Monthly Archives: March 2014

New exploits arrive for old PHP vulnerability

The number of cyber attacks targeting PHP sites using a known vulnerability has skyrocketed over the past six months, despite the availability of a patch fix for the exploit. Security firm Imperva reported detecting a marked increase in the number of attacks targeting a vulnerability in PHP, which was patched in May 2012, in its Threat Advisory: PHP-CGI white paper. “On October 2013, a public exploit in PHP was disclosed, the exploit uses a vulnerability found in May 2012 and categorised as CVE-2012-1823,” read the report. “Soon after the exploit was released, our honeypots have detected web servers being attacked with this exploit in different flavours. In the three first weeks following the publication we were able to record as many as 30,000 attack campaigns using the exploit.” PHP is a common coding language used by 82 percent of the world’s websites. The Imperva researchers said since the exploit was detailed, attacks targeting it have also increased in sophistication. <more>

Mozilla fixes Firefox flaws exploited at HP’s Pwn2own

Mozilla on Tuesday patched five vulnerabilities exploited by researchers last week at the Pwn2Own hacking contest, where they were awarded $200,000 for their collective efforts. Firefox 28 was primarily a security update, patching the five Pwn2Own flaws and 15 others. At the hacking challenge, co-sponsored by HP TippingPoint’s Zero Day Initiative (ZDI) bug bounty program and Google, Firefox fell to four teams or individuals, twice the number of hacks as any other browser. Each successful exploit earned the researcher(s) $50,000, the lowest award for any of the browsers: Apple’s Safari, Google’s Chrome, Microsoft’s Internet Explorer and Firefox. Google patched the Chrome vulnerabilities last Friday, the day after Pwn2Own ended. <more>

Microsoft Patch Tuesday for March 2014

Microsoft has plugged a critical vulnerability in its Windows XP operating system in its latest patch Tuesday update, just weeks before it is due to end support for the decade-old platform. The Windows XP patch related to a critical vulnerability in the operating system’s DirectShow service that could theoretically have been used by hackers to remotely execute code. Microsoft downplayed the significance of the vulnerability, confirming that it had been disclosed to the firm privately and only affects Windows XP. However, the flaw is troubling as Microsoft is due to officially cease support for Windows XP on 8 April. The cut-off has led to concerns within the security community. Experts from EY, FireEye and Trend Micro said they believe hackers are preparing XP exploits for use after Microsoft officially cuts support which could pose seriously problems for firms still running XP. Microsoft also released a permanent fix for a critical flaw in Internet Explorer (IE). FireEye discovered the flaw on 14 February and it is known to have been used by criminals to mount a sophisticated hacking campaign, codenamed Operation SnowMan. <more>

Samsung Galaxy devices backdoor discovered

One of the major issues with closed source operating systems is that there is no independent code review: you can never truly tell what is happening. Backdoors that have been placed in a device, maliciously or otherwise, could allow an attacker to have the power to wreak havoc on an unsuspecting victim. Paul Kocialkowski, a developer for a fully free/open version of Android, published a guest post on the Free Software Foundation detailing his discovery of a backdoor that has been implemented in a range of Samsung Galaxy devices. He commented on how he had found a Samsung program running in the background, binded to the communications processor, that allows the modem to remotely read, write, and delete files on the user’s phone storage. Several Samsung devices give that program sufficient rights to access and modify the user’s personal data. <more>