Security News

Last week, Threatpost conducted a reader poll and almost 60 percent of 230 security pundits thought it was a "Good idea" to publish PoC code for zero days. Joseph Carson, chief security scientist at Thycotic, told Threatpost that while he thinks PoC exploits can have a positive impact, "It is also important to include what defenders can do to reduce the risks such a methods to harden systems or best practices."

Trend Micro announced the results of research featuring a honeypot imitating an industrial factory. The highly sophisticated Operational Technology honeypot attracted fraud and financially motivated exploits.

Microsoft says it's prepping a patch to fix a memory corruption flaw in multiple versions of Internet Explorer that is being exploited by in-the-wild attackers. The flaw, which exists in a scripting engine built into Internet Explorer, could be exploited by attackers to remotely execute code of their choosing, Microsoft says.

Exploits for Citrix ADC and Gateway flaw abound, attacks are ongoingWith several exploits targeting CVE-2019-19781 having been released over the weekend and the number of vulnerable endpoints still being over 25,000, attackers are having a field day. January 2020 Patch Tuesday: Microsoft nukes Windows crypto flaw flagged by the NSAAs forecasted, January 2020 Patch Tuesday releases by Microsoft and Adobe are pretty light: the "Star of the show" is CVE-2020-0601, a Windows flaw flagged by the NSA that could allow attackers to successfully spoof code-signing certificates and use them to sign malicious code or intercept and modify encrypted communications.

The practice of disclosing proof-of-concept exploits has long caused a debate in the security community. Just this past week, a slew of PoC exploits were published for various vulnerabilities, including ones for a recently patched crypto-spoofing vulnerability found by the National Security Agency and reported to Microsoft; and for critical flaws impacting the Cisco Data Center Network Manager tool for managing network platforms and switches.

Tom: Well, yeah, I will say that in a situation when you have a zero day or you have an unpatched vulnerability, I could make an argument that it is irresponsible and you know the disclosure of a PoC might be better suited for a bad channel as opposed to a chest-beating researcher who just wants some fame and maybe not so much fortune. I think it was called Cable Haunt and it was in multiple cable modems that are used by ISPs to provide broadband into homes so you know what's going on there?

Easy-to-use exploits have emerged online for two high-profile security vulnerabilities, namely the Windows certificate spoofing bug and the Citrix VPN gateway hole. Within hours of the NSA going public with details about its prized bug find, exploit writers posted working code demonstrating how the flaw can be abused to trick unpatched Windows computers into accepting fake digital certificates - which are used to verify the legitimacy of software, and encrypt web connections.

Proof-of-concept exploit code has been published for critical flaws impacting the Cisco Data Center Network Manager tool for managing network platforms and switches. The three critical vulnerabilities in question impact DCNM, a platform for managing Cisco data centers that run Cisco's NX-OS - the network operating system used by Cisco's Nexus-series Ethernet switches and MDS-series Fibre Channel storage area network switches.

A day after the U.S. National Security Agency disclosed a vulnerability that could affect the cryptographic operations in some versions of Microsoft Windows, security researchers started releasing "Proof of concept" code to show how attackers potentially could exploit the flaw. The vulnerability affects versions of Windows 10 as well as Windows Server 2016 and 2019.

Saleem Rashid shows that a patch for a security bug in Windows 10 and Windows Server 2016/2019 could be exploited in the real world to spoof security certificates on machines without the patch. This week Microsoft was forced to quickly patch a security bug in Windows 10 and Windows Server 2016/2019 that could have allowed attackers to spoof legitimate security certificates as a way of gaining control of an infected PC. Microsoft was prompted to act after the NSA discovered and privately reported the bug, which was evidence of a serious flaw in the way the latest versions of Windows and Windows Server check the validity of certain security certificates.