- Windows Remote Assistance Exploit Lets Hackers Steal Sensitive Files
Windows Remote Assistance lets someone you trust take over your PC and fix a problem from wherever they are. According to the latest report, A critical vulnerability has been discovered in Microsoft’s Windows Remote Assistance (Quick Assist) feature that affects all versions of Windows to date, including Windows 10, 8.1, RT 8.1, and 7, and allows remote attackers to steal sensitive files on the targeted machine. Nabeel Ahmed of Trend Micro Zero Day Initiative discovered and reported an information disclosure vulnerability (CVE-2018-0878) in Windows Remote Assistance that could allow attackers to obtain information to further compromise the victim’s system. The vulnerability affects Microsoft Windows Server 2016, Windows Server 2012 and R2, Windows Server 2008 SP2 and R2 SP1, Windows 10 (both 32- and 64-bit), Windows 8.1 (both 32- and 64-bit) and RT 8.1, and Windows 7 (both 32- and 64-bit). The vulnerability has been patched by Microsoft. To exploit this flaw, which resides in MSXML3 parser, the hacker needs to use “Out-of-Band Data Retrieval” attack technique by offering the victim access to his/her computer via Windows Remote Assistance. While setting up Windows Remote Assistance, the feature gives you two options—Invite someone to help you and Respond to someone who needs help. Selecting the first option helps users generate an invitation file, i.e. ‘invitation.msrcincident,’ which contains XML data with a lot of parameters and values required for authentication. The attacker can simply send a specially crafted Remote Assistance invitation file containing a malicious payload to the victim, tricking the targeted computer to submit the content of specific files from known locations to a remote server controlled by the attackers.
Cyber Security Tips: Users and administrators are strongly recommended that apply patches as soon as possible, keep your system up to date and check before accepting any remote access request.
- Hackers steal banking & personal data of 800,000 Orbitz customers
Orbitz.com, a Chicago, Illinois based popular travel website owned by Expedia Inc. According to the latest report, the company has suffered a massive data breach in which personal and financial details of over 800,000 registered customers may have been stolen by unknown hackers. In the statement, company said that the breach was identified on March 1st, 2018 after an in-depth investigation conducted by Orbitz. The breach took place between 1st October 2017 to December 2017 when hackers accessed a legacy travel booking platform and stole two years’ worth of data from January 2016 and December 2017. Personal data of those customers who made certain purchases between January 1 and June 22, 2016, may have also been accessed by hackers. The personal data includes names, email addresses, phone numbers, and gender, date of birth, zip code, physical address, and banking details such as card information.
Cyber Security Tips: Anyone who is notified is encouraged to carefully review and monitor their payment card account statements and contact their financial institution or call the number on the back of their card if they suspect that their payment card may have been misused, reset your account with strong one, if you used same username/password for different account reset all and keep monitoring your accounts.