Posts

Showing posts from May, 2017

Twitter flaw allowed you to tweet from any account

Image
All this time, a rather simple Twitter bug could have caused chaos on the platform. A Twitter security flaw which went undetected for years allowed attackers to post messages masquerading as any user they chose. A security researcher that goes under the moniker Kedrisch  disclosed the flaw  on Tuesday, which was present on the microblogging platform until 28 February this year. Discovered in  Twitter Ads Studio , a platform for advertisers to upload media and content, the high-severity bug appeared in the service library where users can review media before publishing. When handling media and tweet publishing requests, by sharing this media with an intended victim and then modifying the post request with the victim's account ID, the media in question would be automatically posted from the victim's account rather than the attacker's. As only the parameters of the code needed to be tweaked, there was no need to have any account credentials belonging to the ...

Network slicing the next step to automated telecom networks: Nokia

Image
Following virtualisation, network slicing is the next step towards automated and programmable networks and 5G, Nokia has said, with an upgrade to optical transmission key to this. Network operators will go through a staged process of network virtualisation, slicing, and automation in the years towards 5G, Nokia has said, with an emphasis on upgrading optical transmission networks key to this. According to managing director of Nokia Oceania Ray Owen and Global VP of Nokia Optics Sam Bucci, Nokia is one of only two companies in the world that can offer an end-to-end solution across the whole network for this journey towards 5G -- which begins with the optical transmission backbone. "What we're seeing today is the need to do a massive infrastructure renewal, which is in the backbone of that network,". "The investment for 5G for us in Australia has started already, and it's mainly in this optical transport networking area ... behind every wireless netwo...

Microsoft releases emergency patch for 'crazy bad' Windows zero-day bug

Image
The vulnerability has been dubbed the worst Windows remote code execution flaw in recent memory. Microsoft has released a patch rapidly developed to combat a severe zero-day vulnerability discovered only days ago. Late Monday, the Redmond giant issued a security advisory for  CVE-2017-0290 , a remote code execution flaw impacting the Windows operating system.The security vulnerability was disclosed over the weekend by Google Project Zero security experts Natalie Silvanovich and Tavis Ormandy. On Twitter , prominent vulnerability hunter Ormandy revealed the existence of a zero-day flaw in Microsoft Malware Protection Engine (MsMpEng), used by Windows Defender and other security products. The researcher deemed the find a "crazy bad" bug which may be "the worst Windows remote code exec [execution flaw] in recent memory." Ormandy did not reveal anything else at the time, to give Microsoft time to fix the scripting engine memory corruption vulnerability aft...

Intel AMT vulnerability hits business chips from 2008 onwards

Image
Silicon giant releases new firmware to patch holes in separate management processor. Intel has  announced  its Active Management Technology (AMT), Standard Manageability (ISM), and Small Business Technology (SBT) firmware has been vulnerable to a pair of privilege escalation issues that could allow an attacker to remotely take control of a machine. The first, found on AMT and ISM units could allow a remote unprivileged attacker to "gain system privileges to provisioned [chips]," Intel said. The second would allow a local attacker to gain "unprivileged network or local system privileges" on chips with AMT, ISM, and SBT. Chips from Intel's 2008-released Nehalem architecture onwards are impacted by the vulnerabilities if they run manageability firmware between versions 6 and 11.6. "Intel highly recommends that the first step in all mitigation paths is to unprovision the Intel manageability SKU to address the network privilege escalation vulnerabili...