Security News

Microsoft failed to properly address an elevation of privilege vulnerability in the Windows Local Security Authority Subsystem Service, the Google Project Zero researcher who discovered the issue says. "LSASS doesn't correctly enforce the Enterprise Authentication Capability which allows any AppContainer to perform network authentication with the user's credentials," Project Zero security researcher James Forshaw noted in May. At the time, the researcher explained that the issue is related to a legacy AppContainer capability providing access to the Security Support Provider Interface, likely meant to facilitate the installation of line of business applications within enterprise environments.

Calling a patch for the flaw a "Fail" and "Inadequate in blocking exploitation," Austin-based security researcher Amir Etemadieh published details and examples of exploit code on three developer platforms- Bash, Python and Ruby-for the patch in a post published Sunday night. The key problem with the patch issued for the zero day is related to how the vBulletin template system is structured and how it uses PHP, he wrote in the post.

Popular video conferencing app Zoom has addressed several security vulnerabilities, two of which affect its Linux client that could have allowed an attacker with access to a compromised system to read and exfiltrate Zoom user data-and even run stealthy malware as a sub-process of a trusted application. After Ahmed privately reported the issues to Zoom in April and subsequently in July, the company issued a fix on August 3.

A team of Chinese researchers has described the analysis process that resulted in the discovery of 19 vulnerabilities in a Mercedes-Benz E-Class, including flaws that can be exploited to remotely hack a car. The researchers conducted their analysis on a real Mercedes-Benz E-Class and demonstrated how a hacker could have remotely unlocked the car's doors and started its engine.

In May 2020, Microsoft patched CVE-2020-1048, a privilege escalation vulnerability in the Windows Print Spooler service discovered by Peleg Hadar and Tomer Bar from SafeBreach Labs. "The primary component of the printing interface is the print spooler. The print spooler is an executable file that manages the printing process. Management of printing involves retrieving the location of the correct printer driver, loading that driver, spooling high-level function calls into a print job, scheduling the print job for printing, and so on. The spooler is loaded at system startup and continues to run until the operating system is shut down," Microsoft explains.

Researchers revealed late on Thursday that the mitigations and patches rolled out in 2018 for the Foreshadow vulnerabilities affecting Intel processors can fail to prevent attacks. A team of researchers from the Graz University of Technology in Austria and the CISPA Helmholtz Center for Information Security have revived the Foreshadow attack and made some other interesting discoveries.

A researcher has detailed several new variants of an attack named HTTP request smuggling, and he has proposed some new defenses against such attacks. HTTP request smuggling, also known as HTTP desyncing, has been known since 2005, but Amit Klein, VP of security research at SafeBreach, believes the method has not been fully analyzed, which is why he has decided to conduct a research project focusing on this attack technique.

A researcher found a way to deliver malware to macOS systems using a Microsoft Office document containing macro code. Macros enable Office users to automate frequent tasks using VBA code.

A new research has identified four new variants of HTTP request smuggling attacks that work against various commercial off-the-shelf web servers and HTTP proxy servers. Amit Klein, VP of Security Research at SafeBreach who presented the findings today at the Black Hat security conference, said that the attacks highlight how web servers and HTTP proxy servers are still susceptible to HTTP request smuggling even after 15 years since they were first documented.

A team of researchers from the Georgia Institute of Technology has demonstrated how, in theory, a malicious actor could manipulate the energy market using a botnet powered by high-wattage IoT devices. The Georgia Tech researchers say a threat actor could manipulate the electricity market the same way financial markets can be manipulated: generate an event that causes prices to drop or rise, and buy when the price is low and sell when the price is high.