Leading Source of Security and Hacker News

Safelink is a service that is used to protect a link. With Safelink, you also protect your blog / website belongs to you because it uses a null referer, so it can not be tracked. Safelink is free, so we put some ads to make this website alive.

Click Here

The Password ji32k7au4a83 Turned Out to be Very Common and Too Simple

The Password "ji32k7au4a83" Turned Out to be Very Common and Too Simple.  Journalists from Gizmodo drew attention to a strange fact discovered by engineer Robert Ou. He first noticed that the password "ji32k7au4a83", seemingly seemingly reliable, appears in a variety of data leaks.

The researcher tested this combination through the Have I Been Pwned (HIBP) leak aggregator , and it turned out that the password appeared in 141 data leaks. Trying to understand how this is possible, Ou turned to his Twitter followers for help.

It turned out that the "otgadka" is very simple, and the Taiwanese users quickly dispelled Ou's bewilderment. The fact is that “ji32k7au4a83” is not a random set of characters at all. If the keyboard uses the Zhuyin Fuhao layout (Taiwan's phonetic system for learning Chinese), you can get “ji32k7au4a83” by typing переключения 的 можно (the phrase “my password”) without switching the layout. A graphic illustration can be seen below.

Journalists write that in the same way “au4a83” turns into “password”, and such a password can be detected already in 1495 data leaks. Researchers summarize that even the use of not-too-common languages ​​and layouts does not at all save from compromise, and such passwords can hardly be considered somehow reliable. I note that Russian-speaking users are also concerned: HIBP detects “gfhjkm” (“password”) 262,774 times.

Several Hacker Groups are Attacking Elasticsearch Clusters

Several Hacker Groups are Attacking Elasticsearch Clusters. Cisco Talos experts warned of a surge in attacks on unprotected Elasticsearch clusters. According to experts, at least 6 different groups are behind the attacks. The main goal of the attackers is un-upgraded software (version 1.4.2 and lower). The criminals exploit two old and well-known bugs, CVE-2014-3120  and  CVE-2015-1427 , discovered back in 2014-2015.

The most active hack group often uses the CVE-2015-1427 problem and tries to enclose two different payloads. Both payloads load the same bash script. Obviously, this is done in order to cover as many different platforms as possible. This bash script tries to disable protection and eliminate malicious processes of competitors, if they are running (mainly mining mining), and then writes the RSA key to the authorized_keys file. The script fixed in the system can be used to load miners and their configuration files.

The script also downloads a UPX archive with an ELF executable file containing exploits for other platforms: CVE-2018-7600 in Drupal, CVE-2017-10271 in Oracle WebLogic, and also CVE-2018-1273 in Spring Data Commons.

Also read:

The second criminal group mainly relies on the exploitation of the CVE-2014-3120 vulnerability and infects the compromised installation with the Bill Gates DDoS-malware. The third group downloaded a file with the name LinuxT (no longer available) to the infected machines, and experts believe that under this name was hiding the Spike Trojan, which targets the x86, MIPS and ARM architectures.

Although Elasticsearch clusters are attacking at least three other criminal groups, researchers at Cisco Talos note that for the time being their attacks do not spread any Malvari.

Experts link what is happening with the Chinese hackers, as they were able to notice that, among other things, payloads executed the echo 'qq952135763 command, which is clearly related to the QQ account (a popular messenger and social network in China). We managed to link this account with the page of a potential attacker on Gitee (the Chinese equivalent of Github and Atlassian) and the xiaoqi7 hacker forum.

A New RCE Vulnerability has been Detected in the Edge Browser

A New RCE Vulnerability has been Detected in the Edge Browser - Recently, IB security researcher Yushi Liang posted on his Twitter evidence of a 0-day vulnerability detection in the Microsoft Edge browser. The specialist writes that the vulnerability was found using the  Wadi Fuzzer tool , with the support of the Russian specialist Alexander Kachkov. The publication of a proof-of-concept exploit and a detailed report on the problem is expected soon. In the meantime, Liang showed a screenshot showing the launch of the calculator.

It is known that the problem allows to escape from the sandbox, and the researchers are trying to find a way to elevate privileges to the SYSTEM level, which will be equal to the complete compromise of the vulnerable machine.

Also, the expert has already published a PoC-video showing the problem in action. In the video clip, Liang forced Microsoft Edge to launch Mozilla Firefox and open the Chrome download page.

At the same time, the researcher does not hide that creating a working exploit capable of escaping from the sandbox, he aspires because vulnerability brokers offer large sums for such solutions. For example, the company Zerodium pays $ 50,000 for RCE in Edge and other popular browsers, and this amount doubles, if we are also talking about escape from the sandbox.

Tim Berners-Lee Urged to Reduce the Influence of IT-companies

Tim Berners-Lee Urged to Reduce the Influence of IT-companies - The creator of the World Wide Web, Tim Berners-Lee in an interview with Reuters said that technology companies in Silicon Valley, such as the Google and Facebook, are dangerous. According to him, they have monopolized the market, which can lead to problems.

The power of IT companies

According to the expert, IT giants that emerged in the 90s of the XX century, today have become richer and more influential than many states. The total cost of Apple, Microsoft, Amazon, Google and Facebook in 2017 was $ 3.7 trillion, which is equal to Germany's GDP for the same year.

The threat is the access of companies to personal data of users. It inspires fear and the spread of hatred through social networks.

"The father of the World Wide Web" said he was disappointed with the current state of the Internet, as well as with the monopoly rights of IT giants. According to him, they fully control the shared market.

Solutions to the problem

One of the ways to solve the problem Berners-Lee calls healthy competition of small companies with the giants of the market. But so far, Google, Facebook and Microsoft have no visible alternatives based on the principles of open source and decentralization. The existing solutions are supported by enthusiasts and are not known to everyone.

Another option is far more radical. Berners-Lee admits the possibility of reducing the influence of giant companies by crushing them and reducing capitalization.

In October 2018, Tim Berners-Lee announced that he had found a way to give users control over their data, which is now in the hands of large companies. The Solid system ( so cial li nked d ata), developed at MIT, should help preserve the personal information of Internet users.

ZonaWibu - Copyright © 2016