Data Security News Headlines 23rd December, 2016

  1. Vulnerabilities in McAfee enterprise system gives hacker root access

Security researcher Andrew Fasano from MIT Lincoln Laboratory said that a total of 10 security flaws allows the execution of code remotely as a root user. McAfee has issued patches for ten flaws in its enterprise version of VirusScan for Linux that allow attackers to remotely take over a system, after originally being notified of the security holes six months ago. Four of the flaws are critical. Attackers can exploit CVE-2016-8020, CVE-2016-8021, CVE-2016-8022, and CVE-2016-8023 to escalate their privileges to root and remotely force the target machine to run malicious script. The six additional flaws involve a cross-site scripting vulnerability, file test and read bugs, HTTP response splitting, tokens forgery, and authenticated SQL injection. This vulnerabilities are found in version 1.9.2 to 2.0.2.

Cyber Security Tips:  If you are using McAfee enterprise system 1.9.2 to 2.0.2., then you are strictly recommended that immediately update your product.

  1. Remotely Exploitable 0-Day found in NETGEAR WNR2000 Routers

Vulnerabilities in NETGEAR WNR2000 routers allow an attacker to retrieve the administrator password and take full control of the affected networking device, a security researcher has discovered. The issue is that NETGEAR WNR2000 allows an admin to perform various functions through an apparent CGI script named apply.cgi, which is actually a function invoked in the HTTP server (uhttpd) when the respective string is received in the URL. By reversing the uhttpd, the researcher discovered that it allows an unauthenticated user to perform the same sensitive admin functions by invoking apply_noauth.cgi. Once the vulnerability successfully exploited by attacker it is able to rebooting router, access administrator password, changing configuration, WLAN settings or retrieving the administrative password, the attacker has to send a “timestamp” variable attached to the URL. The security researcher found a stack buffer overflow which could allow an unauthenticated attacker to take full control over the device and execute code remotely.

Cyber Security Tips: Netgear Company has not commented yet, wait until the patches release and once the patches release immediately update it.  Use strong password to your router and user updated antivirus

  1. Raspberry Pi launches PIXEL OS for MAC and PC’s

The Raspberry Pi Foundation has released an experimental version of its lightweight Linux-based Debian operating system called PIXEL OS that can run on most standard desktop computers ships with Windows and Mac OS X without the need of a Raspberry Pi. The PIXEL operating system, stands for “Pi Improved Xwindows Environment, Lightweight,” was originally designed to work with Raspberry Pi to turn it into a fully-functional PC. The operating system includes popular tools and can be installed directly on PCs and Mac computers. The new release will help school students who can now use their PCs or Macs for building their projects.

Cyber Security Tips: Company had launched experimental edition so might have some vulnerabilities or other “minor issues,” meaning it might not run well on some desktop computers, wait until final product launched by company.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Create a free website or blog at WordPress.com.

Up ↑

%d bloggers like this: