Security News

Apache recently fixed multiple vulnerabilities in its web server software that could have potentially led to the execution of arbitrary code and, in specific scenarios, even could allow attackers to cause a crash and denial of service. The first of the three issues involve a possible remote code execution vulnerability due to a buffer overflow with the "Mod uwsgi" module, potentially allowing an adversary to view, change, or delete sensitive data depending on the privileges associated with an application running on the server.

Apache recently fixed multiple vulnerabilities in its web server software that could have potentially led to the execution of arbitrary code and, in specific scenarios, even could allow attackers to cause a crash and denial of service. The first of the three issues involve a possible remote code execution vulnerability due to a buffer overflow with the "Mod uwsgi" module, potentially allowing an adversary to view, change, or delete sensitive data depending on the privileges associated with an application running on the server.

A computer science professor at The University of Texas at Arlington is working with researchers to develop a process by which data points in multiple graph layers of massive datasets can be connected in a way that is both highly scalable and will allow analysts to look at it in greater depth. The analysis results preserve semantics and structure and make it easy to create visualizations of the data and results, enabling analysts to picture how the layers of data fit together with greater ease.

The AWS marketplace also includes tens of thousands of Community AMIs. "The issue is with the Community AMIs and that there are no checks and balances. Anybody can create one and put it in the Community AMI library. That includes ones with malicious executables."

Researchers are urging connected-device manufacturers to ensure they have applied patches addressing a flaw in a module used by millions of Internet-of-Things devices. "Some of these will be the vulnerable module, and an attacker will then have an assortment of phone numbers and associated code retrieved from the device at that number. By inserting backdoors into the code and writing them back, the attacker would be in control of various IoT devices around the world."

An active campaign has been spotted that utilizes HTML smuggling to deliver malware, effectively bypassing various network security solutions, including sandboxes, legacy proxies and firewalls. Krishnan Subramanian, security researcher with Menlo Security, told Threatpost that the campaign uncovered on Tuesday, dubbed "Duri," has been ongoing since July.

Emotet, a notorious email-based malware behind several botnet-driven spam campaigns and ransomware attacks, contained a flaw that allowed cybersecurity researchers to activate a kill-switch and prevent the malware from infecting systems for six months. "However, it's important to keep in mind that malware is software that can also have flaws. Just as attackers can exploit flaws in legitimate software to cause harm, defenders can also reverse-engineer malware to discover its vulnerabilities and then exploit those to defeat the malware."

Emotet, a notorious email-based malware behind several botnet-driven spam campaigns and ransomware attacks, contained a flaw that allowed cybersecurity researchers to activate a kill-switch and prevent the malware from infecting systems for six months. "However, it's important to keep in mind that malware is software that can also have flaws. Just as attackers can exploit flaws in legitimate software to cause harm, defenders can also reverse-engineer malware to discover its vulnerabilities and then exploit those to defeat the malware."

Army researchers have been awarded a patent for inventing a practical method for Army wireless devices to covertly authenticate and communicate. The researchers, including Drs. Paul Yu and Brian Sadler from the U.S. Army CCDC's Army Research Laboratory and Prof. Rick Blum and Dr. Jake Perazzone from Lehigh University, have invented a method to perform two tasks simultaneously: verifying the authenticity of wireless communications and communicating secret information.

Microsoft failed to properly address an elevation of privilege vulnerability in the Windows Local Security Authority Subsystem Service, the Google Project Zero researcher who discovered the issue says. "LSASS doesn't correctly enforce the Enterprise Authentication Capability which allows any AppContainer to perform network authentication with the user's credentials," Project Zero security researcher James Forshaw noted in May. At the time, the researcher explained that the issue is related to a legacy AppContainer capability providing access to the Security Support Provider Interface, likely meant to facilitate the installation of line of business applications within enterprise environments.