Category Archives: Exploits and Vulnerabilities

Google provides explanation on recent Google Docs campaign

A Google spokesperson shared the following statement with TNW, noting that 0.1 percent of Gmail users were affected. That’s roughly 1 million users, though:

“We realize people are concerned about their Google accounts, and we’re now able to give a fuller explanation after further investigation. We have taken action to protect users against an email spam campaign impersonating Google Docs, which affected fewer than 0.1 percent of Gmail users. We protected users from this attack through a combination of automatic and manual actions, including removing the fake pages and applications, and pushing updates through Safe Browsing, Gmail, and other anti-abuse systems. We were able to stop the campaign within approximately one hour. While contact information was accessed and used by the campaign, our investigations show that no other data was exposed. There’s no further action users need to take regarding this event; users who want to review third party apps connected to their account can visit Google Security Checkup.”

Source: https://thenextweb.com/security/2017/05/03/massive-google-docs-phishing-attack-currently-sweeping-internet/#.tnw_G8nzqYyw

Article: There’s (Almost) Nothing You Can Do About Stagefright

An article form PC Mag highlights a newly discovered vulnerability that effects 950 Million Android phones.

“While most Android hacks at least require victims to make some kind of mistake, like getting tricked into downloading malware, the Stagefright vulnerability could already be on nearly a billion Android phones regardless of what users do. And what’s the real culprit behind a vulnerability this huge (besides the hackers of course)? The ongoing issue of Android fragmentation

According to Israeli enterprise mobile security company Zimperium, it’s frighteningly easy for Stagefright to infect your phone. At fault is a recently detected flaw in Google’s open source media library code, that allows attackers to execute code on your device just by sending you a text message. The Stagefright vulnerability could be used to put a phone and its data at the mercy of an attacker. Contacts, camera, microphone, and photos are under the hacker’s control. Again, this can all happen completely under your nose. There are no external signs that the breach is occurring.”

Android fragmentation

 

 

Critical Schannel Vulnerability Effecting All Versions Of Windows

Please be advised of a recently discovered vulnerability in SCHANNEL affecting ALL VERSIONS OF WINDOWS!

Description

The vulnerability can be used by an attacker for drive-by attacks to run code remotely and take over the user’s machine.  In these drive-by attacks, hackers install code on web sites which attempts to covertly install malicious code on the unprotected computers of visitors to the site. Users are typically led to these sites via phishing emails and other scams.

Further information regarding the details of the vulnerability:

http://www.theregister.co.uk/2014/11/12/driveby_unicorn_0day_beats_emet_affects_all_windows_versions/

Solution

A patch, MS14-066, released yesterday as part of Microsoft’s
Patch Tuesday remediates this issue for all supported versions of Windows. Please note, THIS DOES NOT INCLUDE WINDOWS XP! This security update is rated Critical for all supported releases of Microsoft Windows. If you have automatic updates turned on, you will get this new update without having to do anything.  If you haven’t turned on automatic updates, you should do so now.  Click the “Check for Updates” button on the Windows Update portion of your Control Panel.

The patch can be manually downloaded here:

https://technet.microsoft.com/library/security/MS14-066

Internet Explorer 6 and IE 7 Zero Day Vulnerability – Protect Yourself

Microsoft Security Advisory 977981 – IE 6 and IE 7