went wrong

Issue #1 Missing end-to-end testing.

NSS is a modular library. This layered design is reflected in the fuzzing approach, as each component is fuzzed independently. For example, the QuickDER decoder is tested extensively, but the fuzzer simply creates and discards objects and never uses them.

extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {

 char *dest[2048];

 for (auto tpl : templates) {

   PORTCheapArenaPool pool;

   SECItem buf = {siBuffer, const_cast<unsigned char *>(Data),

                  static_cast<unsigned int>(Size)};

   PORT_InitCheapArena(&pool, DER_DEFAULT_CHUNKSIZE);

   (void)SEC_QuickDERDecodeItem(&pool.arena, dest, tpl, &buf);

   PORT_DestroyCheapArena(&pool);

 }

Fig 5. The QuickDER fuzzer simply creates and discards objects. This verifies the ASN.1 parsing, but not whether other components handle the resulting objects correctly.

This fuzzer might have produced a SECKEYPublicKey that could have reached the vulnerable code, but as the result was never used to verify a signature, the bug could never be discovered.

Issue #2 Arbitrary size limits.

There is an arbitrary limit of 10000 bytes placed on fuzzed input. There is no such limit within NSS; many structures can exceed this size. This vulnerability demonstrates that errors happen at extremes, so this limit should be chosen thoughtfully.

A reasonable choice might be 224-1 bytes, the largest possible certificate that can be presented by a server during a TLS handshake negotiation.

While NSS might handle objects even larger than this, TLS cannot possibly be involved, reducing the overall severity of any vulnerabilities missed.

Issue #3 Misleading metrics.

All of the NSS fuzzers are represented in combined coverage metrics by oss-fuzz, rather than their individual coverage. This data proved misleading, as the vulnerable code is fuzzed extensively but by fuzzers that could not possibly generate a relevant input.

This is because fuzzers like the tls_server_target use fixed, hardcoded certificates. This exercises code relevant to certificate verification, but only fuzzes TLS messages and protocol state changes.

What Worked

• The design of the mozilla::pkix validation library prevented this bug from being worse than it could have been. Unfortunately it is unused outside of Firefox and Thunderbird.

It’s debatable whether this was just good fortune or not. It seems likely RSA-PSS would eventually be permitted by mozilla::pkix, even though it was not today.

Recommendations

This issue demonstrates that even extremely well-maintained C/C++ can have fatal, trivial mistakes.

Short Term

• Raise the maximum size of ASN.1 objects produced by libFuzzer from 10,000 to 224-1 = 16,777,215  bytes.

• The QuickDER fuzzer should call some relevant APIs with any objects successfully created before destroying them.
• The oss-fuzz code coverage metrics should be divided by fuzzer, not by project.

Solution

This vulnerability is CVE-2021-43527, and is resolved in NSS 3.73.0. If you are a vendor that distributes NSS in your products, you will most likely need to update or backport the patch.

Credits

I would not have been able to find this bug without assistance from my colleagues from Chrome, Ryan Sleevi and David Benjamin, who helped answer my ASN.1 encoding questions and engaged in thoughtful discussion on the topic.

Thanks to the NSS team, who helped triage and analyze the vulnerability.

[1] In this minimal example, a workaround if source was available would be to use a combination of sancov's data-flow instrumentation options, but that also fails on more complex variants.

Kaspersky researchers suspect that the cyberattackers may be a subgroup of the politically motivated, Palestine-focused Gaza Cybergang.

A newly discovered botnet capable of staging distributed denial-of-service (DDoS) attacks targeted unpatched Ribbon Communications (formerly Edgewater Networks) EdgeMarc appliances belonging to telecom service provider AT&T by exploiting a four-year-old flaw in the network appliances. Chinese tech giant Qihoo 360's Netlab network security division, which detected the botnet first on October 27,

Attackers use socially engineered SMS messages and malware to compromise tens of thousands of devices and drain user bank accounts.

IPFire 2.27 Core Update 161 has been released as a new maintenance update to the hardened open-source GNU/Linux distro that primarily performs as a router and a firewall. The release brings exFAT support to IPFire and boosts the intrusion prevention system's performance.

Oživeno 1. prosince: Minulý týden jsme záměrně vložili zabezpečenou platební kartu do formuláře, na který jsme se dostali z podvodného e-mailu. Pár pokusů o zneužití se objevilo hned první den, potom se týden nic nedělo. Teď se pravděpodobně karta dostala na začátek fronty a podvodníci s ní zkouší ...

Israel's Ministry of Defense has dramatically restricted the number of countries to which cybersecurity firms in the country are allowed to sell offensive hacking and surveillance tools to, cutting off 65 nations from the export list. The revised list, details of which were first reported by the Israeli business newspaper Calcalist, now only includes 37 countries, down from the previous 102:

Twitter on Tuesday announced an expansion to its private information policy to include private media, effectively prohibiting the sharing of photos and videos without express permission from the individuals depicted in them with an aim to curb doxxing and harassment. "Beginning today, we will not allow the sharing of private media, such as images or videos of private individuals without their

Attackers are actively making efforts to exploit a new variant of a recently disclosed privilege escalation vulnerability to potentially execute arbitrary code on fully-patched systems, once again demonstrating how adversaries move quickly to weaponize a publicly available exploit. Cisco Talos disclosed that it "detected malware samples in the wild that are attempting to take advantage of this

Cybersecurity researchers on Tuesday disclosed eight-year-old security flaws affecting 150 different multifunction printers (MFPs) from HP Inc that could be potentially abused by an adversary to take control of vulnerable devices, pilfer sensitive information, and infiltrate enterprise networks to mount other attacks. The two weaknesses — collectively called Printing Shellz — were discovered and

Most industry analyst firms conclude that between 80-90 percent of network traffic is encrypted today. Jeff Costlow, CISO at ExtraHop, explains why this might not be a good thing.

The insurer won’t pay for 'acts of cyber-war' or nation-state retaliation attacks.