VDA Lock Down: June 13, 2019



  • Security News
  • Latest Vulnerabilities
  • Black Hat 2019

Top Security News

Israeli Tech’s Dirty Ops

An Israeli cyber intelligence firm named the NSO Group exploited a vulnerability in WhatsApp that allows for the interception of conversations.

This hack was used to target a lawyer that is suing the NSO Group in Israeli courts. That lawyer then hired Citizens Lab, who performed a forensic investigation on the phone, who confirmed that the NSO Group was in fact behind it. WhatsApp engineers have since patched the vulnerability and the application is once again secure.

US Customs Loses All The Data

The Register broke a story back in May that a contractor for US Customs and Border Control was hacked and the loot was made available online for download. It turns out that this breach gets worse – this contractor was found in possession of a trove of photos collected from the US border including both license plates and people.

The worst part – the contractor violated privacy rules and security measures that were in place to prevent them from copying this data to their own network. Remember to trust but verify that your security controls are doing their job!

New Spam Campaign Targets Old Office Vulns

Microsoft researchers have warned of a new wave of SPAM campaigns targeting an old vulnerability in Microsoft Office. The vuln (CVE-2017-11882) is a weakness in the Microsoft Equasion Editor that was patched in November 2017, however it is noted to be one of the top weaknesses that were targeted for exploit during 2018 according to several sources.

Recent Vulnerabilities

Microsoft NTLM Flaws Expose All Windows Machines to RCE Attacks

Preempt researchers discovered three new ways to abuse the NTLM authentication protocol. These vulnerabilities can allow attackers to abuse existing NTLM sessions and gain Remote Code Execution that affects all versions of Windows. Install Microsoft security patches and harden your NTLM configurations now – this is one we expect to see in penetration tests for the next few years at minimum!

Exim Mail Server Weakness

A vulnerability was discovered in the popular open source mail server Exim. The weakness (CVE-2019-10149) is easily exploitable to local attackers, and still exploitable (though less easily) by remote attackers under default conditions. Researchers have found that Exim is exposed on the internet by upwards of 4.7 million systems making it a possible target for mass scale attack.

Rowhammer Evolves Into RAMBleed

Ever since Rowhammer was first conceived as an attack in 2014, researchers have been looking for ways to enhance and build capabilities around its central idea. For those that don’t know, Rowhammer attacks involve repeatedly changing a value in RAM to affect values stored in adjacent cells of memory.

In the most recent iteration, called RAMBleed, researches have shown an ability to steal memory from a device, not just alter memory content or elevate privileges.

Blackhat Training – Security for Hackers and Developers

VDA Labs will once again be offering our training course “Security for Hackers and Developers” at Black Hat USA. Sign up before July 12 to get the ‘Regular’ pricing.

Register at Blackhat!

Have any feedback? Let us know!

We are passionate about making this an interesting read for you on a weekly basis. Do you have suggestions for how we could do better? Follow the link below and let us know!

Provide Feedback


Posted on

June 13, 2019