Archives for 

Security Research Tools

50 million users users impacted by WINRAR bug

On 28th September 2015, a vulnerability was detected in WinRAR SFX v5.21. It is the latest version of WinRAR, a commonly used file compression tool. Attackers can exploit the vulnerability and compromise a computer with WinRAR installed on it. The bug is in the “text and icon function” under the module “Text to display in SFX window”. The issue was detected by Mohammad Reza Espargham, a researcher with Vulnerability Lab. Espargham also published a proof of concept explaining how the bug acts as a medium for exploiting the target system.

Vulnerability Lab stated that “Remote attackers are able to generate own compressed archives with malicious payloads to execute system specific codes for compromise.” The exploit involves booby-trapping a file that can be easily delivered to a victim through email or any other mode. Once the malicious payloads, it compromises the system which is then vulnerable to attacks.

The bug is detected only in the latest version of WinRAR as there is no evidence of any report of the bug by any of the beta version testers. Beta version of this version of WinRAR was available since February this year.

Pieter Arntz of Malwarebytes has also confirmed the PoC. According to him, the vulnerability is still unpatched. The vulnerability is yet to receive a CVE ID. The modus operandi used by the bug involves compromising the HTML codes displayed in a text window which is displayed while creating an SXF achieve. Once a user opens the SXF archive, the malicious code executes.

WinRAR

(Image: malwarebytes.org)

“The issue is located in the ‘Text and Icon’ function of the ‘Text to display in SFX window’ module,” Vulnerability Lab explained in a post on the Full Disclosure mailing list. “Remote attackers are able to generate own compressed archives with malicious payloads to execute system specific codes for compromise.”

Share Button

Smartphone browsers can deliver powerful DDoS attack with 4.5billion requests causing Flood Attack

One of the most malicious attacks that can ever be launched on a website is being flooded with multiple requests that it cannot handle, otherwise known as DDoS’es. According to internet security researchers, this nightmare may have recently become a reality after one site was targeted in such a manner with an aim of overwhelming […]
Share Button
Continue reading →

Western Digital My Cloud NAS can be hijacked using Command Injection and CSRF – VerSprite

WD My Cloud or Western Digital My Cloud is an efficient Network Attached Storage system. The objective of the WD My Cloud NAS is to provide a cloud storage system for private applications such as home based cloud storage or a small business storage. The data on this private cloud can be accessed by the […]
Share Button
Continue reading →

Google Chrome can be crashed with 16 characters

If you use Google Chrome 45 or any of the older versions, it can crash by simply typing a 16 character URL. The bug was first detected by Andris Atteka who reported it to Google, but he was not rewarded since it is not a security issue but a DOS vulnerability. The issue reported by […]
Share Button
Continue reading →

Stagefright Security patch leaves more than 950 million Android devices vulnerable hacked by a text- CVE-2015-3824

Stagefright Security patch leaves more than 950 million devices vulnerable hacked by a text The Stagefright vulnerability allows attacker to hack a phone with a text. Wiki (CVE-2015-3824) The patch issued by Google for Stagefright doesn’t fix the vulnerability leaving more than 95% of the Android devices vulnerable. The Android devices running version 2.2 to […]
Share Button
Continue reading →

3 Key Take Away’s from RSA Conference 2014 – San Francisco for CISOs and Security Enthusiasts

Author : Arun Hegde , Security Architect @arun25 Here is a quick summary about my experience at RSA Conference 2014 – San Francisco last month  Highlights of RSA 2014 : Some of the highlights at this year at RSA was cloud security, mobile security ( specially for enterprise), more companies providing SIEM solutions  and lot of new […]
Share Button
Continue reading →

Critical backdoor found on Linksys and Netgear routers

French security engineer Eloi Vanderbeken discovered a backdoor that can reset linksys and netgear settings to factor settings and therefore the username and password. Vanderbeken discovered this backdoor on his own Linksys WAG200G wireless DSL router, after deciding to limit the bandwidth used by his holiday guests and remembering he forgot the complex username and […]
Share Button
Continue reading →

Digital Attack Map – New data visualization DDOS tool from Google Ideas and Arbor Networks (www.digitalattackmap.com)

Visualizing cyber attacks around the world has become easier than before and its made real by Google & Arbor Networks.  A joint collaboration between the two companies resulted in ‘Digital Attack map” tool. The usability of the tool is not still expanded but the beautiful graphical page shows various points of ho the attack takes […]
Share Button
Continue reading →