Quote:Admins should patch their Citrix ADC and Gateway installs immediately.


Multiple vulnerabilities in the Citrix Application Delivery Controller (ADC) and Gateway would allow code injection, information disclosure and denial of service, the networking vendor announced Tuesday. Four of the bugs are exploitable by an unauthenticated, remote attacker.

The Citrix products  (formerly known as NetScaler ADC and Gateway) are used for application-aware traffic management and secure remote access, respectively, and are installed in at least 80,000 companies in 158 countries, according to a December assessment from Positive Technologies.

Other flaws announced Tuesday also affect Citrix SD-WAN WANOP appliances, models 4000-WO, 4100-WO, 5000-WO and 5100-WO.

Good  

Quote:A campaign discovered by Malwarebytes Labs in mid-April has lifted credentials from a number of e-commerce portals.


Researchers have identified a credit-card skimming campaign that’s been active since mid-April that has a rather specific and unusual target: ASP.NET-based websites running on Microsoft Internet Information Services (IIS) servers.

New research from Malwarebytes Labs recently uncovered the campaign, which already has compromised at least a dozen websites that range from sports organizations, health and community associations, and a credit union — all via a malicious code injected into existing JavaScript libraries on each of the sites.

The campaign seems to be exploiting an older version of ASP.NET, version 4.0.30319, which is no longer officially supported and contains multiple vulnerabilities, according to the report by Malwarebytes director of threat research Jerome Segura.

  Al-Salam Alekum

Quote:Well, this whole vulnerability deals with SMB messages, and these messages primarily include fields like the number of bytes to address and flags, and thus it accompanied by a variable-length buffer. By crafting this, the messages become quite easy, so this is a perfect tool for exposition.


But there are some variable that contains uninitialized data, and therefore, we put different addition to the compression function that is based on our POC on Microsoft’s WindowsProtocolTestSuites repository.

By adding this will not be sufficient, as POC needs different credentials and a writable share, that are easily accessible in many situations. Still, the bug refers to every sought of the message so that it can get utilized remotely for any authentication.

More importantly, the memory that has leaked is generally related to the earlier allocation in the NonPagedPoolNx pool, as we can manage the allocation size, which implies that the leaked data may come into our control to some extent.

Hello guys, Coming back after a break   Looks like apple is very cute  

Quote:Indian Security researcher found a critical Zero-day vulnerability in “Sign in with Apple” let hackers take over the third-party application accounts by just having their Email ID.


Very Similar to OAuth 2.0, Apple’s “sign in with Apple” helping the user to sign in to their third-party apps and websites faster using their Apple ID without filling out forms, verifying email addresses.

This feature is using million of Apple users to sign in their Third-party apps such as Dropbox, Spotify, Airbnb, Giphy, and the bug considering as “Critical” as it could have allowed full account takeover by the remote attackers.

Bhavuk Jain , Security Researcher from India reported this critical vulnerability to Apple said: “Successfully exploitation of the bug could have resulted in a full account takeover of user accounts on that third party application irrespective of a victim having a valid Apple ID or not.”

Thank you

Zoom trying hard

Quote:According to a post by Brendan Ittelson, CTO, ZOOM, the firm will soon offer custom data routing to premium users. Specifically, every paid customer of the app will have the option to choose a particular region for routing their data.


Zoom has data centers across various regions to cater to the needs of users. They manage all the data transmission through these centers depending upon the demand. They also ensure geofencing throughout this process, as they claim.

The authenticity of this claim was questioned when researchers from the University of Toronto’s Citizen Lab found that the data for some Non-Chinese users was routed through China. In response to this research, Zoom admitted this had happened inadvertently to some extent. Yet they rectified the matter shortly after the report.

Now, Zoom offers custom data routing to the users in an attempt to rebuild users’ trust. The new feature will roll-out from April 18, 2020. As stated,

Quote:As part of its continuing efforts to regain trust following a series of privacy and security scandals, Zoom has announced that it is introducing the option for users to choose which countries their data is routed through.


The move comes after concerns were voiced at Zoom's admission that some US calls were being routed through China. The new option will allow users to opt in or out of specific data center regions; unfortunately, this feature will not be made available to everyone.

Zoom says that as of April 18, administrators and owners of paid accounts will be able to customize which data center regions their account can use for its real-time meeting traffic. The key thing to note here is that free customers will not be granted this privilege.


It is not clear why Zoom has chosen to roll this feature out on a Saturday.

Quote:Mozilla recently disclosed numerous security bugs in their Firefox browser. These include several RCE vulnerabilities in Firefox and Firefox ESR.


In the case of Firefox, the most important bug was a high-severity flaw CVE-2020-6821 leading to information disclosure.

Firefox ESR also exhibited two high-severity flaws affecting Android devices. The first of these CVE-2020-6828 was an Android takeover bug. Regarding this vulnerability, Mozilla explains in its advisory,

A malicious Android application could craft an Intent that would have been processed by Firefox for Android and potentially result in a file overwrite in the user’s profile directory. One exploitation vector for this would be to supply a user.js file providing arbitrary malicious preference values. Control of arbitrary preferences can lead to sufficient compromise such that it is generally equivalent to arbitrary code execution.

When following a link that opened an intent://-schemed URL, causing a custom tab to be opened, Firefox for Android could be tricked into displaying the incorrect URI.

Quote:Researchers from The Ohio State University, New York University, and CISPA Helmholtz Center for Information Security have conducted a detailed analysis of various mobile apps. According to the detailed shared in their research paper, thousands of Android apps exist online that contain backdoors.


In brief, they developed a tool named “InputScope” to unveil vulnerabilities and hidden behaviours of mobile applications. The tool analyzes the apps’ input validation behavior to uncover these hidden traits.

Using this tool the researchers analyzed 150,000 Android apps from various app stores. These included the top 100,000 apps from Google Play Store, top 20,000 apps from an outside app store, and 30,000 pre-installed Samsung apps. They then found thousands of these Android apps to have backdoors.